Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet problem

Unread postby compo84 » October 5th, 2010, 11:50 am

Hi, our computer may have a malware problem, every time windows updates the internet stops working, we have to system restore every other day to get it to work, I hope you can help.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:39:45, on 05/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\fred\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\4.1.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\4.1.0.32\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\4.1.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [uqgtmkjk] C:\Users\fred\AppData\Local\ktlbfacer\paythxwshdw.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [sdsetup[1]] C:\Users\fred\Desktop\sdsetup[1].exe -min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: OfficeSAS.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 8416 bytes

Uninstall list

Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Reader 8
Adobe Reader 8
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Extreme
Arcsoft TotalMedia Extreme
Battlefield 2(TM)
Battlefield Heroes
Bonjour
Browser Address Error Redirector
Cricket Coach 2009 3.12
Driver Detective
Firefox
Flash Player 9 Internet Explorer
Football Manager 2010
GearDrvs
Google BAE
Google Desktop
Google Earth
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoogleDesktop
GoogleToolbar
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Infocentre Rev. 2.0
International Cricket Captain 2010
iTunes
Java(TM) 6 Update 20
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Single Image 2010 (Beta)
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Outlook Hotmail Connector 32-bit (Beta)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (2.0)
Norton 360
Norton 360 Premier Edition
Norton Security Scan
NVIDIA Drivers
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Registration
Packard Bell Updator
Picasa 2
Picasa2
PunkBuster Services
QuickTime
Realtek HD Audio V6.0.1.5413
Realtek High Definition Audio Driver
RiskII (remove only)
Safari
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
SetUp My PC
Shockwave player 10
Skype 3.5.2.239
Skype™ 3.5
TalonSoft's Eastern Front II
Uniblue RegistryBooster
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Video SIS V7.14.10.5090
VoiceOver Kit

Thanks in advance for any help you can offer.
compo84
Regular Member
 
Posts: 30
Joined: December 8th, 2006, 8:35 am
Advertisement
Register to Remove

Re: Internet problem

Unread postby askey127 » October 7th, 2010, 5:49 pm

Hi compo84,
Don't ever use a program to optimize or clean up your registry. You might end up with an unbootable machine.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [uqgtmkjk] C:\Users\fred\AppData\Local\ktlbfacer\paythxwshdw.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [sdsetup[1]] C:\Users\fred\Desktop\sdsetup[1].exe -min

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 8
Uniblue RegistryBooster

Take extra care in answering questions posed by any Uninstaller.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.33 are vulnerable.
Go HERE and click on AdbeRdr933_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe.
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet problem

Unread postby compo84 » October 9th, 2010, 6:32 am

Thanks for helping.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

09/10/2010 11:26:40
mbam-log-2010-10-09 (11-26-40).txt

Scan type: Quick scan
Objects scanned: 115959
Time elapsed: 25 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\00208313 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\07562929 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\72367631 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\86725432 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)
compo84
Regular Member
 
Posts: 30
Joined: December 8th, 2006, 8:35 am

Re: Internet problem

Unread postby askey127 » October 9th, 2010, 8:07 am

compo84,
Instructions to stop and start Norton 360 Security are here. You will need these instructions to run Combofix (zzz.exe) below
Stop and Disable Norton 360 Service
Go to Start, Run OR Start, Programs, Accessories, Command Prompt and type Services.msc and click OK.
Scroll down and find the service.

Norton 360

Click once on the service to highlight it.
Right-Click on the service. Click on Properties
Select the General tab.
Next to Service Status, click Stop.
Click the Arrow-down tab on the right-hand side of the Start-up Type box.
From the drop-down menu, click on Disabled
Click Apply , then OK

Start Up the Norton 360 Service Again
Go to Start, Run OR Start, Programs, Accessories, Command Prompt and type Services.msc and click OK.
Scroll down and find the service.

Norton 360

Click once on the service to highlight it.
Right-Click on the service. Click on Properties
Select the General tab.
Click the Arrow-down tab on the right-hand side of the Start-up Type box.
From the drop-down menu, click on Automatic
Next to Service Status, click Start.
Click Apply , then OK
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Stop and Disable the Norton 360 Service per instructions above
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Start up your Norton 360 again per the instructions above
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

(Don't do any surfing on the Internet until the Norton 360 is re-enabled.)
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet problem

Unread postby compo84 » October 10th, 2010, 7:36 am

It wont let me stop norton 360, all the options are greyed out.
compo84
Regular Member
 
Posts: 30
Joined: December 8th, 2006, 8:35 am

Re: Internet problem

Unread postby askey127 » October 10th, 2010, 9:04 am

That's why I love it.
Just try running ComboFix without disabling Norton.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet problem

Unread postby compo84 » October 10th, 2010, 2:18 pm

Thanks for your patience.


ComboFix 10-10-09.06 - fred 10/10/2010 19:04:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1240 [GMT 1:00]
Running from: c:\users\fred\zzz.exe
AV: Norton 360 Premier Edition *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton 360 Premier Edition *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\fred\zzz.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-10 to 2010-10-10 )))))))))))))))))))))))))))))))
.

2010-10-10 18:11 . 2010-10-10 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-09 09:58 . 2010-10-09 09:58 -------- d-----w- c:\users\fred\AppData\Roaming\Malwarebytes
2010-10-09 09:58 . 2010-10-09 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-09 09:58 . 2010-10-09 09:58 -------- d-----w- c:\programdata\Malwarebytes
2010-10-07 12:44 . 2010-10-07 12:44 -------- d-----w- c:\program files\Inbox Toolbar
2010-10-05 14:50 . 2010-10-05 14:50 -------- d-----w- c:\program files\Trend Micro
2010-10-05 14:32 . 2010-10-05 14:32 -------- d-----w- c:\programdata\PC Tools
2010-10-05 14:30 . 2010-10-05 14:30 -------- d-----w- c:\users\fred\AppData\Roaming\Uniblue
2010-10-05 14:30 . 2010-10-05 14:30 -------- d-----w- c:\program files\Uniblue
2010-10-01 09:34 . 2010-10-01 09:34 -------- d-----w- C:\2b4a5ab1451b28edecf7ce63
2010-09-25 08:09 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10(357).dll
2010-09-25 08:09 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10(357)(273).dll
2010-09-25 08:09 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10(299).dll
2010-09-25 08:09 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10(299)(272).dll
2010-09-25 08:09 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10(274).dll
2010-09-25 08:09 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10(270).dll
2010-09-25 08:09 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10(270)(271).dll
2010-09-25 08:09 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10(159).dll
2010-09-25 08:09 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10(159)(270).dll
2010-09-12 02:06 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils(350).dll
2010-09-12 02:06 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils(350)(345).dll
2010-09-12 02:06 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils(350)(258).dll
2010-09-12 02:06 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils(346).dll
2010-09-12 02:06 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils(259).dll
2010-09-12 02:02 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3(340).dll
2010-09-12 02:02 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3(340)(337).dll
2010-09-12 02:02 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3(340)(250).dll
2010-09-12 02:02 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3(338).dll
2010-09-12 02:02 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3(251).dll
2010-09-12 02:01 . 2010-07-26 16:55 11581440 ----a-w- c:\windows\system32\shell32(352).dll
2010-09-12 02:01 . 2010-07-26 16:55 11581440 ----a-w- c:\windows\system32\shell32(352)(349).dll
2010-09-12 02:01 . 2010-07-26 16:55 11581440 ----a-w- c:\windows\system32\shell32(352)(262).dll
2010-09-12 02:01 . 2010-07-26 16:55 11581440 ----a-w- c:\windows\system32\shell32(350).dll
2010-09-12 02:01 . 2010-07-26 16:55 11581440 ----a-w- c:\windows\system32\shell32(263).dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-02 12:09 . 2009-12-27 16:49 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 . 2009-07-28 22:09 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2009-07-28 22:09 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2009-07-28 22:09 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2009-07-28 22:09 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2009-07-28 22:09 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-28 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"uqgtmkjk"="c:\users\fred\AppData\Local\ktlbfacer\paythxwshdw.exe" [2010-08-20 259584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"Skytel"="Skytel.exe" [2007-05-07 1826816]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-02 30192]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 92704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-01-07 2560]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-04-27 102448]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-02 30192]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [2010-02-04 172592]
S1 archlp;archlp; [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [2010-04-29 537136]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\ccHPx86.sys [2010-02-25 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100518.002\IDSvix86.sys [2010-05-18 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.SYS [2010-02-27 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\N360\0401000.020\SYMTDIV.SYS [2010-02-04 340016]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392]

.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\Norton Security Scan for fred.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-20 23:51]

2010-10-10 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2009-07-28 16:34]

2010-10-10 c:\windows\Tasks\User_Feed_Synchronization-{7F13F209-3F08-437F-A38D-D316251823AC}.job
- c:\windows\system32\msfeedssync.exe [2010-03-26 23:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/stati ... 0.31.0.cab
FF - ProfilePath - c:\users\fred\AppData\Roaming\Mozilla\Firefox\Profiles\5j9nhczo.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox? ... S:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.accept.default", "application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
Completion time: 2010-10-10 19:13:15
ComboFix-quarantined-files.txt 2010-10-10 18:13

Pre-Run: 384,477,163,520 bytes free
Post-Run: 384,859,639,808 bytes free

- - End Of File - - B4E2E2A89B1E8CBD970CBC467455AF71
compo84
Regular Member
 
Posts: 30
Joined: December 8th, 2006, 8:35 am

Re: Internet problem

Unread postby askey127 » October 11th, 2010, 6:05 am

compo84
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    File::
    c:\users\fred\AppData\Local\ktlbfacer\paythxwshdw.exe
    
    Folder::
    c:\users\fred\AppData\Local\ktlbfacer
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmpcSys"=-
    "uqgtmkjk"=-
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "toolbar_eula_launcher"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------------------
Download IE8 and install it (you can use Firefox for the download):
http://www.microsoft.com/windows/intern ... sites.aspx

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet problem

Unread postby askey127 » October 14th, 2010, 6:46 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 480 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware