PDA

View Full Version : Two threats unable to remove



ftwilson
2010-10-15, 03:54
I'm sorry this is my first post, please forgive me if I do it wrong.

Cannot remove:
Fraud.WindowsProtectionSuite
Microsoft.Windows.RedirectedHosts


DDS (Ver_10-10-10.03) - NTFSx86
Run by Janice at 16:51:00.76 on Thu 10/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.462 [GMT -8:00]

AV: Smart Engine *On-access scanning enabled* (Updated) {612F2188-7BCD-4059-BB11-733307F47813}
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Smart Engine *enabled* {AE61382B-3C9E-4A02-8BB4-EA9CC9EEBF07}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Janice\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title =
mWindow Title =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\4.3.0.5\coIEPlg.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\janice\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1286784124609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283149629921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {B471173C-15F5-4148-A484-84FBC9402DA0} = 204.17.139.2 209.112.128.2
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 secure-plus-payments.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-13 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-13 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-2 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-13 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-13 116784]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-11 54760]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\4.3.0.5\ccsvchst.exe [2010-10-13 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101012.001\IDSXpx86.sys [2010-9-15 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101014.008\NAVENG.SYS [2010-10-14 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101014.008\NAVEX15.SYS [2010-10-14 1371184]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-12 136176]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]

=============== Created Last 30 ================

2010-10-14 04:00:22 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-10-14 03:54:19 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
2010-10-14 03:54:19 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2010-10-14 03:54:19 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2010-10-14 03:54:19 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2010-10-14 03:54:18 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2010-10-14 03:54:18 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2010-10-14 03:54:18 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2010-10-14 03:54:18 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2010-10-14 03:53:56 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2010-10-14 03:40:29 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-14 03:40:29 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-14 03:40:19 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-14 03:40:19 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-14 03:40:19 -------- d-----w- c:\program files\Symantec
2010-10-14 03:40:19 -------- d-----w- c:\program files\common files\Symantec Shared
2010-10-14 03:39:49 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-14 03:39:47 -------- d-----w- c:\program files\Norton 360 Premier Edition
2010-10-14 03:33:01 -------- d-----w- c:\program files\NortonInstaller
2010-10-14 03:33:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-10-14 03:16:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-10-13 15:48:02 -------- d-sh--w- c:\docume~1\janice\applic~1\Smart Engine
2010-10-13 15:47:53 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SMSGE
2010-10-13 15:46:58 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\74807e
2010-10-13 00:28:37 -------- d-----w- c:\windows\system32\winrm
2010-10-13 00:28:37 -------- d-----w- c:\windows\system32\GroupPolicy
2010-10-13 00:28:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-10-12 10:00:30 -------- d-----w- c:\docume~1\janice\locals~1\applic~1\Google
2010-10-11 09:01:01 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-11 09:00:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-11 08:59:31 -------- d-----w- c:\windows\system32\LogFiles
2010-10-11 08:26:21 -------- d-----w- c:\documents and settings\janice\Tracing
2010-10-11 08:25:15 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-10-11 08:24:00 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-11 08:23:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-11 08:22:52 -------- d-----w- c:\program files\Microsoft
2010-10-11 08:22:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-11 08:21:54 4927864 ----a-w- c:\program files\common files\windows live\.cache\5cc999381cb691d\Silverlight.2.0.exe
2010-10-11 08:16:04 74520 ----a-w- c:\program files\common files\windows live\.cache\8c24af2a1cb691c\DSETUP.dll
2010-10-11 08:16:04 484632 ----a-w- c:\program files\common files\windows live\.cache\8c24af2a1cb691c\DXSETUP.exe
2010-10-11 08:16:04 1670936 ----a-w- c:\program files\common files\windows live\.cache\8c24af2a1cb691c\dsetup32.dll
2010-10-11 08:15:28 1013800 ----a-w- c:\program files\common files\windows live\.cache\76b449de1cb691c\WindowsXP-KB954708-x86-ENU.exe
2010-10-11 08:06:48 -------- d-----w- c:\program files\common files\Windows Live
2010-10-11 07:12:00 -------- d-----w- c:\docume~1\janice\applic~1\ElevatedDiagnostics
2010-10-11 06:55:26 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-11 06:55:26 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-10-11 03:43:30 -------- d-----w- c:\docume~1\janice\applic~1\Malwarebytes
2010-10-11 03:43:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 03:43:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-11 03:43:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 03:43:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 03:36:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-11 03:36:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2010-09-18 20:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 05:33:08 0 ----a-w- c:\windows\invcol.tmp
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-17 13:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 10:42:29 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 16:52:12.10 ===============

Blade81
2010-10-18, 22:23
Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

ftwilson
2010-10-19, 08:45
Attachments as requested.

