What the Tech logo

What the Tech? It's as easy as 1,2,3! ( Log In | Register )

Easy as 1,2,3!
7 Pages V   1 2 3 > »   
 Closed TopicStart new topic
> [Closed] Possible malware (Google redirects when clicked on a pag
masterarchitect
post Jul 3 2009, 03:09 AM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 55
Joined: 20-March 07
Member No.: 68,926
Operating System: Windows XP



Hi there I've got two computer problems. One is my laptop.... it has been getting weird page redirects from Google whenever I searched for a page and clicked on what I want but it redirects to some other page (for example I clicked on a Spybot help forum but I got redirected to Spybot's own page for no reason). My second problem is my desktop computer where I got some popups from IE (even though I use Firefox and never touched IE) where it auto installs something that triggers opening IE and going into some online game page. Then when I tried updating Spybot, it says and error retrieving info date (or something like that) and when I tried going to Spybot's page, the page returned null (most likely blocked). It even cut off my internet access to other security sites. I think it has to do something with my Flash drive when I used it on previous occasions. I could not open Spybot on my desktop either... could it be blocked too? Could not find Hijack This on my desktop and can't transfer a new version to install from my laptop to my desktop either. Your help is greatly appreciated ( A BIG HEADACHE!!!!!)

Here is the log from my laptop.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:35 AM, on 03/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sgicanada.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AcPePropertyEditorEnum] regsvr32 /s /u "C:\Users\Gent\AppData\Local\AcPePropertyEditorEnum\AcPePropertyEditorEnum.dll"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9332 bytes


Thank you.
Go to the top of the page
 
+Quote Post
masterarchitect
post Jul 5 2009, 05:00 PM
Post #2


Authentic Member
**

Group: Authentic Member
Posts: 55
Joined: 20-March 07
Member No.: 68,926
Operating System: Windows XP



Can anybody please help me on this? Thank you. happy.gif
Go to the top of the page
 
+Quote Post
CatByte
post Jul 5 2009, 07:05 PM
Post #3


Classroom Administrator Assistant
Group Icon

Group: Classroom Teacher
Posts: 6,930
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Hi and Welcome,

NOTE:
  • Malware removal is NOT instantaneous, most infections require more than one round to properly eradicate.
  • Absence of symptoms does not always mean the job is complete, you can be certain that I will advise you when the computer is clean.
  • Kindly follow my instructions in the order posted.
  • Please DO NOT run any scans or fix items without my direction.




Please do the following:

STEP #1

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



STEP #2



Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


NOTE: I will likely require you to do these exact scans on your desktop too, but lets work on them one at a time, so don't run any scans on the desktop till the laptop is clean.
Thanks
~CB
Go to the top of the page
 
+Quote Post
masterarchitect
post Jul 6 2009, 02:42 AM
Post #4


Authentic Member
**

Group: Authentic Member
Posts: 55
Joined: 20-March 07
Member No.: 68,926
Operating System: Windows XP



I am posting and attaching the results from the Step 1 scan. Please have a look. I tried uploading a zip file of the Attach log but I was disallowed. What are other methods of uploading that attach log?? I also attached the Attach.txt (as per instructed) in it's original txt file. Thanks so much for replying!

DDS (Ver_09-06-26.01) - NTFSx86
Run by Gent at 1:21:59.44 on 06/07/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.2.1033.18.2814.1664 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gent\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sgicanada.org/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AcPePropertyEditorEnum] regsvr32 /s /u "c:\users\gent\appdata\local\acpepropertyeditorenum\AcPePropertyEditorEnum.dll"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\gent\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\gent\appdata\roaming\mozilla\firefox\profiles\l5skqxo9.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - www.sgicanada.org
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-5-21 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-5-21 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-5-21 482352]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090625.003\IDSvix86.sys [2009-6-30 292912]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-5-21 115560]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-25 365952]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-25 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-20 101936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1005000.087\symndisv.sys [2009-5-21 39984]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-5 1153368]

=============== Created Last 30 ================

2009-07-05 09:07 <DIR> --d----- c:\users\gent\appdata\roaming\Malwarebytes
2009-07-05 09:07 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-05 09:07 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-05 01:33 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-07-05 01:33 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-05 01:33 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-05 01:05 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-05 00:50 161,792 a------- c:\windows\SWREG.exe
2009-07-05 00:50 155,136 a------- c:\windows\PEV.exe
2009-07-05 00:50 98,816 a------- c:\windows\sed.exe
2009-07-05 00:50 <DIR> --ds---- C:\ComboFix
2009-07-03 09:12 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-03 00:56 <DIR> --d----- c:\program files\Trend Micro
2009-07-02 23:56 <DIR> a-dshr-- C:\autorun.inf
2009-07-02 19:36 1,645,568 a------- c:\windows\system32\connect.dll
2009-06-23 11:37 <DIR> --d----- c:\program files\common files\Adobe Systems Shared
2009-06-16 01:55 <DIR> --d----- c:\users\gent\appdata\roaming\YoudaGames
2009-06-16 00:33 <DIR> --d----- c:\windows\Youda Marina
2009-06-16 00:33 <DIR> --d----- c:\program files\Youda Marina
2009-06-15 00:55 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-09 19:11 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-09 19:11 636,928 a------- c:\windows\system32\localspl.dll
2009-06-09 19:11 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-09 12:00 <DIR> --d----- c:\programdata\Grass Valley
2009-06-09 12:00 <DIR> --d----- c:\progra~2\Grass Valley
2009-06-09 11:12 8,405,015 a------- c:\windows\TempFile
2009-06-09 11:11 685,056 a------- c:\windows\system32\drivers\hardlock.sys
2009-06-09 11:11 69,632 a------- c:\windows\system32\cdv5codc.dll
2009-06-09 11:11 49,152 a------- c:\windows\system32\cvpcdvc.dll
2009-06-09 11:11 835,665 a------- c:\windows\system32\cseuvec.dll
2009-06-09 11:11 671,815 a------- c:\windows\system32\csehqa.dll
2009-06-09 11:11 258,048 a------- c:\windows\system32\cllccodc.dll
2009-06-09 11:11 122,961 a------- c:\windows\system32\csellc.dll
2009-06-09 11:11 69,632 a------- c:\windows\system32\cuvccodc.dll
2009-06-09 11:11 65,536 a------- c:\windows\system32\cdvhcodc.dll
2009-06-09 11:11 4,096 a------- c:\windows\system32\paveno.dll
2009-06-09 11:10 909,312 a----r-- c:\windows\system32\pavplal.dll
2009-06-09 11:10 458,752 a------- c:\windows\system32\pavapi.dll
2009-06-09 11:10 2,560 a------- c:\windows\system32\pavedius.dll
2009-06-09 11:10 84,992 a------- c:\windows\csejpeg.dll
2009-06-09 11:10 <DIR> --d----- c:\program files\common files\Snell & Wilcox Shared
2009-06-09 11:10 3,072 a------- c:\windows\hasp_windows.dll
2009-06-09 11:10 380,928 a------- c:\windows\system32\palm2.ax
2009-06-09 11:09 188,482 a----r-- c:\windows\system32\helixprodctrl.dll
2009-06-09 11:09 864,338 a------- c:\windows\system32\csempeg3.dll
2009-06-09 11:09 1,085,520 a------- c:\windows\system32\csedvh.dll
2009-06-09 11:09 376,832 a------- c:\windows\system32\hlCDVC.dll
2009-06-09 11:09 22,528 a------- c:\windows\system32\csthread.dll
2009-06-09 11:09 <DIR> --d----- c:\program files\common files\Canopus Shared
2009-06-09 11:09 385,108 a------- c:\windows\system32\csedv.dll
2009-06-09 11:09 159,832 a------- c:\windows\system32\csccdvc.dll
2009-06-09 11:09 147,456 a------- c:\windows\system32\csccdvcx.dll
2009-06-09 11:09 69,632 a------- c:\windows\system32\cdvccodc.dll
2009-06-09 11:09 <DIR> --d----- c:\program files\Grass Valley
2009-06-09 11:09 <DIR> --d----- c:\program files\common files\Grass Valley
2009-06-09 10:57 <DIR> --d----- c:\programdata\Apple Computer
2009-06-09 10:56 <DIR> --d----- c:\programdata\Apple
2009-06-09 01:01 <DIR> --d----- c:\programdata\Minnetonka Audio Software
2009-06-09 01:01 <DIR> --d----- c:\progra~2\Minnetonka Audio Software

