Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Google searches keep redirecting me to add sites.

This is a discussion on Google searches keep redirecting me to add sites. within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hi there, Whenever I use Google, or any other search engine for that matter, whenever I click on any link


 
 
Thread Tools Search this Thread
Old 08-24-2009, 02:29 AM   #1
Guest
 
Join Date: Aug 2009
Posts: 9
OS:



Hi there,

Whenever I use Google, or any other search engine for that matter, whenever I click on any link from that search engine I automatically get redirected to some other add site. I'm not sure if you can help, but if you could it would be much appreciated. Thanks!!

DDS (Ver_09-07-30.01) - NTFSx86
Run by Evan at 4:51:03.93 on Mon 08/24/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3069.1290 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.10\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\WinService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.10\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\Evan\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Evan\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070811
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070811
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.5.2.10\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.5.2.10\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.5.2.10\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Octoshape Streaming Services] "c:\users\evan\appdata\local\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\loadou~1.lnk - c:\program files\belkin\nostromo\nost_LM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.5.2.10\CoIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\evan\appdata\roaming\mozilla\firefox\profiles\zuldj411.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\evan\appdata\local\octoshape\octoshape streaming services\octoprogram-l03-nms0810164_sua_000\npoctoshape.dll
FF - plugin: c:\users\evan\appdata\roaming\mozilla\plugins\npoctoshape.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2007-10-22 21728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00a\SymEFA.sys [2009-8-18 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00a\BHDrvx86.sys [2009-8-18 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00a\cchpx86.sys [2009-8-18 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090810.001\IDSvix86.sys [2009-8-11 293424]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\3.5.2.10\ccSvcHst.exe [2009-8-18 117640]
R2 SCM_Service;SCM_Service;c:\windows\system32\WinService.exe [2007-10-22 180224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-17 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-30 101936]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-10-22 206336]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0305020.00a\symndisv.sys [2009-8-18 48688]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-23 22821]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-11 29744]

=============== Created Last 30 ================

2009-08-24 04:37 <DIR> --d----- c:\program files\Trend Micro
2009-08-24 04:36 396,288 a------- C:\HijackThis.exe
2009-08-23 08:23 <DIR> --d--r-- c:\program files\Norton Support
2009-08-19 21:24 <DIR> --d----- c:\programdata\Blizzard Entertainment
2009-08-19 21:24 <DIR> --d----- c:\progra~2\Blizzard Entertainment
2009-08-18 19:31 26,600 a----r-- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-11 13:57 71,680 a------- c:\windows\system32\atl.dll
2009-08-11 13:57 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-11 13:57 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-11 13:57 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-11 13:57 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-11 13:57 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-11 13:57 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-11 13:57 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-11 13:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-11 13:57 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-11 13:57 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-06 03:11 97,800 a------- c:\windows\system32\infocardapi.dll
2009-08-06 03:11 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-06 03:11 622,080 a------- c:\windows\system32\icardagt.exe
2009-08-06 03:11 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-08-06 03:11 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-08-06 03:11 11,264 a------- c:\windows\system32\icardres.dll
2009-08-06 03:11 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-08-06 03:11 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-08-06 03:02 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-06 03:01 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-06 03:01 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-06 03:01 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-06 03:01 83,968 a------- c:\windows\system32\mscories.dll

==================== Find3M ====================

2009-08-21 16:39 86,016 a------- c:\windows\inf\infstor.dat
2009-08-21 16:39 51,200 a------- c:\windows\inf\infpub.dat
2009-08-21 16:39 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-18 19:31 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 19:31 7,456 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-18 19:31 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-18 19:30 107,368 a----r-- c:\windows\system32\GEARAspi.dll
2009-08-18 15:31 25,648 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-07-18 12:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 05:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-06-15 11:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 11:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 11:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 08:52 289,792 a------- c:\windows\system32\atmfd.dll
2008-12-29 10:32 174 a--sh--- c:\program files\desktop.ini
2008-12-29 10:18 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-07 18:21 32 a------- c:\programdata\ezsid.dat
2008-01-07 18:21 32 a------- c:\progra~2\ezsid.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-11-22 17:30 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-11-22 17:30 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-11-22 17:30 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-08-11 13:15 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 4:54:13.56 ===============
Attached Files
File Type: zip Attach.zip (2.9 KB, 13 views)
Audrey88 is offline  
Sponsored Links
Advertisement
 
Old 08-24-2009, 06:12 AM   #2
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,478
OS: Vista, Linux Mint



hi.

Welcome to TSF once again.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe

-------------------------------------------------------------------------
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

-----------------------------------------------------------------------
I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

----------------------------------------------------------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

https://www.bleepingcomputer.com/comb...o-use-combofix


* You must rename it before saving it. Rename it from Combofix.exe to Combo-fix.exe . Save it to your desktop.


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can find instructions HERE.

Please include the C:\ComboFix.txt in your next reply for further review


Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 08-24-2009, 09:29 AM   #3
Guest
 
Join Date: Aug 2009
Posts: 9
OS:



Thanks for the quick reply! I've followed and read through very carefully each step/link you've given me, but I'm having problems running ComboFix.

I've disabled all of my firewalls, antispyware, autoprotect, and malware protection however whenever I run ComboFix I get to the step where it says "ComboFix is preparing to run." and then it just stops and closes.

The ComboFix Disclaimer is supposed to appear next but it never does. I cannot figure this one out, any ideas? Thanks!
Audrey88 is offline  
Sponsored Links
Advertisement
 
Old 08-24-2009, 09:44 AM   #4
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,478
OS: Vista, Linux Mint



hi.

Did you rename it before saving the file to your desktop?

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 08-24-2009, 06:48 PM   #5
Guest
 
Join Date: Aug 2009
Posts: 9
OS:



Yes, I did that but still it won't seem to work. I've tried restarted my computer numerous times, downloading it again to my desktop with another renamed name but it still just stops working and disappears after the "ComboFix is preparing to run." step.

I have no clue what the problem is, however I do notice that I'm unable to open up Norton after I attempt to run ComboFix, I'm not sure if this is related at all but I thought that I'd throw it out there.

Any ideas? =/
Audrey88 is offline  
Old 08-25-2009, 07:32 AM   #6
Guest
 
Join Date: Aug 2009
Posts: 9
OS:



Just a thought, do you think the fact I'm running Windows Vista has anything to do with the problem I'm experiencing?

I'm been trying to figure out this problem for at least 3+ hours but I cannot seem to find the answer anywhere on the internet as no one seems to be having the same problem as I am.

I am 100% sure I followed every direction correctly, is it possible that the malware on my computer is some how stopping it from working?

I appreciate the help a lot, I'm sorry if I seem terribly noobish but I honestly can't figure this one out. If you have AIM or MSN and want to talk on that for quicker reply's let me know, if not or if it's against forum policy then disregard that and I apologize for asking.
Audrey88 is offline  
Old 08-25-2009, 07:33 AM   #7
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,478
OS: Vista, Linux Mint



hi.

Quote:
Yes, I did that but still it won't seem to work. I've tried restarted my computer numerous times, downloading it again to my desktop with another renamed name but it still just stops working and disappears after the "ComboFix is preparing to run." step.
Ok. Something is stopping combofix to run. It might be the infection or security application.

We will try other method.

Quote:
I have no clue what the problem is, however I do notice that I'm unable to open up Norton after I attempt to run ComboFix, I'm not sure if this is related at all but I thought that I'd throw it out there.
We will check that one later. We will try to reinstall it if necessary.

Please proceed below.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------

Now reboot into Safe Mode with Networking
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode with networking.
-------------------------------------------------------------------------
  1. Please delete any copy of Combofix in your machine.

  2. Re-Download ComboFix from one of these locations: You must rename it before saving it. Save it to your desktop. Combofix to Combo-Fix .

    Link 1
    Link 2

    * IMPORTANT !!! Save the file to your Desktop

  3. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. You can find instructions HERE.


    WINDOWS DEFENDER
    • Click Vista Orb > All Programs > Windows Defender |or launch from the system tray icon.
    • Click on Tools & Settings > Options.
    • Under Real-time protection options, uncheck the "Real-time protection" check box.
    • Under administration options, uncheck "use Windows Defender"
    • Click Save.

  4. Double click on Combo-Fix.exe & follow the prompts.

    Make sure you install Recovery Console.

  5. Click on Yes, to continue scanning for malware.
    When it reboots, choose Normal mode.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 08-25-2009, 07:45 AM   #8
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,478
OS: Vista, Linux Mint



hi.
Quote:
Just a thought, do you think the fact I'm running Windows Vista has anything to do with the problem I'm experiencing?
Most often it affect. BUt our tool is already compatible with Vista. So no need to worry.

Quote:
I'm been trying to figure out this problem for at least 3+ hours but I cannot seem to find the answer anywhere on the internet as no one seems to be having the same problem as I am.

I am 100% sure I followed every direction correctly, is it possible that the malware on my computer is some how stopping it from working?
Let me do the researching and follow my instruction as instructed. If you will try to self fix your computer, it will just slow down our fixes because I will lose track on the logs.

Yes. Malware can stop security apps and our tools.

I know you want this get fixed but we need a handful of patience here.

Quote:
I appreciate the help a lot, I'm sorry if I seem terribly noobish but I honestly can't figure this one out. If you have AIM or MSN and want to talk on that for quicker reply's let me know, if not or if it's against forum policy then disregard that and I apologize for asking.
Our help and this forum was designed this ways. All help will be posted here so that others will learn from this log.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 08-25-2009, 08:28 AM   #9
Guest
 
Join Date: Aug 2009
Posts: 9
OS:



I'm having problems again running it this time. After the blue screen comes up saying "ComboFix is preparing to run.", it's followed by two lines repeated of "Access denied. Administrator permision are needed to use the seleted options. Use administrator prompt to complete these tasks." The disclaimer then comes up and the blue screen disapears, which I click Yes to, and then the blue screen comes up and then disapears again for good.

My account has administrator access which is why I'm confused, even when I go into control panal ---> users it shows I have Admin as there are no other users on the computer.

Is there something that I'm not doing correctly?
Audrey88 is offline  
Old 08-25-2009, 06:42 PM   #10
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,478
OS: Vista, Linux Mint



hi.

Quote:
My account has administrator access which is why I'm confused, even when I go into control panal ---> users it shows I have Admin as there are no other users on the computer
Even in admin account, You'll still get prompt if you want to run programs with higher privileges. Its normal. So calm down and relax.

Quote:
Is there something that I'm not doing correctly?
You are doing the instructions correctly Its just that the malware is stopping our CF.

Kindly do the instructions below.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------

Now reboot into Safe Mode with Networking
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode with networking.
-------------------------------------------------------------------------
  1. Please delete any copy of Combofix in your machine.

  2. Re-Download ComboFix from one of these locations: You must rename it before saving it. Save it to your desktop. Combofix to Combo-Fix .

    Link 1
    Link 2

    * IMPORTANT !!! Save the file to your Desktop

  3. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. You can find instructions HERE.


    WINDOWS DEFENDER
    • Click Vista Orb > All Programs > Windows Defender |or launch from the system tray icon.
    • Click on Tools & Settings > Options.
    • Under Real-time protection options, uncheck the "Real-time protection" check box.
    • Under administration options, uncheck "use Windows Defender"
    • Click Save.

  4. Double click on Combo-Fix.exe & follow the prompts.

  5. Click on Yes, to continue scanning for malware.
    When it reboots, choose Normal mode.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 08-26-2009, 03:52 AM   #11
Guest
 
Join Date: Aug 2009
Posts: 9
OS:



Yesterday afternoon I tried following all of those steps in Safe Mode with Networking but it still kept closing out just as it had all of the other times. I tried it a couple of times with the same result, however once I gave up and rebooted in Normal mode, I noticed that Internet Explorer would stop working and close out as soon as I opened it and Firefox would stop working and close out if I tried to do anything more complicated like logging onto these forums.

Anyway, just this morning I tried running ComboFix in Normal mode and to my suprise it actually worked this time - I did nothing different from previous attempts as far as I know.

It pretty close to immediately found some corrupted files which it told me to write down on a piece of paper before telling me to hit ok and it then rebooted my computer. Those files are:
C:\Windows\system32\drivers\kbiwkmbbrvpro.sys
C:\Windows\system32\drivers\kbiwkmtbddhtpp.dll
C:\Windows\system32\drivers\kbiwkmykxoyrnm.dat
C:\Windows\system32\drivers\kbiwkmmnxqrwcf.dll
C:\Windows\system32\drivers\kbiwkmcicsvdbt.dat

My computer then reboots and it then performs all of the steps which takes about 8-12 mins and then restarts again. Once it reboots, it tells me to wait for the log to come up before opening any programs. The log comes up and I'm very happy I finally got it to work, however, when I try to open up Firefox or Internet Explorer it tells me that they have been deleted. I then try opening up a bunch of different programs such as Microsoft Word, Ventrillo, Skype, etc all of which are also deleted.

I'm posting this reply from another computer so I am unable to attach the log.

I appreciate the help, thanks!
Audrey88 is offline  
Old 08-26-2009, 05:50 AM   #12
Guest
 
Join Date: Aug 2009
Posts: 9
OS:



Quick update:

I tried to copy the ComboFix log onto a flash drive but my computer would not recognize the flash drive at all. I went to shut down the computer to try and reboot it but when I clicked shut down I failed to notice the Windows update symbol on top of it so before shutting down it installed some updates.

I tried to start my computer back up again but not it won't start, all I see is a black screen with a blinking text cursor icon in the top lefthand corner of the screen. I know, I feel like an idiot. =/
Audrey88 is offline  
Old 08-26-2009, 08:05 AM   #13
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,478
OS: Vista, Linux Mint



hi Audrey.

Quote:
I feel like an idiot
You shouldn't. I ask you to please calm down. When you do our fixes and didn't fall according to plan , please let us know and don't try to run it anymore. Stop and ask.

I think this is a temporay glitch with Windows when you install the updates.


Did you shutdown your computer? If you didn't, shut it down and wait atleast 10 mins before your turn it on again?

Can you log in to Windows? If you are presented with loading options, try using
Last Good Know Configuration.

If it didn't, try booting in safe mode.

Let me know.

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 08-26-2009, 08:26 AM   #14
Guest
 
Join Date: Aug 2009
Posts: 9
OS:



Yes, you're right - it was only a temporary glitch. I just walked away from it as the black screen and now everything seems to be fine as I'm back on my regular computer now. All programs seem to be working fine now and my searches are no longer being redirected to ad sites so the problem seems to have been fixed and everything is working great. =]

I would like to thank you soo much for all of your help! You've been great and do this forum a great justice!

Just in case you wanted to look it over, I'll include the ComboFix.txt below:

ComboFix 09-08-25.04 - Evan 08/26/2009 6:02.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3069.2157 [GMT -4:00]
Running from: c:\users\Evan\Desktop\Combo-Fix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
PEV Error: CacheFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1738422755-998661840-641317060-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-2840170090-1985228003-3233439968-500
c:\users\Default\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
c:\users\Evan\ntuser.dat{a44205b6-d507-11dd-90a9-0019d1e45df1}.TMContainer00000000000000000001.regtrans-ms
c:\users\Evan\NTUSER.DAT{d8932e6c-6a6f-11db-b6ab-a038f15a5785}.TxR.0.regtrans-ms
c:\users\Evan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
c:\windows\run.log
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{d8932e65-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{d8932e61-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\config\systemprofile\ntuser.dat{caa62d47-7106-11db-8aac-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\drivers\kbiwkmbbrvupro.sys
c:\windows\system32\kbiwkmcicsvdbt.dat
c:\windows\system32\kbiwkmmnxqrwcf.dll
c:\windows\system32\kbiwkmtbddhtpp.dll
c:\windows\system32\kbiwkmykxoyrnm.dat
c:\users\Evan\ntuser.dat{e39acafa-d549-11dd-94ba-00184dba27cf}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{6e6f63e6-c4f0-11dc-b783-00184dba27cf}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{6e6f63e2-c4f0-11dc-b783-00184dba27cf}.TMContainer00000000000000000001.regtrans-ms . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmpvnwsdcv
-------\Legacy_kbiwkmpvnwsdcv