Blade81
2010-10-19, 11:40
Hi,

Please copy-paste logs when possible instead of attaching them as files. You included ComboFix log twice but dds.txt is missing. Please copy-paste fresh dds log contents.

ftwilson
2010-10-19, 11:45
Oh I'm sorry, will remember that. :) New DDS attached...


DDS (Ver_10-10-10.03) - NTFSx86
Run by Janice at 0:42:15.06 on Tue 10/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.329 [GMT -8:00]

AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Janice\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWindow Title =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\4.3.0.5\coIEPlg.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1286784124609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283149629921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {B471173C-15F5-4148-A484-84FBC9402DA0} = 204.17.139.2 209.112.128.2
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-13 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-13 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-2 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-13 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-13 116784]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-11 54760]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\4.3.0.5\ccsvchst.exe [2010-10-13 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101015.005\IDSXpx86.sys [2010-10-13 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101018.021\NAVENG.SYS [2010-10-18 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101018.021\NAVEX15.SYS [2010-10-18 1371184]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-12 136176]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]

=============== Created Last 30 ================

2010-10-19 05:30:52 -------- d-sha-r- C:\cmdcons
2010-10-19 05:29:23 98816 ----a-w- c:\windows\sed.exe
2010-10-19 05:29:23 77312 ----a-w- c:\windows\MBR.exe
2010-10-19 05:29:23 256512 ----a-w- c:\windows\PEV.exe
2010-10-19 05:29:23 161792 ----a-w- c:\windows\SWREG.exe
2010-10-18 09:17:09 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-10-18 09:17:09 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-10-18 09:17:06 -------- d-----w- c:\program files\SpywareBlaster
2010-10-18 09:04:08 -------- d-----w- c:\program files\MSN Toolbar
2010-10-18 09:01:30 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-10-18 02:05:00 -------- d-----w- c:\docume~1\janice\locals~1\applic~1\Temp
2010-10-14 04:00:22 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-10-14 03:54:19 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
2010-10-14 03:54:19 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2010-10-14 03:54:19 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2010-10-14 03:54:19 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2010-10-14 03:54:18 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2010-10-14 03:54:18 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2010-10-14 03:54:18 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2010-10-14 03:54:18 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2010-10-14 03:53:56 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2010-10-14 03:40:29 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-14 03:40:29 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-14 03:40:19 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-14 03:40:19 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-14 03:40:19 -------- d-----w- c:\program files\Symantec
2010-10-14 03:40:19 -------- d-----w- c:\program files\common files\Symantec Shared
2010-10-14 03:39:49 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-14 03:39:47 -------- d-----w- c:\program files\Norton 360 Premier Edition
2010-10-14 03:33:01 -------- d-----w- c:\program files\NortonInstaller
2010-10-14 03:33:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-10-14 03:16:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-10-13 15:47:53 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SMSGE
2010-10-13 15:46:58 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\74807e
2010-10-13 00:28:37 -------- d-----w- c:\windows\system32\winrm
2010-10-13 00:28:37 -------- d-----w- c:\windows\system32\GroupPolicy
2010-10-13 00:28:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-10-12 10:00:30 -------- d-----w- c:\docume~1\janice\locals~1\applic~1\Google
2010-10-11 09:01:01 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-11 09:00:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-11 08:59:31 -------- d-----w- c:\windows\system32\LogFiles
2010-10-11 08:26:21 -------- d-----w- c:\documents and settings\janice\Tracing
2010-10-11 08:25:15 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-10-11 08:24:00 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-11 08:23:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-11 08:22:52 -------- d-----w- c:\program files\Microsoft
2010-10-11 08:22:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-11 08:21:54 4927864 ----a-w- c:\program files\common files\windows live\.cache\5cc999381cb691d\Silverlight.2.0.exe
2010-10-11 08:16:04 74520 ----a-w- c:\program files\common files\windows live\.cache\8c24af2a1cb691c\DSETUP.dll
2010-10-11 08:16:04 484632 ----a-w- c:\program files\common files\windows live\.cache\8c24af2a1cb691c\DXSETUP.exe
2010-10-11 08:16:04 1670936 ----a-w- c:\program files\common files\windows live\.cache\8c24af2a1cb691c\dsetup32.dll
2010-10-11 08:15:28 1013800 ----a-w- c:\program files\common files\windows live\.cache\76b449de1cb691c\WindowsXP-KB954708-x86-ENU.exe
2010-10-11 08:06:48 -------- d-----w- c:\program files\common files\Windows Live
2010-10-11 07:12:00 -------- d-----w- c:\docume~1\janice\applic~1\ElevatedDiagnostics
2010-10-11 06:55:26 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-11 06:55:26 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-10-11 03:43:30 -------- d-----w- c:\docume~1\janice\applic~1\Malwarebytes
2010-10-11 03:43:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 03:43:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-11 03:43:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 03:43:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 03:36:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-11 03:36:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2010-09-18 20:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 12:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 10:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 05:33:08 0 ----a-w- c:\windows\invcol.tmp
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 0:43:08.53 ===============

Blade81
2010-10-19, 15:45
Hi again,

Open notepad and copy/paste the text in the quotebox below into it:



DirLook::
c:\documents and settings\All Users\Application Data\SMSGE
c:\documents and settings\All Users\Application Data\74807e
DDS::
mWindow Title =
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.



Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

After those steps, update MBAM and run a full scan with it (remove found items). Post back the results.

ftwilson
2010-10-20, 07:16
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, October 19, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 19, 2010 15:23:45
Records in database: 4186104


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area Critical areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Janice\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Objects scanned 22831
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 00:57:11

No threats found. Scanned area is clean.
Selected area has been scanned.


DDS (Ver_10-10-10.03) - NTFSx86
Run by Janice at 20:08:47.35 on Tue 10/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.701 [GMT -8:00]

AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Janice\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
c:\documents and settings\janice\local settings\temp\bb.tmp\temp00
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1286784124609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283149629921
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {B471173C-15F5-4148-A484-84FBC9402DA0} = 204.17.139.2 209.112.128.2
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-13 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-13 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-2 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-13 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-13 116784]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-10-11 54760]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\4.3.0.5\ccsvchst.exe [2010-10-13 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101015.005\IDSXpx86.sys [2010-10-13 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101018.054\NAVENG.SYS [2010-10-19 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101018.054\NAVEX15.SYS [2010-10-19 1371184]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-12 136176]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]

=============== Created Last 30 ================

2010-10-19 05:30:52 -------- d-sha-r- C:\cmdcons
2010-10-19 05:29:23 98816 ----a-w- c:\windows\sed.exe
2010-10-19 05:29:23 77312 ----a-w- c:\windows\MBR.exe
2010-10-19 05:29:23 256512 ----a-w- c:\windows\PEV.exe
2010-10-19 05:29:23 161792 ----a-w- c:\windows\SWREG.exe
2010-10-18 09:17:09 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-10-18 09:17:09 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-10-18 09:17:06 -------- d-----w- c:\program files\SpywareBlaster
2010-10-18 09:04:08 -------- d-----w- c:\program files\MSN Toolbar
2010-10-18 09:01:30 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-10-18 02:05:00 -------- d-----w- c:\docume~1\janice\locals~1\applic~1\Temp
2010-10-14 04:00:22 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-10-14 03:54:19 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdi.sys
2010-10-14 03:54:19 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtdiv.sys
2010-10-14 03:54:19 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds.sys
2010-10-14 03:54:19 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symefa.sys
2010-10-14 03:54:18 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys
2010-10-14 03:54:18 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtspx.sys
2010-10-14 03:54:18 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp.sys
2010-10-14 03:54:18 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx86.sys
2010-10-14 03:53:56 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2010-10-14 03:40:29 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-14 03:40:29 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-14 03:40:19 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-14 03:40:19 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-14 03:40:19 -------- d-----w- c:\program files\Symantec
2010-10-14 03:40:19 -------- d-----w- c:\program files\common files\Symantec Shared
2010-10-14 03:39:49 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-14 03:39:47 -------- d-----w- c:\program files\Norton 360 Premier Edition
2010-10-14 03:33:01 -------- d-----w- c:\program files\NortonInstaller
2010-10-14 03:33:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-10-14 03:16:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-10-13 15:47:53 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SMSGE
2010-10-13 15:46:58 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\74807e
2010-10-13 00:28:37 -------- d-----w- c:\windows\system32\winrm
2010-10-13 00:28:37 -------- d-----w- c:\windows\system32\GroupPolicy
2010-10-13 00:28:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-10-12 10:00:30 -------- d-----w- c:\docume~1\janice\locals~1\applic~1\Google
2010-10-11 09:01:01 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-11 09:00:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-11 08:59:31 -------- d-----w- c:\windows\system32\LogFiles
2010-10-11 08:26:21 -------- d-----w- c:\documents and settings\janice\Tracing
2010-10-11 08:25:15 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-10-11 08:24:00 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-11 08:23:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-11 08:22:52 -------- d-----w- c:\program files\Microsoft
2010-10-11 08:22:35 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-11 08:21:54 4927864 ----a-w- c:\program files\common files\windows live\.cache\5cc999381cb691d\Silverlight.2.0.exe
2010-10-11 08:16:04 74520 ----a-w- c:\program files\common files\windows live\.cache\8c24af2a1cb691c\DSETUP.dll
2010-10-11 08:16:04 484632 ----a-w- c:\program files\common files\windows live\.cache\8c24af2a1cb691c\DXSETUP.exe
2010-10-11 08:16:04 1670936 ----a-w- c:\program files\common files\windows live\.cache\8c24af2a1cb691c\dsetup32.dll
2010-10-11 08:15:28 1013800 ----a-w- c:\program files\common files\windows live\.cache\76b449de1cb691c\WindowsXP-KB954708-x86-ENU.exe
2010-10-11 08:06:48 -------- d-----w- c:\program files\common files\Windows Live
2010-10-11 07:12:00 -------- d-----w- c:\docume~1\janice\applic~1\ElevatedDiagnostics
2010-10-11 06:55:26 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-11 06:55:26 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-10-11 03:43:30 -------- d-----w- c:\docume~1\janice\applic~1\Malwarebytes
2010-10-11 03:43:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 03:43:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-11 03:43:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 03:43:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 03:36:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-11 03:36:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2010-09-18 20:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 12:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 10:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-30 05:33:08 0 ----a-w- c:\windows\invcol.tmp
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 20:09:46.21 ===============

ComboFix 10-10-18.03 - Janice 10/19/2010 4:57.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.505 [GMT -8:00]
Running from: c:\documents and settings\Janice\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Janice\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))
.

2010-10-18 18:55 . 2010-10-18 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-10-18 09:17 . 2010-10-18 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-18 09:17 . 2010-01-11 03:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-10-18 09:17 . 2010-01-11 03:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-10-18 09:17 . 2010-10-18 09:21 -------- d-----w- c:\program files\SpywareBlaster
2010-10-18 09:04 . 2010-10-18 09:04 -------- d-----w- c:\program files\MSN Toolbar
2010-10-18 09:01 . 2010-10-18 09:04 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-10-18 02:05 . 2010-10-18 02:05 -------- d-----w- c:\documents and settings\Janice\Local Settings\Application Data\Temp
2010-10-15 00:42 . 2010-10-15 00:50 -------- d-----w- c:\program files\ERUNT
2010-10-14 23:24 . 2010-10-14 23:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-14 04:00 . 2010-10-14 04:00 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-10-14 03:40 . 2009-05-18 21:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-14 03:40 . 2008-04-17 20:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-14 03:40 . 2010-10-14 04:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-14 03:40 . 2010-10-14 03:40 -------- d-----w- c:\program files\Symantec
2010-10-14 03:40 . 2010-10-14 03:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-14 03:40 . 2010-10-14 03:40 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-14 03:39 . 2010-10-14 03:57 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-14 03:39 . 2010-10-14 03:39 -------- d-----w- c:\program files\Norton 360 Premier Edition
2010-10-14 03:39 . 2010-10-14 03:39 -------- d-----w- c:\program files\Windows Sidebar
2010-10-14 03:33 . 2010-10-14 03:33 -------- d-----w- c:\program files\NortonInstaller
2010-10-14 03:16 . 2010-10-14 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-10-13 15:47 . 2010-10-13 15:47 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMSGE
2010-10-13 15:46 . 2010-10-14 02:57 -------- d-sh--w- c:\documents and settings\All Users\Application Data\74807e
2010-10-13 00:28 . 2010-10-13 00:28 -------- d-----w- c:\windows\system32\winrm
2010-10-13 00:28 . 2010-10-13 00:28 -------- d-----w- c:\windows\system32\GroupPolicy
2010-10-13 00:28 . 2010-10-13 00:28 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-10-12 10:05 . 2010-10-12 10:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-10-12 10:00 . 2010-10-12 10:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-10-12 10:00 . 2010-10-12 10:01 -------- d-----w- c:\documents and settings\Janice\Local Settings\Application Data\Google
2010-10-12 10:00 . 2010-10-12 10:00 -------- d-----w- c:\program files\Google
2010-10-11 09:26 . 2008-04-14 07:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-10-11 09:01 . 2008-04-14 07:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-11 09:00 . 2010-10-11 09:00 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-11 08:59 . 2010-10-11 09:00 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-10-11 08:59 . 2010-10-11 08:59 -------- d-----w- c:\windows\system32\LogFiles
2010-10-11 08:26 . 2010-10-19 06:24 -------- d-----w- c:\documents and settings\Janice\Tracing
2010-10-11 08:25 . 2010-10-11 08:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-11 08:25 . 2010-04-28 15:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-10-11 08:25 . 2010-10-14 03:40 -------- dc----w- c:\windows\system32\DRVSTORE
2010-10-11 08:24 . 2010-10-11 08:24 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-10-11 08:24 . 2010-10-11 08:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-11 08:24 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-11 08:23 . 2010-10-11 08:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-11 08:22 . 2010-10-11 08:22 -------- d-----w- c:\program files\Microsoft
2010-10-11 08:22 . 2010-10-11 08:22 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-11 08:22 . 2010-10-11 08:25 -------- d-----w- c:\program files\Windows Live
2010-10-11 08:06 . 2010-10-11 08:06 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-11 07:59 . 2010-10-11 07:59 -------- d-----w- c:\windows\Sun
2010-10-11 07:59 . 2010-10-11 07:59 -------- d-----w- c:\program files\Common Files\Java
2010-10-11 07:12 . 2010-10-11 07:12 -------- d-----w- c:\documents and settings\Janice\Application Data\ElevatedDiagnostics
2010-10-11 06:55 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-11 03:43 . 2010-10-11 03:43 -------- d-----w- c:\documents and settings\Janice\Application Data\Malwarebytes
2010-10-11 03:43 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 03:43 . 2010-10-11 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-11 03:43 . 2010-10-11 03:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-11 03:43 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 03:36 . 2010-10-14 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-11 03:36 . 2010-10-14 17:46 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\74807e ----


---- Directory of c:\documents and settings\All Users\Application Data\SMSGE ----

2010-10-13 15:47 . 2010-10-14 02:51 24536 --sha-w- c:\documents and settings\All Users\Application Data\SMSGE\SMNHDZJNSE.cfg


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-03 4800512]
"nwiz"="nwiz.exe" [2003-11-03 323584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/13/2010 7:54 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/13/2010 7:54 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [10/2/2010 12:00 AM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/13/2010 7:54 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/13/2010 7:54 PM 116784]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe [10/13/2010 7:54 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/13/2010 7:44 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101015.005\IDSXpx86.sys [10/13/2010 11:59 AM 341880]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 2:00 AM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/13/2008 11:00 PM 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SEAPORT

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 10:00]

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 10:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {B471173C-15F5-4148-A484-84FBC9402DA0} = 204.17.139.2 209.112.128.2
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1688)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-19 05:04:45
ComboFix-quarantined-files.txt 2010-10-19 13:04
ComboFix2.txt 2010-10-19 05:39

Pre-Run: 239,107,776,512 bytes free
Post-Run: 239,110,942,720 bytes free

- - End Of File - - 163FD67571E86732EC84D76281AB66A8

Blade81
2010-10-20, 08:03
Hi,

Delete these folders if found:
c:\documents and settings\All Users\Application Data\SMSGE
c:\documents and settings\All Users\Application Data\74807e

Any issues left?

ftwilson
2010-10-20, 08:41
I found deleted said folders, no other issues that I know of... Thank you!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4887

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/19/2010 9:32:56 PM
mbam-log-2010-10-19 (21-32-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 158862
Time elapsed: 36 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Blade81
2010-10-20, 19:39
If no other problems, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK



Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.


hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

ftwilson
2010-10-21, 02:49
Hi Blade,

I have done all you recommended and I think my machine is finally good to go. I really appreciate all your help. :)

Frances

Blade81
2010-10-21, 07:41
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.