==================== Find3M ====================

2009-07-05 19:12 672,380 a------- c:\windows\system32\perfh00C.dat
2009-07-05 19:12 127,578 a------- c:\windows\system32\perfc00C.dat
2009-07-03 09:12 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-03 09:12 51,200 a------- c:\windows\inf\infpub.dat
2009-07-03 09:12 86,016 a------- c:\windows\inf\infstor.dat
2009-06-21 17:16 88,648 a------- c:\programdata\nvModes.dat
2009-06-21 17:16 88,648 a------- c:\progra~2\nvModes.dat
2009-05-30 23:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-26 03:31 0 a------- c:\programdata\PKP_DLdy.DAT
2009-05-26 03:31 0 a------- c:\progra~2\PKP_DLdy.DAT
2009-05-21 01:53 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-21 01:53 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-21 01:53 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-20 00:31 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE910153Y_E508164-121_4A_I303C_SWistron_V08.49_F.35_T090217_WV2-1_L409_M2814_J250_7AMD_8F31_92.10_#090310_N168C002A;10DE0760_(NM341UA#ABC)_XMOBI
LE_CN10_Z_2F.35_G10DE0845.MRK
2009-05-08 04:21 42,304 a------- c:\windows\system32\fmrsslink.dll
2009-05-08 04:20 427,328 a------- c:\windows\system32\TXGYMailActiveX.dll
2009-05-08 04:20 261,256 a------- c:\windows\system32\TXGYMailCamera.dll
2009-04-24 09:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 09:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 06:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-10-25 03:05 665,600 a------- c:\windows\inf\drvindex.dat
2008-10-25 02:44 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2008-10-25 02:44 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2008-10-25 02:44 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2008-10-25 02:44 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2008-01-20 19:57 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 1:23:54.16 ===============

Attached File(s)
Attached File  Attach.txt ( 6.81K ) Number of downloads: 162
 
Go to the top of the page
 
+Quote Post
CatByte
post Jul 6 2009, 05:58 AM
Post #5


Classroom Administrator Assistant
Group Icon

Group: Classroom Teacher
Posts: 6,930
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Hi,

You can try zipping the GMER.txt and attaching it, or just copy/paste it into the thread.

You ran ComboFix.
Please post the log. It can be found at C:\ComboFix.txt


Please do the following:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Go to the top of the page
 
+Quote Post
masterarchitect
post Jul 6 2009, 11:02 AM
Post #6


Authentic Member
**

Group: Authentic Member
Posts: 55
Joined: 20-March 07
Member No.: 68,926
Operating System: Windows XP



Hi there, thanks for the reply. Attached is the scan from GMER.

And here is the scan from ComboFix.

ComboFix 09-07-05.04 - Gent 06/07/2009 9:26.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.2.1033.18.2814.1273 [GMT -7:00]
Running from: c:\users\Gent\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 15:45 . 2009-05-20 08:00 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVENG.SYS
2009-07-06 15:45 . 2009-05-20 08:00 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVEX15.SYS
2009-07-06 15:45 . 2009-05-20 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVENG32.DLL
2009-07-06 15:45 . 2009-05-20 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVEX32A.DLL
2009-07-06 15:45 . 2009-05-20 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\EECTRL.SYS
2009-07-06 15:45 . 2009-05-20 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\ECMSVR32.DLL
2009-07-06 15:45 . 2009-05-20 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\CCERASER.DLL
2009-07-06 15:45 . 2009-05-20 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\ERASER.SYS
2009-07-06 08:32 . 2009-07-06 08:32 -------- d-----w- c:\program files\7-Zip
2009-07-05 16:07 . 2009-07-05 16:07 -------- d-----w- c:\users\Gent\AppData\Roaming\Malwarebytes
2009-07-05 16:07 . 2009-07-05 16:07 -------- d-----w- c:\programdata\Malwarebytes
2009-07-05 08:33 . 2009-07-06 16:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-05 08:33 . 2009-07-06 16:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-03 07:56 . 2009-07-03 07:56 -------- d-----w- c:\program files\Trend Micro
2009-07-03 02:36 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2009-06-30 21:16 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll
2009-06-30 21:16 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys
2009-06-30 21:16 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys
2009-06-30 21:16 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll
2009-06-30 21:16 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys
2009-06-24 02:19 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 02:19 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys
2009-06-24 02:19 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 02:19 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 02:19 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys
2009-06-23 18:37 . 2009-06-23 18:37 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-06-16 08:55 . 2009-06-16 08:55 -------- d-----w- c:\users\Gent\AppData\Roaming\YoudaGames
2009-06-16 07:33 . 2009-06-16 07:33 -------- d-----w- c:\windows\Youda Marina
2009-06-16 07:33 . 2009-06-16 07:33 -------- d-----w- c:\program files\Youda Marina
2009-06-15 07:55 . 2009-06-15 07:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 02:53 . 2009-07-04 06:27 680 ----a-w- c:\users\Gent\AppData\Local\d3d9caps.dat
2009-06-10 02:11 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 02:11 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 02:11 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 19:00 . 2009-06-09 19:00 -------- d-----w- c:\programdata\Grass Valley
2009-06-09 18:11 . 2005-07-28 15:18 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-06-09 18:11 . 2006-09-21 23:22 69632 ----a-w- c:\windows\system32\cdv5codc.dll
2009-06-09 18:11 . 2002-12-02 17:42 49152 ----a-w- c:\windows\system32\cvpcdvc.dll
2009-06-09 18:11 . 2006-10-30 16:56 69632 ----a-w- c:\windows\system32\cuvccodc.dll
2009-06-09 18:11 . 2006-10-30 16:56 258048 ----a-w- c:\windows\system32\cllccodc.dll
2009-06-09 18:11 . 2006-09-21 23:22 65536 ----a-w- c:\windows\system32\cdvhcodc.dll
2009-06-09 18:11 . 2006-05-01 18:08 4096 ----a-w- c:\windows\system32\paveno.dll
2009-06-09 18:09 . 2006-03-08 22:36 1085520 ----a-w- c:\windows\system32\csedvh.dll
2009-06-09 18:09 . 2004-05-07 06:28 376832 ----a-w- c:\windows\system32\hlCDVC.dll
2009-06-09 18:09 . 2000-02-03 00:30 22528 ----a-w- c:\windows\system32\csthread.dll
2009-06-09 18:09 . 2006-11-01 17:01 69632 ----a-w- c:\windows\system32\cdvccodc.dll
2009-06-09 18:09 . 2002-11-01 01:11 385108 ----a-w- c:\windows\system32\csedv.dll
2009-06-09 18:09 . 2002-10-29 19:29 159832 ----a-w- c:\windows\system32\csccdvc.dll
2009-06-09 18:09 . 2002-05-29 17:20 147456 ----a-w- c:\windows\system32\csccdvcx.dll
2009-06-09 18:09 . 2009-06-09 18:09 -------- d-----w- c:\program files\Grass Valley
2009-06-09 18:09 . 2009-06-09 18:09 -------- d-----w- c:\program files\Common Files\Grass Valley
2009-06-09 18:06 . 2009-06-09 18:06 -------- d-----w- c:\users\Gent\AppData\Local\Apple Computer
2009-06-09 17:57 . 2009-06-09 17:58 -------- d-----w- c:\program files\QuickTime
2009-06-09 17:57 . 2009-06-09 17:57 -------- d-----w- c:\programdata\Apple Computer
2009-06-09 17:56 . 2009-06-09 17:56 -------- d-----w- c:\users\Gent\AppData\Local\Apple
2009-06-09 17:56 . 2009-06-09 17:56 -------- d-----w- c:\program files\Apple Software Update
2009-06-09 17:56 . 2009-06-09 17:56 -------- d-----w- c:\programdata\Apple
2009-06-09 08:01 . 2009-06-09 08:01 -------- d-----w- c:\programdata\Minnetonka Audio Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 02:12 . 2008-10-25 09:45 672380 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-06 02:12 . 2008-10-25 09:45 127578 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-03 16:12 . 2009-07-03 16:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-03 07:56 . 2009-05-20 09:01 -------- d-----w- c:\users\Gent\AppData\Roaming\uTorrent
2009-07-03 04:32 . 2009-05-23 07:20 -------- d-----w- c:\program files\Microsoft
2009-07-03 04:32 . 2009-05-20 07:33 -------- d-----w- c:\programdata\Microsoft Help
2009-06-23 18:44 . 2009-05-20 07:45 150288 ----a-w- c:\users\Gent\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-23 18:37 . 2009-05-20 07:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-22 00:16 . 2009-05-21 20:32 88648 ----a-w- c:\programdata\nvModes.dat
2009-06-15 07:54 . 2008-10-25 11:30 -------- d-----w- c:\program files\Java
2009-06-12 23:06 . 2009-05-20 07:35 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 20:37 . 2009-05-24 20:25 -------- d-----w- c:\programdata\Autodesk
2009-06-11 20:37 . 2009-05-24 07:38 -------- d-----w- c:\users\Gent\AppData\Roaming\Autodesk
2009-06-09 18:11 . 2009-06-09 18:09 -------- d-----w- c:\program files\Common Files\Canopus Shared
2009-06-09 18:11 . 2008-10-25 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-09 18:10 . 2009-06-09 18:10 -------- d-----w- c:\program files\Common Files\Snell & Wilcox Shared
2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_A8CFB739A582B239DA1395.exe
2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_6FEFF9B68218417F98F549.exe
2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_32B9DA17A711D180F7570A.exe
2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_21F3885A18D238E15AAE81.exe
2009-06-04 03:17 . 2009-06-04 03:17 -------- d-----w- c:\program files\Phanku eTaxCanada 2008
2009-06-03 11:15 . 2009-06-03 11:15 -------- d-----w- c:\program files\Portrait Professional Max 6
2009-06-03 09:50 . 2009-06-03 09:50 -------- d-----w- c:\users\Gent\AppData\Roaming\Anthropics
2009-06-02 18:16 . 2008-10-25 11:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-02 18:04 . 2009-06-02 18:04 -------- d-----w- c:\program files\MSXML 4.0
2009-05-31 07:15 . 2009-05-31 06:56 -------- d-----w- c:\programdata\Logitech
2009-05-31 07:15 . 2009-05-31 07:15 -------- d-----w- c:\users\Gent\AppData\Roaming\Logitech
2009-05-31 07:00 . 2009-05-31 07:00 -------- d-----w- c:\users\Gent\AppData\Roaming\Leadertech
2009-05-31 07:00 . 2009-05-31 07:00 53248 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-05-31 07:00 . 2009-05-31 06:56 -------- d-----w- c:\program files\Common Files\Logishrd
2009-05-31 06:58 . 2009-05-31 06:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-31 06:55 . 2009-05-31 06:55 -------- d-----w- c:\program files\Logitech
2009-05-31 06:55 . 2009-05-31 06:55 -------- d-----w- c:\users\Gent\AppData\Roaming\InstallShield
2009-05-31 06:55 . 2009-05-31 06:55 -------- d-----w- c:\programdata\LogiShrd
2009-05-29 22:55 . 2009-05-21 21:39 -------- d-----w- c:\users\Gent\AppData\Roaming\CyberLink
2009-05-29 22:53 . 2008-10-25 10:48 -------- d-----w- c:\programdata\CyberLink
2009-05-27 00:24 . 2009-05-27 00:24 -------- d-----w- c:\program files\PowerISO
2009-05-26 11:03 . 2009-05-26 11:03 49152 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-05-26 11:03 . 2009-05-26 10:32 -------- d-----w- c:\program files\Common Files\Nikon
2009-05-26 10:57 . 2009-05-26 10:32 -------- d-----w- c:\program files\Nikon
2009-05-26 10:31 . 2009-05-26 10:31 -------- d-----w- c:\programdata\Ultima_T15
2009-05-26 10:31 . 2009-05-26 10:31 -------- d-----w- c:\programdata\EnterNHelp
2009-05-26 10:31 . 2009-05-26 10:31 0 ----a-w- c:\programdata\PKP_DLdy.DAT
2009-05-26 10:13 . 2009-05-26 10:13 -------- d-----w- c:\program files\Total Video Converter
2009-05-26 09:56 . 2009-05-26 09:34 -------- d-----w- c:\programdata\WinZip
2009-05-24 22:47 . 2009-05-24 21:35 -------- d-----w- c:\programdata\FLEXnet
2009-05-24 22:25 . 2009-05-24 22:25 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-24 22:22 . 2009-05-24 22:22 -------- d-----w- c:\program files\Adobe Media Player
2009-05-24 22:20 . 2009-05-24 22:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-24 21:40 . 2009-05-24 21:40 57344 ----a-w- c:\users\Gent\AppData\Roaming\Autodesk\ACA 2010\enu\ContextualTabSelectorRules.dll
2009-05-24 21:38 . 2009-05-24 20:26 -------- d-----w- c:\program files\AutoCAD Architecture 2010
2009-05-24 20:32 . 2009-05-24 07:10 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-24 20:30 . 2009-05-24 20:30 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-24 20:22 . 2009-05-24 07:10 -------- d-----w- c:\program files\Autodesk
2009-05-23 07:20 . 2009-05-23 07:19 -------- d-----w- c:\program files\Windows Live
2009-05-23 07:19 . 2009-05-23 07:19 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-23 06:54 . 2009-05-23 06:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-21 23:00 . 2008-10-25 10:48 -------- d-----w- c:\program files\CyberLink
2009-05-21 22:55 . 2008-10-25 10:51 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-05-21 20:46 . 2009-05-21 20:46 -------- d-----w- c:\programdata\Symantec
2009-05-21 20:26 . 2009-05-21 20:26 -------- d-----w- c:\program files\Microsoft.NET
2009-05-21 20:14 . 2009-05-21 20:13 -------- d-----w- c:\program files\MagicDisc
2009-05-21 19:50 . 2009-05-21 19:49 -------- d-----w- c:\program files\MagicISO
2009-05-21 09:53 . 2008-10-25 12:13 -------- d-----w- c:\program files\SMINST
2009-05-21 08:53 . 2009-05-20 07:55 -------- d-----w- c:\program files\Symantec
2009-05-21 08:53 . 2009-05-20 07:55 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-21 08:53 . 2009-05-20 07:55 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-21 08:53 . 2009-05-20 07:55 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-20 09:01 . 2009-05-20 09:01 -------- d-----w- c:\program files\uTorrent
2009-05-20 08:55 . 2009-05-20 08:55 167376 ----a-w- c:\users\Gent\AppData\Roaming\Mozilla\Firefox\Profiles\l5skqxo9.default\FlashGot.exe
2009-05-20 08:23 . 2009-05-20 07:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-20 08:08 . 2008-10-25 10:04 -------- d-----w- c:\programdata\WildTangent
2009-05-20 08:00 . 2009-05-21 19:36 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVENG.SYS
2009-05-20 08:00 . 2009-05-21 19:36 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVEX15.SYS
2009-05-20 08:00 . 2009-05-21 19:36 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVENG32.DLL
2009-05-20 08:00 . 2009-05-21 19:36 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVEX32A.DLL
2009-05-20 08:00 . 2009-05-21 19:36 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\EECTRL.SYS
2009-05-20 08:00 . 2009-05-21 19:36 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\ECMSVR32.DLL
2009-05-20 08:00 . 2009-05-21 19:36 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\CCERASER.DLL
2009-05-20 08:00 . 2009-05-21 19:36 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\ERASER.SYS
2009-05-20 07:59 . 2009-05-20 07:59 -------- d-----w- c:\users\Gent\AppData\Roaming\GTek
2009-05-20 07:55 . 2008-10-25 09:48 -------- d-----w- c:\programdata\Norton
2009-05-20 07:54 . 2009-05-20 07:54 -------- d-----w- c:\users\Gent\AppData\Roaming\Hewlett-Packard
2009-05-20 07:40 . 2009-05-20 07:40 -------- d-----w- c:\users\Gent\AppData\Roaming\HP TCS
2009-05-20 07:40 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-20 07:31 . 2009-05-20 07:31 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE910153Y_E508164-121_4A_I303C_SWistron_V08.49_F.35_T090217_WV2-1_L409_M2814_J250_7AMD_8F31_92.10_#090310_N168C002A;10DE0760_(NM341UA#ABC)_XMOBI
LE_CN10_Z_2F.35_G10DE0845.MRK
2009-05-08 11:21 . 2009-05-08 11:21 42304 ----a-w- c:\windows\system32\fmrsslink.dll
2009-05-08 11:20 . 2009-05-08 11:20 427328 ----a-w- c:\windows\system32\TXGYMailActiveX.dll
2009-05-08 11:20 . 2009-05-08 11:20 261256 ----a-w- c:\windows\system32\TXGYMailCamera.dll
2009-04-24 16:05 . 2009-06-10 02:12 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 02:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 02:12 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-25 10:05 . 2008-10-25 09:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-05_08.02.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-21 14:35 . 2009-07-06 16:24 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-21 14:35 . 2009-07-03 04:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-21 14:35 . 2009-07-03 04:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-21 14:35 . 2009-07-06 16:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-21 14:35 . 2009-07-03 04:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-21 14:35 . 2009-07-06 16:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-20 08:10 . 2009-07-06 06:14 340424 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-07-06 02:12 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-05 00:35 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-05 00:35 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-06 02:12 105852 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"AcPePropertyEditorEnum"="c:\users\Gent\AppData\Local\AcPePropertyEditorEnum\AcPePropertyEditorEnum.dll" [2009-06-03 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]

c:\users\Gent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-5-21 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-3 809488]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{79B4DE72-5E75-481E-858A-4D2AF261A01D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A4DAB41D-4D79-49DF-B676-AEC868294579}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6762B2CC-103B-4F81-9B43-E4561D2F6B79}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{178BD9E4-38EA-4475-83DC-75B273085579}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D9D8544F-D588-4041-B755-495A28B97DE0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8D7B994D-EB16-467A-B3DF-2069D7C78E17}"= UDP:5353:Adobe CSI CS4
"{AA05704C-FB60-4786-900B-14C02B79879D}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{68F73200-2C2E-4012-AA52-C7500505FEC9}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [21/05/2009 1:52 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [21/05/2009 1:52 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [21/05/2009 1:52 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys [30/06/2009 2:16 PM 292912]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [21/05/2009 1:52 AM 115560]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [25/10/2008 5:13 AM 365952]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 4:28 PM 1533808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/10/2008 3:01 AM 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20/05/2009 1:00 AM 101936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/05/2008 12:17 PM 43040]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [21/05/2009 1:52 AM 39984]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sgicanada.org/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gent\AppData\Roaming\Mozilla\Firefox\Profiles\l5skqxo9.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - www.sgicanada.org
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 09:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5124)
c:\users\Gent\AppData\Local\AcPePropertyEditorEnum\AcPePropertyEditorEnum.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-07-06 9:40
ComboFix-quarantined-files.txt 2009-07-06 16:40
ComboFix2.txt 2009-07-05 08:05

Pre-Run: 109,119,684,608 bytes free
Post-Run: 109,101,092,864 bytes free

296 --- E O F --- 2009-07-03 04:35
Go to the top of the page
 
+Quote Post
masterarchitect
post Jul 6 2009, 11:04 AM
Post #7


Authentic Member
**

Group: Authentic Member
Posts: 55
Joined: 20-March 07
Member No.: 68,926
Operating System: Windows XP



Here's the scan from GooredFix:

GooredFix by jpshortstuff (03.07.09)
Log created at 00:48 on 05/07/2009 (Gent)
Firefox version 3.0.11 (en-GB)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [08:50 20/05/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [07:55 15/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:21 24/05/2009]

-=E.O.F=-



Do you need an updated scan since I scanned this yesterday morning? Thanks. smile.gif
Go to the top of the page
 
+Quote Post
CatByte
post Jul 6 2009, 11:19 AM
Post #8


Classroom Administrator Assistant
Group Icon

Group: Classroom Teacher
Posts: 6,930
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
No, that's OK

the GMER scan didn't attach, can you just copy/paste it into the log

The comboFix log you posted was from a second scan - do you still cave the original scan? perhaps called C:\ComboFix2.txt

not important if you can no longer find it.

can you explain how your computer is running and exactly what the outstanding issues are.
Go to the top of the page
 
+Quote Post
masterarchitect
post Jul 6 2009, 11:44 AM
Post #9


Authentic Member
**

Group: Authentic Member
Posts: 55
Joined: 20-March 07
Member No.: 68,926
Operating System: Windows XP



here is the GMER scan

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-06 09:08:22
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 8803B408 ZwAlertResumeThread
SSDT 87CAD208 ZwAlertThread
SSDT 883C2640 ZwAllocateVirtualMemory
SSDT 87871F48 ZwAlpcConnectPort
SSDT 884168C8 ZwAssignProcessToJobObject
SSDT 88411C40 ZwCreateMutant
SSDT 88418FC0 ZwCreateSymbolicLinkObject
SSDT 884430A0 ZwCreateThread
SSDT 88415F90 ZwDebugActiveProcess
SSDT 883C2898 ZwDuplicateObject
SSDT 883C4008 ZwFreeVirtualMemory
SSDT 880BC8F8 ZwImpersonateAnonymousToken
SSDT 87B9AAC0 ZwImpersonateThread
SSDT 87873178 ZwLoadDriver
SSDT 883C3C60 ZwMapViewOfSection
SSDT 883C6048 ZwOpenEvent
SSDT 883C2B38 ZwOpenProcess
SSDT 87C239C8 ZwOpenProcessToken
SSDT 8840F048 ZwOpenSection
SSDT 883C29E8 ZwOpenThread
SSDT 88416238 ZwProtectVirtualMemory
SSDT 87A0EFD0 ZwResumeThread
SSDT 88441BE8 ZwSetContextThread
SSDT 883C39C8 ZwSetInformationProcess
SSDT 88411048 ZwSetSystemInformation
SSDT 883C9050 ZwSuspendProcess
SSDT 883B3048 ZwSuspendThread
SSDT 8843E048 ZwTerminateProcess
SSDT 87A9E128 ZwTerminateThread
SSDT 879475B0 ZwUnmapViewOfSection
SSDT 883C21B0 ZwWriteVirtualMemory
SSDT 884176A8 ZwCreateThreadEx

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid 0 bytes
File C:\System Volume Information\EfaData\SYMEFA.DB-journal 33344 bytes

---- EOF - GMER 1.0.15 ----


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
And here is the ComboFix (2) (ran just this morning b/c I uninstalled Spybot due to ComboFix's insistence that Spybot is still running after I exited Spybot).

ComboFix 09-07-05.04 - Gent 06/07/2009 9:26.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.2.1033.18.2814.1273 [GMT -7:00]
Running from: c:\users\Gent\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 15:45 . 2009-05-20 08:00 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVENG.SYS
2009-07-06 15:45 . 2009-05-20 08:00 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVEX15.SYS
2009-07-06 15:45 . 2009-05-20 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVENG32.DLL
2009-07-06 15:45 . 2009-05-20 08:00 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVEX32A.DLL
2009-07-06 15:45 . 2009-05-20 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\EECTRL.SYS
2009-07-06 15:45 . 2009-05-20 08:00 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\ECMSVR32.DLL
2009-07-06 15:45 . 2009-05-20 08:00 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\CCERASER.DLL
2009-07-06 15:45 . 2009-05-20 08:00 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\ERASER.SYS
2009-07-06 08:32 . 2009-07-06 08:32 -------- d-----w- c:\program files\7-Zip
2009-07-05 16:07 . 2009-07-05 16:07 -------- d-----w- c:\users\Gent\AppData\Roaming\Malwarebytes
2009-07-05 16:07 . 2009-07-05 16:07 -------- d-----w- c:\programdata\Malwarebytes
2009-07-05 08:33 . 2009-07-06 16:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-05 08:33 . 2009-07-06 16:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-03 07:56 . 2009-07-03 07:56 -------- d-----w- c:\program files\Trend Micro
2009-07-03 02:36 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
2009-06-30 21:16 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll
2009-06-30 21:16 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys
2009-06-30 21:16 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys
2009-06-30 21:16 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll
2009-06-30 21:16 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys
2009-06-24 02:19 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 02:19 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys
2009-06-24 02:19 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 02:19 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 02:19 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys
2009-06-23 18:37 . 2009-06-23 18:37 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-06-16 08:55 . 2009-06-16 08:55 -------- d-----w- c:\users\Gent\AppData\Roaming\YoudaGames
2009-06-16 07:33 . 2009-06-16 07:33 -------- d-----w- c:\windows\Youda Marina
2009-06-16 07:33 . 2009-06-16 07:33 -------- d-----w- c:\program files\Youda Marina
2009-06-15 07:55 . 2009-06-15 07:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 02:53 . 2009-07-04 06:27 680 ----a-w- c:\users\Gent\AppData\Local\d3d9caps.dat
2009-06-10 02:11 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 02:11 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 02:11 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 19:00 . 2009-06-09 19:00 -------- d-----w- c:\programdata\Grass Valley
2009-06-09 18:11 . 2005-07-28 15:18 685056 ----a-w- c:\windows\system32\drivers\hardlock.sys
2009-06-09 18:11 . 2006-09-21 23:22 69632 ----a-w- c:\windows\system32\cdv5codc.dll
2009-06-09 18:11 . 2002-12-02 17:42 49152 ----a-w- c:\windows\system32\cvpcdvc.dll
2009-06-09 18:11 . 2006-10-30 16:56 69632 ----a-w- c:\windows\system32\cuvccodc.dll
2009-06-09 18:11 . 2006-10-30 16:56 258048 ----a-w- c:\windows\system32\cllccodc.dll
2009-06-09 18:11 . 2006-09-21 23:22 65536 ----a-w- c:\windows\system32\cdvhcodc.dll
2009-06-09 18:11 . 2006-05-01 18:08 4096 ----a-w- c:\windows\system32\paveno.dll
2009-06-09 18:09 . 2006-03-08 22:36 1085520 ----a-w- c:\windows\system32\csedvh.dll
2009-06-09 18:09 . 2004-05-07 06:28 376832 ----a-w- c:\windows\system32\hlCDVC.dll
2009-06-09 18:09 . 2000-02-03 00:30 22528 ----a-w- c:\windows\system32\csthread.dll
2009-06-09 18:09 . 2006-11-01 17:01 69632 ----a-w- c:\windows\system32\cdvccodc.dll
2009-06-09 18:09 . 2002-11-01 01:11 385108 ----a-w- c:\windows\system32\csedv.dll
2009-06-09 18:09 . 2002-10-29 19:29 159832 ----a-w- c:\windows\system32\csccdvc.dll
2009-06-09 18:09 . 2002-05-29 17:20 147456 ----a-w- c:\windows\system32\csccdvcx.dll
2009-06-09 18:09 . 2009-06-09 18:09 -------- d-----w- c:\program files\Grass Valley
2009-06-09 18:09 . 2009-06-09 18:09 -------- d-----w- c:\program files\Common Files\Grass Valley
2009-06-09 18:06 . 2009-06-09 18:06 -------- d-----w- c:\users\Gent\AppData\Local\Apple Computer
2009-06-09 17:57 . 2009-06-09 17:58 -------- d-----w- c:\program files\QuickTime
2009-06-09 17:57 . 2009-06-09 17:57 -------- d-----w- c:\programdata\Apple Computer
2009-06-09 17:56 . 2009-06-09 17:56 -------- d-----w- c:\users\Gent\AppData\Local\Apple
2009-06-09 17:56 . 2009-06-09 17:56 -------- d-----w- c:\program files\Apple Software Update
2009-06-09 17:56 . 2009-06-09 17:56 -------- d-----w- c:\programdata\Apple
2009-06-09 08:01 . 2009-06-09 08:01 -------- d-----w- c:\programdata\Minnetonka Audio Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 02:12 . 2008-10-25 09:45 672380 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-06 02:12 . 2008-10-25 09:45 127578 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-03 16:12 . 2009-07-03 16:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-03 07:56 . 2009-05-20 09:01 -------- d-----w- c:\users\Gent\AppData\Roaming\uTorrent
2009-07-03 04:32 . 2009-05-23 07:20 -------- d-----w- c:\program files\Microsoft
2009-07-03 04:32 . 2009-05-20 07:33 -------- d-----w- c:\programdata\Microsoft Help
2009-06-23 18:44 . 2009-05-20 07:45 150288 ----a-w- c:\users\Gent\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-23 18:37 . 2009-05-20 07:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-22 00:16 . 2009-05-21 20:32 88648 ----a-w- c:\programdata\nvModes.dat
2009-06-15 07:54 . 2008-10-25 11:30 -------- d-----w- c:\program files\Java
2009-06-12 23:06 . 2009-05-20 07:35 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 20:37 . 2009-05-24 20:25 -------- d-----w- c:\programdata\Autodesk
2009-06-11 20:37 . 2009-05-24 07:38 -------- d-----w- c:\users\Gent\AppData\Roaming\Autodesk
2009-06-09 18:11 . 2009-06-09 18:09 -------- d-----w- c:\program files\Common Files\Canopus Shared
2009-06-09 18:11 . 2008-10-25 09:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-09 18:10 . 2009-06-09 18:10 -------- d-----w- c:\program files\Common Files\Snell & Wilcox Shared
2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_A8CFB739A582B239DA1395.exe
2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_6FEFF9B68218417F98F549.exe
2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_32B9DA17A711D180F7570A.exe
2009-06-04 03:17 . 2009-06-04 03:17 3638 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D22C22E6-714F-4412-A338-B40D635DF4A3}\_21F3885A18D238E15AAE81.exe
2009-06-04 03:17 . 2009-06-04 03:17 -------- d-----w- c:\program files\Phanku eTaxCanada 2008
2009-06-03 11:15 . 2009-06-03 11:15 -------- d-----w- c:\program files\Portrait Professional Max 6
2009-06-03 09:50 . 2009-06-03 09:50 -------- d-----w- c:\users\Gent\AppData\Roaming\Anthropics
2009-06-02 18:16 . 2008-10-25 11:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-02 18:04 . 2009-06-02 18:04 -------- d-----w- c:\program files\MSXML 4.0
2009-05-31 07:15 . 2009-05-31 06:56 -------- d-----w- c:\programdata\Logitech
2009-05-31 07:15 . 2009-05-31 07:15 -------- d-----w- c:\users\Gent\AppData\Roaming\Logitech
2009-05-31 07:00 . 2009-05-31 07:00 -------- d-----w- c:\users\Gent\AppData\Roaming\Leadertech
2009-05-31 07:00 . 2009-05-31 07:00 53248 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-05-31 07:00 . 2009-05-31 06:56 -------- d-----w- c:\program files\Common Files\Logishrd
2009-05-31 06:58 . 2009-05-31 06:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-31 06:55 . 2009-05-31 06:55 -------- d-----w- c:\program files\Logitech
2009-05-31 06:55 . 2009-05-31 06:55 -------- d-----w- c:\users\Gent\AppData\Roaming\InstallShield
2009-05-31 06:55 . 2009-05-31 06:55 -------- d-----w- c:\programdata\LogiShrd
2009-05-29 22:55 . 2009-05-21 21:39 -------- d-----w- c:\users\Gent\AppData\Roaming\CyberLink
2009-05-29 22:53 . 2008-10-25 10:48 -------- d-----w- c:\programdata\CyberLink
2009-05-27 00:24 . 2009-05-27 00:24 -------- d-----w- c:\program files\PowerISO
2009-05-26 11:03 . 2009-05-26 11:03 49152 ----a-r- c:\users\Gent\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-05-26 11:03 . 2009-05-26 10:32 -------- d-----w- c:\program files\Common Files\Nikon
2009-05-26 10:57 . 2009-05-26 10:32 -------- d-----w- c:\program files\Nikon
2009-05-26 10:31 . 2009-05-26 10:31 -------- d-----w- c:\programdata\Ultima_T15
2009-05-26 10:31 . 2009-05-26 10:31 -------- d-----w- c:\programdata\EnterNHelp
2009-05-26 10:31 . 2009-05-26 10:31 0 ----a-w- c:\programdata\PKP_DLdy.DAT
2009-05-26 10:13 . 2009-05-26 10:13 -------- d-----w- c:\program files\Total Video Converter
2009-05-26 09:56 . 2009-05-26 09:34 -------- d-----w- c:\programdata\WinZip
2009-05-24 22:47 . 2009-05-24 21:35 -------- d-----w- c:\programdata\FLEXnet
2009-05-24 22:25 . 2009-05-24 22:25 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-24 22:22 . 2009-05-24 22:22 -------- d-----w- c:\program files\Adobe Media Player
2009-05-24 22:20 . 2009-05-24 22:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-24 21:40 . 2009-05-24 21:40 57344 ----a-w- c:\users\Gent\AppData\Roaming\Autodesk\ACA 2010\enu\ContextualTabSelectorRules.dll
2009-05-24 21:38 . 2009-05-24 20:26 -------- d-----w- c:\program files\AutoCAD Architecture 2010
2009-05-24 20:32 . 2009-05-24 07:10 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-05-24 20:30 . 2009-05-24 20:30 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-24 20:22 . 2009-05-24 07:10 -------- d-----w- c:\program files\Autodesk
2009-05-23 07:20 . 2009-05-23 07:19 -------- d-----w- c:\program files\Windows Live
2009-05-23 07:19 . 2009-05-23 07:19 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-23 06:54 . 2009-05-23 06:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-21 23:00 . 2008-10-25 10:48 -------- d-----w- c:\program files\CyberLink
2009-05-21 22:55 . 2008-10-25 10:51 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-05-21 20:46 . 2009-05-21 20:46 -------- d-----w- c:\programdata\Symantec
2009-05-21 20:26 . 2009-05-21 20:26 -------- d-----w- c:\program files\Microsoft.NET
2009-05-21 20:14 . 2009-05-21 20:13 -------- d-----w- c:\program files\MagicDisc
2009-05-21 19:50 . 2009-05-21 19:49 -------- d-----w- c:\program files\MagicISO
2009-05-21 09:53 . 2008-10-25 12:13 -------- d-----w- c:\program files\SMINST
2009-05-21 08:53 . 2009-05-20 07:55 -------- d-----w- c:\program files\Symantec
2009-05-21 08:53 . 2009-05-20 07:55 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-21 08:53 . 2009-05-20 07:55 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-21 08:53 . 2009-05-20 07:55 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-20 09:01 . 2009-05-20 09:01 -------- d-----w- c:\program files\uTorrent
2009-05-20 08:55 . 2009-05-20 08:55 167376 ----a-w- c:\users\Gent\AppData\Roaming\Mozilla\Firefox\Profiles\l5skqxo9.default\FlashGot.exe
2009-05-20 08:23 . 2009-05-20 07:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-20 08:08 . 2008-10-25 10:04 -------- d-----w- c:\programdata\WildTangent
2009-05-20 08:00 . 2009-05-21 19:36 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVENG.SYS
2009-05-20 08:00 . 2009-05-21 19:36 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVEX15.SYS
2009-05-20 08:00 . 2009-05-21 19:36 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVENG32.DLL
2009-05-20 08:00 . 2009-05-21 19:36 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\NAVEX32A.DLL
2009-05-20 08:00 . 2009-05-21 19:36 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\EECTRL.SYS
2009-05-20 08:00 . 2009-05-21 19:36 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\ECMSVR32.DLL
2009-05-20 08:00 . 2009-05-21 19:36 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\CCERASER.DLL
2009-05-20 08:00 . 2009-05-21 19:36 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090522.002\ERASER.SYS
2009-05-20 07:59 . 2009-05-20 07:59 -------- d-----w- c:\users\Gent\AppData\Roaming\GTek
2009-05-20 07:55 . 2008-10-25 09:48 -------- d-----w- c:\programdata\Norton
2009-05-20 07:54 . 2009-05-20 07:54 -------- d-----w- c:\users\Gent\AppData\Roaming\Hewlett-Packard
2009-05-20 07:40 . 2009-05-20 07:40 -------- d-----w- c:\users\Gent\AppData\Roaming\HP TCS
2009-05-20 07:40 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-20 07:31 . 2009-05-20 07:31 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE910153Y_E508164-121_4A_I303C_SWistron_V08.49_F.35_T090217_WV2-1_L409_M2814_J250_7AMD_8F31_92.10_#090310_N168C002A;10DE0760_(NM341UA#ABC)_XMOBI
LE_CN10_Z_2F.35_G10DE0845.MRK
2009-05-08 11:21 . 2009-05-08 11:21 42304 ----a-w- c:\windows\system32\fmrsslink.dll
2009-05-08 11:20 . 2009-05-08 11:20 427328 ----a-w- c:\windows\system32\TXGYMailActiveX.dll
2009-05-08 11:20 . 2009-05-08 11:20 261256 ----a-w- c:\windows\system32\TXGYMailCamera.dll
2009-04-24 16:05 . 2009-06-10 02:12 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 02:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 02:12 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-25 10:05 . 2008-10-25 09:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-05_08.02.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-21 14:35 . 2009-07-06 16:24 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-21 14:35 . 2009-07-03 04:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-21 14:35 . 2009-07-03 04:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-21 14:35 . 2009-07-06 16:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-21 14:35 . 2009-07-03 04:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-21 14:35 . 2009-07-06 16:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-20 08:10 . 2009-07-06 06:14 340424 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-07-06 02:12 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-05 00:35 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-05 00:35 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-06 02:12 105852 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"AcPePropertyEditorEnum"="c:\users\Gent\AppData\Local\AcPePropertyEditorEnum\AcPePropertyEditorEnum.dll" [2009-06-03 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]

c:\users\Gent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-5-21 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-3 809488]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{79B4DE72-5E75-481E-858A-4D2AF261A01D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A4DAB41D-4D79-49DF-B676-AEC868294579}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6762B2CC-103B-4F81-9B43-E4561D2F6B79}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{178BD9E4-38EA-4475-83DC-75B273085579}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D9D8544F-D588-4041-B755-495A28B97DE0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8D7B994D-EB16-467A-B3DF-2069D7C78E17}"= UDP:5353:Adobe CSI CS4
"{AA05704C-FB60-4786-900B-14C02B79879D}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{68F73200-2C2E-4012-AA52-C7500505FEC9}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [21/05/2009 1:52 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [21/05/2009 1:52 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [21/05/2009 1:52 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys [30/06/2009 2:16 PM 292912]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [21/05/2009 1:52 AM 115560]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [25/10/2008 5:13 AM 365952]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 4:28 PM 1533808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [25/10/2008 3:01 AM 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20/05/2009 1:00 AM 101936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [09/05/2008 12:17 PM 43040]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [21/05/2009 1:52 AM 39984]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sgicanada.org/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=91&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gent\AppData\Roaming\Mozilla\Firefox\Profiles\l5skqxo9.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - www.sgicanada.org
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 09:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5124)
c:\users\Gent\AppData\Local\AcPePropertyEditorEnum\AcPePropertyEditorEnum.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-07-06 9:40
ComboFix-quarantined-files.txt 2009-07-06 16:40
ComboFix2.txt 2009-07-05 08:05

Pre-Run: 109,119,684,608 bytes free
Post-Run: 109,101,092,864 bytes free

296 --- E O F --- 2009-07-03 04:35

Attached File(s)
Attached File  GMER.txt ( 6.37K ) Number of downloads: 91
 
Go to the top of the page
 
+Quote Post
CatByte
post Jul 6 2009, 11:50 AM
Post #10


Classroom Administrator Assistant
Group Icon

Group: Classroom Teacher
Posts: 6,930
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Ok,

sorry, I'm not really making myself clear am I, I didn't want you to actually run ComboFix, I saw from your DDS log that you had already run it yourself and I was more interested in the deletions that it showed in the initial run as there is no malware showing now, I was wanting to see what it WAS infected with.

What are the remaining symptoms on this computer?
Go to the top of the page
 
+Quote Post
masterarchitect
post Jul 6 2009, 11:50 AM
Post #11


Authentic Member
**

Group: Authentic Member
Posts: 55
Joined: 20-March 07
Member No.: 68,926
Operating System: Windows XP



The underlying issues with my laptop are still being redirected to other sites when I searched Google. For example, since I do photography on the side, I was searching for fashion show events that I might be interested in showing up for. But when I clicked on (legitimate organisations BTW) the site I wanted, I got redirected to textdating.ca (???). It also occurred to me that not all sites I clicked on are like that behaviour. It's like some random targetting at times. But I guess everything has to do with a targeted search areas of Google. Could this be something really fishy?
Go to the top of the page
 
+Quote Post
CatByte
post Jul 6 2009, 11:53 AM
Post #12


Classroom Administrator Assistant
Group Icon

Group: Classroom Teacher
Posts: 6,930
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


**Vista users - right click on the IE icon and run as administrator


Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
Go to the top of the page
 
+Quote Post
masterarchitect
post Jul 6 2009, 12:44 PM
Post #13


Authentic Member
**

Group: Authentic Member
Posts: 55
Joined: 20-March 07
Member No.: 68,926
Operating System: Windows XP



MBAM log:

Malwarebytes' Anti-Malware 1.38
Database version: 2382
Windows 6.0.6001 Service Pack 1

06/07/2009 11:44:03 AM
mbam-log-2009-07-06 (11-44-03).txt

Scan type: Quick Scan
Objects scanned: 79989
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Go to the top of the page
 
+Quote Post
masterarchitect
post Jul 6 2009, 12:46 PM
Post #14


Authentic Member
**

Group: Authentic Member
Posts: 55
Joined: 20-March 07
Member No.: 68,926
Operating System: Windows XP



I also have previous logs....:

Malwarebytes' Anti-Malware 1.38
Database version: 2382
Windows 6.0.6001 Service Pack 1

06/07/2009 11:44:03 AM
mbam-log-2009-07-06 (11-44-03).txt

Scan type: Quick Scan
Objects scanned: 79989
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Malwarebytes' Anti-Malware 1.38
Database version: 2376
Windows 6.0.6001 Service Pack 1

05/07/2009 9:12:35 AM
mbam-log-2009-07-05 (09-12-35).txt

Scan type: Quick Scan
Objects scanned: 79504
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Go to the top of the page
 
+Quote Post
CatByte
post Jul 6 2009, 12:54 PM
Post #15


Classroom Administrator Assistant
Group Icon

Group: Classroom Teacher
Posts: 6,930
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
OK, thank-you

Please continue with the kaspersky scan
Go to the top of the page
 
+Quote Post
« Next Oldest · Infections Removal · Next Newest »
 

7 Pages V   1 2 3 > » 
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 21st November 2009 - 03:16 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2009  IPS, Inc.