((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-26 10:11 . 2009-08-26 10:13 -------- d-----w- c:\users\Evan\AppData\Local\temp
2009-08-26 10:11 . 2009-08-26 10:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-26 07:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 02:47 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 02:47 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 23:32 . 2009-08-25 08:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090825.016\NAVENG.SYS
2009-08-25 23:32 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090825.016\NAVENG32.DLL
2009-08-25 23:32 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090825.016\NAVEX32A.DLL
2009-08-25 23:32 . 2009-08-25 08:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090825.016\NAVEX15.SYS
2009-08-25 23:32 . 2009-08-25 08:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090825.016\ECMSVR32.DLL
2009-08-25 23:32 . 2009-04-18 02:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090825.016\EECTRL.SYS
2009-08-25 23:32 . 2009-04-18 02:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090825.016\ERASER.SYS
2009-08-25 23:32 . 2009-04-18 02:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090825.016\CCERASER.DLL
2009-08-24 08:37 . 2009-08-24 08:37 -------- d-----w- c:\program files\Trend Micro
2009-08-24 08:36 . 2009-08-24 08:36 396288 ----a-w- C:\HijackThis.exe
2009-08-23 12:23 . 2009-08-23 12:23 -------- d-----r- c:\program files\Norton Support
2009-08-20 01:24 . 2009-08-20 01:24 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-18 23:31 . 2009-08-18 23:30 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-18 23:30 . 2009-08-18 19:31 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-08-12 02:31 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-12 02:31 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-12 02:31 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-12 02:31 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-12 02:31 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-11 17:57 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 17:57 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 17:57 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 17:57 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 17:57 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 17:57 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 17:57 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 17:57 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-06 07:11 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-06 07:11 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-06 07:11 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-06 07:11 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-06 07:11 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-06 07:11 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-06 07:11 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-06 07:02 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-06 07:01 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-06 07:01 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-06 07:01 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-06 07:01 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-30 23:46 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-30 23:46 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-30 23:46 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-30 23:46 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-30 23:46 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 05:12 . 2008-09-21 02:26 -------- d-----w- c:\programdata\Google Updater
2009-08-24 08:56 . 2007-11-25 00:03 -------- d-----w- c:\users\Evan\AppData\Roaming\uTorrent
2009-08-23 12:26 . 2009-04-18 02:00 -------- d-----w- c:\program files\Symantec
2009-08-18 23:31 . 2009-04-18 02:01 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-18 23:31 . 2009-04-18 02:00 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-18 23:31 . 2009-04-18 02:00 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-18 23:31 . 2009-04-18 02:00 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-18 23:30 . 2008-10-06 21:54 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-08-18 23:30 . 2009-04-18 02:02 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-08-18 19:31 . 2009-04-18 02:00 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-08-12 07:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-18 16:06 . 2009-07-28 22:13 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 22:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 22:13 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-09 09:33 . 2009-07-09 09:33 -------- d-----w- c:\programdata\WindowsSearch
2009-06-29 22:19 . 2009-06-29 22:19 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-29 22:19 . 2008-09-08 23:17 -------- d-----w- c:\program files\Common Files\Real
2009-06-15 15:24 . 2009-07-14 20:34 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-14 20:34 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-14 20:34 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-14 20:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-02 19:02 . 2009-06-02 19:02 390664 ----a-w- c:\users\Evan\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-04-01 02:47 . 2008-08-31 15:33 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-08-09 04:13 . 2008-08-09 04:13 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-08-11 17:15 . 2007-08-11 17:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-27 68856]
"Octoshape Streaming Services"="c:\users\Evan\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 156944]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-09 29744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-20 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-02 267048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 92704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-29 198160]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Loadout Manager.lnk - c:\program files\Belkin\Nostromo\nost_LM.exe [2003-6-24 442368]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2007-10-22 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{97228333-0C2D-4DC5-9226-65351809AF6B}"= TCP:67:DHCP Discovery Service
"{330CA966-6DD6-41B0-A334-019811B0582A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0125F46F-E44F-4824-A0BD-F923B05F82B4}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C44C2A4F-386E-474D-AD60-72E8E1552FCF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A84393EB-6052-4448-ADE1-BF1DAA1BD632}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5403EC4C-D546-4088-94CB-B57D35A1B519}"= UDP:c:\windows\System32\dlcjcoms.exe:Lexmark Communications System
"{5B7ED339-7821-46AC-88A0-A5B53B385D3D}"= TCP:c:\windows\System32\dlcjcoms.exe:Lexmark Communications System
"{4BA6BE11-FA34-49AB-A807-3BD2734E0EFC}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{EFEB724E-98AE-4C10-9F13-AFB4864C16AC}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{E6C9A4D1-E84F-4BB3-A549-806297247761}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{94A7CFD7-0D14-4730-9F8A-FC44701DB4E7}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{2FA77297-C2CB-4710-87A0-DB1AB0F26AD3}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5B18B1A2-C7B3-4007-BAF1-1AB648D79B3A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{2E9D62FE-875D-4ACE-B0A6-7934AAA4FC0A}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{21A39A87-91AA-46E5-B041-54D76B537B93}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{43A587B0-DEB2-4E82-BA18-275BA51C5702}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{569F09DA-4DD9-48AD-825A-74A94247D53A}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{6DD35953-9122-400E-BFD6-82CB8409290C}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{0DE77E3E-8776-4C63-8897-C11A80E0AE3E}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\System32\drivers\SCMNdisP.sys [10/22/2007 6:29 AM 21728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00A\SymEFA.sys [8/18/2009 7:31 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00A\BHDrvx86.sys [8/18/2009 7:31 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00A\cchpx86.sys [8/18/2009 7:31 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys [8/11/2009 10:31 PM 293424]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.5.2.10\ccSvcHst.exe [8/18/2009 7:30 PM 117640]
R2 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [10/22/2007 6:29 AM 180224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/17/2007 3:49 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/30/2009 2:57 AM 101936]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v2.sys [10/22/2007 6:29 AM 206336]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00A\symndisv.sys [8/18/2009 7:31 PM 48688]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\System32\drivers\bcgame.sys [7/23/2003 3:16 PM 22821]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/11/2007 5:43 AM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070811
FF - ProfilePath - c:\users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\zuldj411.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Evan\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
FF - plugin: c:\users\Evan\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-08-26 06:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Evan\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.5.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.5.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4160)
c:\program files\Belkin\Nostromo\nost_FSH.dll
c:\windows\System32\NLSData0009.dll
c:\windows\System32\NLSLexicons0009.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-08-26 6:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-26 10:21

Pre-Run: 11,622,092,800 bytes free
Post-Run: 11,758,403,584 bytes free

325 --- E O F --- 2009-08-26 07:03



Once again, thanks for everything!
Audrey88 is offline  
Old 08-26-2009, 09:22 AM   #15
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,478
OS: Vista, Linux Mint



hi.

We are not done yet.


Please uninstall the following. Using windows ADD/REMOVE program at the control panel.


Foistware
Viewpoint Media Player
- Viewpoint Media Player is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:
https://www.clickz.com/news/article.php/3561546


P2P program ( https://www.techsupportforum.com/f50/...ng-305923.html )

µTorrent



Outdated java runtimes: (Older versions have vulnerabilities that malicious sites can use to exploit and infect your system)

Java(TM) SE Runtime Environment 6

After you uninstall you outdated java, please download the Java(TM) 6 Update 15 here. Install it.

------------------------------------------------------------------------

Lets scan for any remnants.

Run ESET Online Scan

*Close any open programs
*Turn off the real time scanner of any existing antivirus program while performing the online scan. You can find the instructions You can find instructions HERE.


Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

-----------------------------------------------------------------------

In your reply, please post


ESET scan result


Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 08-26-2009, 12:13 PM   #16
Guest
 
Join Date: Aug 2009
Posts: 9
OS:



For some reason the log of the scan appears really blank, I'm unsure of what happened.

All that's in the log is:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

I know for a fact that I had all the right things ticked/unticked and the scan went through fine. Let me know if I should retry it. Thanks.
Audrey88 is offline  
Old 08-26-2009, 04:08 PM   #17
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,478
OS: Vista, Linux Mint



hi.

Try this one.

Kaspersky scan

*Close any open programs
*Turn off the real time scanner of any existing antivirus program while performing the online scan. You can find the instructions You can find instructions HERE.


Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 08-28-2009, 08:47 AM   #18
TSF Enthusiast
 
mas_pogi's Avatar
 
Join Date: Apr 2008
Location: Manila, PH
Posts: 1,478
OS: Vista, Linux Mint



hi.

Are you still with us?

Mark
__________________
To accomplish great things, we must not only act, but also dream; not only plan, but also believe.
If I have been helping you and do not reply within 24 hours, please send me a message.
I'm a member of U.N.I.T.E and A.S.A.P
mas_pogi is offline  
Old 09-04-2009, 06:01 AM   #19
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

https://www.techsupportforum.com/secu...oval-help.html
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:38 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts