Defense Center Malware

Status
Not open for further replies.
Hi.

I'm sorry about the delay.

I believe you have to activate Windows XP before you upgrade to Windows 7. To play it safe, keep the computer disconnected from any network until you have installed an anti-virus. You can activate by phone, then upgrade to "7" and then immediately install the anti-virus, preferably pre-downloaded to a cd. When you connect to the internet for the first time with the fresh install, please update the anti virus and Windows immediately.

I will try to reply more quickly if you have any further questions related to this problem. Please post back anyway to let me know so this thread can be closed.
 
Done With Reinstall + DDS report

Greetings, vict0r,

I have wiped and reinstalled / authenicated Win XP. Not in any hurry to do the install of the upgrade to Win 7. I have not yet reinstalled all my programs. Using Norton Security Suite provided by Comcast and the Malwarebytes program. Will be installing Spybot and WinP later today. I thought perhaps it might be wise to send you a new DDS report.

Please let me know if there is anything else I need to do; otherwise, I consider this thread completed.

Thank you again and again!
Janice :bigthumb:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Janice at 10:42:45.85 on Fri 08/06/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2701 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\OEM05Mon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Janice\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [OEM05Mon.exe] c:\windows\OEM05Mon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280882962062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280882953171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-8-3 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-8-3 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100719.001\BHDrvx86.sys [2010-7-19 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-8-3 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-8-3 116784]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-3 304464]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-8-3 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-3 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100805.004\IDSXpx86.sys [2010-8-6 331640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-3 20952]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100805.048\NAVENG.SYS [2010-8-6 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100805.048\NAVEX15.SYS [2010-8-6 1362608]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2010-8-3 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2010-8-3 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2010-8-3 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2010-8-3 31616]

=============== Created Last 30 ================

2010-08-06 14:42:59 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-06 14:42:59 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-08-04 03:25:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-04 03:25:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-04 03:18:01 0 d-----w- c:\windows\system32\Adobe
2010-08-04 02:53:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
2010-08-04 02:53:47 0 d-----w- c:\program files\common files\SureThing Shared
2010-08-04 02:53:14 0 d-----w- c:\program files\common files\Sonic Shared
2010-08-04 02:52:44 0 d-----w- c:\program files\Roxio
2010-08-04 02:50:52 0 d-----w- C:\MDT
2010-08-04 02:49:50 89088 ----a-w- c:\windows\system32\atl71.dll
2010-08-04 02:49:50 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2010-08-04 02:37:41 0 d-----w- c:\program files\Siber Systems
2010-08-04 02:29:05 0 d-----w- c:\docume~1\janice\applic~1\Malwarebytes
2010-08-04 02:28:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 02:28:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 02:28:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 02:28:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-04 02:17:57 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-08-04 02:17:57 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-08-04 02:17:47 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-04 02:17:47 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-04 02:16:24 0 d-----w- c:\program files\common files\CANON
2010-08-04 02:13:56 230912 ----a-w- c:\windows\system32\CNMLM9F.DLL
2010-08-04 02:13:44 98304 ----a-w- c:\windows\system32\CNC480I.DLL
2010-08-04 02:13:44 270336 ----a-w- c:\windows\system32\CNC480L.DLL
2010-08-04 02:13:44 188416 ----a-w- c:\windows\system32\CNC480O.DLL
2010-08-04 02:13:44 1339392 ----a-w- c:\windows\system32\CNC480C.DLL
2010-08-04 02:12:49 0 d-----w- c:\program files\Canon
2010-08-04 01:52:40 0 d-----w- c:\windows\system32\scripting
2010-08-04 01:52:39 0 d-----w- c:\windows\system32\en
2010-08-04 01:52:39 0 d-----w- c:\windows\system32\bits
2010-08-04 01:52:39 0 d-----w- c:\windows\l2schemas
2010-08-04 01:48:41 0 d-----w- c:\windows\network diagnostic
2010-08-04 00:59:19 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-04 00:59:19 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-08-04 00:59:17 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-08-04 00:59:12 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-08-04 00:59:12 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-08-04 00:59:06 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-08-04 00:57:41 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-08-04 00:53:06 0 d-----w- c:\windows\system32\PreInstall
2010-08-04 00:49:38 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-08-04 00:49:38 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-08-04 00:49:38 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-08-04 00:49:38 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-08-04 00:49:38 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-08-04 00:40:20 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-04 00:40:20 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-08-04 00:40:16 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-04 00:40:16 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-04 00:40:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-04 00:40:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-04 00:40:16 0 d-----w- c:\program files\Symantec
2010-08-04 00:40:16 0 d-----w- c:\program files\common files\Symantec Shared
2010-08-04 00:40:02 0 d-----w- c:\windows\system32\drivers\N360
2010-08-04 00:40:01 0 d-----w- c:\program files\Norton Security Suite
2010-08-04 00:39:54 0 d-----w- c:\program files\NortonInstaller
2010-08-04 00:39:54 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-08-04 00:32:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-08-04 00:14:49 0 d-sh--w- c:\documents and settings\janice\UserData
2010-08-03 23:57:07 990 ----a-w- C:\net_save.dna
2010-08-03 23:56:28 0 d-----w- c:\program files\support.com
2010-08-03 23:05:27 876544 ----a-w- c:\windows\system32\TEACico2.dll
2010-08-03 23:03:12 0 d-----w- c:\program files\common files\Logitech
2010-08-03 23:01:34 76 --sh--r- c:\windows\CT4CET.bin
2010-08-03 23:01:11 0 d-----w- c:\program files\common files\Reallusion
2010-08-03 23:00:56 0 d-----w- c:\program files\common files\Creative
2010-08-03 23:00:15 0 d-----w- c:\program files\Creative Live! Cam
2010-08-03 22:59:57 0 d-----w- c:\program files\Creative
2010-08-03 22:57:14 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-03 22:55:31 0 d-----w- c:\program files\ATI Technologies
2010-08-03 22:22:21 0 d-----w- c:\program files\NetWaiting
2010-08-03 22:21:47 0 d-----w- c:\program files\Digital Line Detect
2010-08-03 22:19:49 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2010-08-03 22:19:49 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2010-08-03 22:19:48 0 d-----w- c:\windows\system32\Lang
2010-08-03 22:18:01 0 d-----w- c:\program files\Realtek
2010-08-03 22:17:56 520192 ----a-w- c:\windows\RtlExUpd.dll
2010-08-03 22:17:56 315392 ----a-w- c:\windows\HideWin.exe
2010-08-03 22:17:14 1904 ------w- c:\windows\system32\SetupBD.din
2010-08-03 22:16:29 66424 ----a-w- c:\windows\system32\NicEtCoE.dll
2010-08-03 22:16:29 62840 ----a-w- c:\windows\system32\NicInstE.dll
2010-08-03 22:16:29 2889 ----a-w- c:\windows\system32\e1e5132.din
2010-08-03 22:16:29 28536 ----a-w- c:\windows\system32\NicCo.dll
2010-08-03 22:16:29 254872 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2010-08-03 22:16:29 179048 ----a-w- c:\windows\system32\e1000msg.dll
2010-08-03 22:16:29 154496 ----a-w- c:\windows\system32\Prounstl.exe
2010-08-03 22:14:07 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-08-03 22:03:30 0 d-----w- c:\windows\system32\ReinstallBackups
2010-08-03 22:03:21 0 d-----w- C:\Intel
2010-08-03 21:57:47 0 d-----w- c:\program files\Dell Support Center
2010-08-03 21:57:47 0 d-----w- c:\program files\common files\supportsoft
2010-08-03 21:55:01 0 d-----w- c:\program files\Dell
2010-08-03 21:48:12 0 d-sh--w- c:\documents and settings\all users\DRM
2010-08-03 21:48:00 0 d--h--w- c:\program files\WindowsUpdate
2010-08-03 21:47:23 0 d-----w- c:\program files\common files\MSSoap
2010-08-03 21:46:24 0 d-----w- c:\program files\Online Services
2010-08-03 21:46:20 0 d-----w- c:\program files\Messenger
2010-08-03 21:46:18 0 d-----w- c:\program files\MSN Gaming Zone
2010-08-03 21:45:52 0 d-----w- c:\program files\Windows NT
2010-08-03 16:37:53 0 d-----w- c:\program files\common files\ODBC
2010-08-03 16:37:51 0 d-----w- c:\program files\common files\SpeechEngines
2010-08-03 16:37:35 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-08-03 23:03:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-08-03 23:03:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-08-03 21:58:36 5 ----a-w- c:\windows\system32\drivers\DELL_INS_530.MRK
2010-08-03 21:58:36 5 ----a-w- c:\windows\system32\drivers\1028_DELL_INS_530.MRK
2010-08-03 21:46:41 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 10:43:05.25 ===============
 
Please note the following:

  • When using Teatimer (part of Spybot S&D), then do not use Winpatrol. They do not work well together.
  • If you definitely want to upgrade to Windows 7, then I believe it's better to do it as soon as possible to ensure software compatibility.

Good luck and stay safe online. :)
 
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
Status
Not open for further replies.
Back
Top