Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

WS.Trojan.H HELP! How do I get rid of this?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

WS.Trojan.H HELP! How do I get rid of this?

Unread postby junkdaddy » September 21st, 2011, 6:49 pm

I have tried removing this threat multiple times but it seems to "replicate" and appear in *.exe files. I have run NIS2012 and it quarantines the threat but then it reappears in another file. I am posting the DDS reports and can also, post the Quarantine Reports so you can see it's multiple "personalities"

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Michael at 18:36:23 on 2011-09-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2019 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Settings,ProxyServer = 198.18.0.1:80
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: microsoft.com\*.update
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{DA4D733A-157A-4DF9-B3C1-35852485244A} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{DA4D733A-157A-4DF9-B3C1-35852485244A}\34F6070756277596C6C6F677D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DA4D733A-157A-4DF9-B3C1-35852485244A}\3516E64697027416274656E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DA4D733A-157A-4DF9-B3C1-35852485244A}\358435745554354575942554C4543535 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{DA4D733A-157A-4DF9-B3C1-35852485244A}\C6F6467656E65647 : DhcpNameServer = 192.168.50.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\cdgv4vq2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.7.1\nphdplg.dll
FF - plugin: C:\Users\Michael\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 SMR210;Symantec SMR Utility Service 2.1.0;C:\Windows\system32\drivers\SMR210.SYS --> C:\Windows\system32\drivers\SMR210.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-9-9 1152632]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1301010.003\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110917.033\IDSviA64.sys [2011-9-17 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1301010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1301010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1301010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe -service --> C:\Windows\system32\lxddcoms.exe -service [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe [2011-9-21 138760]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-3-24 2320920]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-1-9 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-21 136824]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-2 17152]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxddserv.exe [2007-4-26 34224]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-24 225280]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-09-21 22:01:55 388096 ----a-r- C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-21 22:01:55 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-21 18:55:19 96376 ----a-w- C:\Windows\System32\drivers\SMR210.SYS
2011-09-21 18:26:30 729720 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\srtsp64.sys
2011-09-21 18:26:30 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\SymDS64.sys
2011-09-21 18:26:30 401016 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\symnets.sys
2011-09-21 18:26:30 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\srtspx64.sys
2011-09-21 18:26:30 189560 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\Ironx64.sys
2011-09-21 18:26:30 167048 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\ccSetx64.sys
2011-09-21 18:26:30 1084536 ----a-r- C:\Windows\System32\drivers\NISx64\1301010.003\SymEFA64.sys
2011-09-21 18:26:24 -------- d-----w- C:\Windows\System32\drivers\NISx64\1301010.003
2011-09-21 18:22:38 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-09-21 18:22:38 -------- d-----w- C:\Program Files\Symantec
2011-09-21 18:22:38 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-09-21 18:21:51 -------- d-----w- C:\Windows\System32\drivers\NISx64
2011-09-21 18:21:48 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2011-09-21 18:18:04 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-09-16 04:42:11 -------- d-----w- C:\Users\Michael\AppData\Local\{5CAA0CAC-D71F-4BEC-A00C-D9A2B431724A}
2011-09-16 04:42:00 -------- d-----w- C:\Users\Michael\AppData\Local\{8CF34DAF-13A9-4D81-9064-6F56853C3930}
2011-09-16 04:37:02 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2011-09-14 18:29:21 -------- d-----w- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-10 16:00:10 -------- d-----w- C:\Users\Michael\AppData\Local\{FA37D388-D880-4C9F-B485-E9F53475C350}
2011-09-10 15:59:55 -------- d-----w- C:\Users\Michael\AppData\Local\{DD0DCD07-C798-47E3-8856-5CD8A58297F3}
2011-09-03 02:12:58 -------- d-----w- C:\Users\Michael\AppData\Local\{23288687-AC42-4303-990E-BB4D6F20E712}
2011-09-03 02:12:46 -------- d-----w- C:\Users\Michael\AppData\Local\{AEC75B21-1987-4AAF-B410-977520804EAC}
2011-09-02 21:41:11 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-09-02 21:41:06 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-09-01 19:01:53 -------- d-----w- C:\Users\Michael\AppData\Local\{2BA93323-04FE-45BE-98D7-5D649D1CD71D}
2011-09-01 19:01:41 -------- d-----w- C:\Users\Michael\AppData\Local\{E78CADC5-E539-40AF-8097-12F1D27D9CF6}
2011-08-30 14:01:14 -------- d-----w- C:\Users\Michael\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2011-08-30 14:01:09 -------- d-----w- C:\Program Files (x86)\Times Reader
2011-08-24 02:42:41 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 02:42:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-23 17:51:24 -------- d-----w- C:\Users\Michael\AppData\Local\{929BD694-722A-4E13-B3BF-C1D477880C7A}
2011-08-23 17:51:14 -------- d-----w- C:\Users\Michael\AppData\Local\{0DC7FE4C-D1C4-4BD6-B961-6A4CA64E2E29}
2011-08-23 17:50:51 -------- d-----w- C:\Users\Michael\AppData\Local\{99D46CAA-2B3F-4D91-9FAA-604EA80A5004}
2011-08-23 17:50:41 -------- d-----w- C:\Users\Michael\AppData\Local\{7FEB2604-86CC-434F-A8AE-99CD7150E42D}
2011-08-23 17:31:18 -------- d-----w- C:\Windows\en
2011-08-23 17:29:14 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-23 17:26:41 -------- d-----w- C:\Users\Michael\AppData\Local\{0F85B44A-395B-4BEA-B6FF-E310AE785A75}
2011-08-23 17:26:30 -------- d-----w- C:\Users\Michael\AppData\Local\{57464EF2-1E4F-49D6-9FC4-E89B07886C4D}
2011-08-23 17:22:45 -------- d-----w- C:\Users\Michael\AppData\Local\{E493DAD6-5C6B-4A45-A030-09A2C4AA7C51}
2011-08-23 17:22:01 -------- d-----w- C:\Users\Michael\AppData\Local\{CA518426-2F33-4077-88D4-64861FDC34E9}
2011-08-23 17:15:38 -------- d-----w- C:\Users\Michael\AppData\Local\{58B9E154-2702-4057-9CBC-4AC2F6565848}
2011-08-23 17:15:29 -------- d-----w- C:\Users\Michael\AppData\Local\{88795076-9459-443A-862F-7FBF15D3D687}
2011-08-23 17:14:39 -------- d-----w- C:\Users\Michael\AppData\Local\{20CDD8C4-6DB1-4231-817E-2DB49B36A30E}
2011-08-23 16:53:43 -------- d-----w- C:\Users\Michael\AppData\Local\{767613E2-DFF2-41EB-804D-30A8482846CC}
2011-08-23 16:48:53 -------- d-----w- C:\kiosk
2011-08-23 16:48:48 -------- d-----w- C:\temp2
2011-08-23 16:47:55 -------- d-----w- C:\Users\Michael\AppData\Roaming\Worksimaging
2011-08-23 16:45:56 -------- d-----w- C:\Users\Michael\AppData\Local\{9A93A426-5574-415F-84AA-53744EECF387}
2011-08-23 16:45:46 -------- d-----w- C:\Users\Michael\AppData\Local\{549F5A9D-E282-417E-B852-BFFF9E7A4DE6}
.
==================== Find3M ====================
.
2011-09-03 04:38:22 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-30 13:08:55 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
.
============= FINISH: 18:36:56.55 ===============
Last edited by NonSuch on September 22nd, 2011, 3:02 am, edited 2 times in total.
Reason: Edited: All text was in a small font, and centered, making it difficult to read.
junkdaddy
Active Member
 
Posts: 12
Joined: September 21st, 2011, 6:39 pm
Advertisement
Register to Remove

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby melboy » September 25th, 2011, 5:38 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=====================================================


I suspect these may be false positives.

Can you please post the contents of attach.txt created when you ran DDS. If you are able to post Nortons quarantine log, please do so as well.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby junkdaddy » September 27th, 2011, 12:04 am

will do as you requested.
junkdaddy
Active Member
 
Posts: 12
Joined: September 21st, 2011, 6:39 pm

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby melboy » September 27th, 2011, 11:58 am

Please reply with the requested logs within the next 24 hours.

Thanks. :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby junkdaddy » September 27th, 2011, 2:40 pm

see the logs that i pasted above....is this not what you wantted?
junkdaddy
Active Member
 
Posts: 12
Joined: September 21st, 2011, 6:39 pm

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby junkdaddy » September 27th, 2011, 2:49 pm

sorry....here you go. the attach.txt

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Michael Peterson at 14:47:40 on 2011-09-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3006.1516 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\Streaming Client\RadeSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehRecvr.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\GhosteryIEplugin\GhosteryRegistryProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\windows-kb890830-v4.0-delta.exe
c:\15f49d79c05344e4f6d4044c6d55\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ghostery Add-On: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [KBD] "c:\hp\kbd\KbdStub.EXE"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghoste ... ostery.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{176AA2CC-1C1A-41BD-8334-0DEA79F5EB0B} : DhcpNameServer = 192.168.2.1 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - c:\program files\ghosteryieplugin\GhosteryMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael peterson\appdata\roaming\mozilla\firefox\profiles\3hwkct86.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\citrix\streaming client\nprade.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\michael peterson\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-6 64512]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301010.003\SymDS.sys [2011-9-21 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301010.003\SymEFA.sys [2011-9-21 897656]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301010.003\ccSetx86.sys [2011-9-21 132744]
R1 cdfdrv;cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [2010-1-19 31280]
R1 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [2010-9-1 57976]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20110924.030\IDSvix86.sys [2011-9-26 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301010.003\Ironx86.sys [2011-9-21 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1301010.003\symnets.sys [2011-9-21 314488]
R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [2010-9-1 200312]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.1.3\ccSvcHst.exe [2011-9-21 138760]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.6\ccSvcHst.exe [2011-9-21 130000]
R2 RadeHlprSvc;Citrix Streaming Helper Service;c:\program files\citrix\streaming client\RadeHlprSvc.exe [2010-9-10 120232]
R2 RadeSvc;Citrix Streaming Service;c:\program files\citrix\streaming client\RadeSvc.exe [2010-9-10 886176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-21 105592]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-17 136176]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-17 136176]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-7 52224]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-23 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
9/27/2011 18:39 -------- d-----w- C:\15f49d79c05344e4f6d4044c6d55
9/27/2011 18:16 -------- d-----w- c:\users\michael peterson\appdata\local\{0FA0FD75-29FF-48A8-8FA4-FE5FDFB07E03}
9/27/2011 18:16 -------- d-----w- c:\users\michael peterson\appdata\local\{3B441613-68A3-427F-996D-680246032B76}
9/27/2011 18:16 -------- d-----w- c:\users\michael peterson\appdata\local\{030FCD2D-70CB-4144-94C5-4E01F665C598}
9/21/2011 23:01 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
9/21/2011 19:20 -------- d-----w- c:\users\michael peterson\appdata\local\NPE
9/21/2011 18:22 314488 ----a-r- c:\windows\system32\drivers\nis\1301010.003\symnets.sys
9/21/2011 18:22 897656 ----a-r- c:\windows\system32\drivers\nis\1301010.003\SymEFA.sys
9/21/2011 18:22 566904 ----a-r- c:\windows\system32\drivers\nis\1301010.003\srtsp.sys
9/21/2011 18:22 340088 ----a-r- c:\windows\system32\drivers\nis\1301010.003\SymDS.sys
9/21/2011 18:22 31864 ----a-r- c:\windows\system32\drivers\nis\1301010.003\srtspx.sys
9/21/2011 18:22 149624 ----a-r- c:\windows\system32\drivers\nis\1301010.003\Ironx86.sys
9/21/2011 18:22 132744 ----a-r- c:\windows\system32\drivers\nis\1301010.003\ccSetx86.sys
9/21/2011 18:22 2801 ----a-r- c:\windows\system32\drivers\nis\1301010.003\SymVTcer.dat
9/21/2011 18:22 -------- d-----w- c:\windows\system32\drivers\nis\1301010.003
9/21/2011 18:04 -------- d-----w- c:\users\michael peterson\appdata\roaming\Tific
9/21/2011 17:58 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
9/21/2011 17:58 -------- d-----w- c:\program files\Symantec
9/21/2011 17:57 -------- d-----w- c:\windows\system32\drivers\NIS
9/21/2011 17:57 -------- d-----w- c:\program files\Norton Internet Security
9/21/2011 17:51 -------- d-----w- c:\windows\system32\drivers\nst\0102000.006
9/21/2011 17:51 -------- d-----w- c:\windows\system32\drivers\NST
9/21/2011 17:51 -------- d-----w- c:\program files\Norton Safe Web Lite
9/6/2011 22:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
9/6/2011 22:30 -------- d-----w- c:\program files\Lavasoft
9/2/2011 1:53 -------- d-----w- c:\program files\GhosteryIEplugin
9/1/2011 20:12 -------- d-----w- c:\users\michael peterson\appdata\local\{C0044D30-F5B4-4E76-9FB7-307AA5DB4040}
9/1/2011 20:12 -------- d-----w- c:\users\michael peterson\appdata\local\{77B5B013-FFBD-4338-82A1-85C4BDB2E77A}
9/1/2011 20:06 -------- d-----w- c:\windows\en
9/1/2011 20:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
9/1/2011 20:02 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
9/1/2011 20:02 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
9/1/2011 20:02 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
9/1/2011 20:02 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
9/1/2011 20:02 15712 ----a-w- c:\program files\common files\windows live\.cache\49570f01cc68e207\MeshBetaRemover.exe
9/1/2011 20:01 94040 ----a-w- c:\program files\common files\windows live\.cache\18fd2101cc68e206\DSETUP.dll
9/1/2011 20:01 525656 ----a-w- c:\program files\common files\windows live\.cache\18fd2101cc68e206\DXSETUP.exe
9/1/2011 20:01 1691480 ----a-w- c:\program files\common files\windows live\.cache\18fd2101cc68e206\dsetup32.dll
9/1/2011 20:01 94040 ----a-w- c:\program files\common files\windows live\.cache\fe830f101cc68e105\DSETUP.dll
9/1/2011 20:01 525656 ----a-w- c:\program files\common files\windows live\.cache\fe830f101cc68e105\DXSETUP.exe
9/1/2011 20:01 1691480 ----a-w- c:\program files\common files\windows live\.cache\fe830f101cc68e105\dsetup32.dll
9/1/2011 20:01 -------- d-----w- c:\users\michael peterson\appdata\local\Windows Live
9/1/2011 20:01 -------- d-----w- c:\program files\common files\Windows Live
9/1/2011 19:59 -------- d-----w- c:\users\michael peterson\appdata\local\{193B5C90-FA6C-4BF2-93B5-8CA8F0ABAFBD}
8/29/2011 15:37 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
9/10/2011 15:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
8/7/2011 17:27 106496 ----a-w- c:\windows\system32\ATL71.DLL
7/22/2011 2:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
7/22/2011 2:48 1126912 ----a-w- c:\windows\system32\wininet.dll
7/22/2011 2:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
7/16/2011 4:27 290816 ----a-w- c:\windows\system32\KernelBase.dll
7/16/2011 2:17 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
7/16/2011 2:17 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
7/16/2011 2:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
7/16/2011 2:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
7/13/2011 4:02 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
7/9/2011 2:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 14:48:39.00 ===============
NIS 2012 qurantine report:

Full Path: c:\program files\motorola\motoconnectservice\installfile\installservice.exe
____________________________
____________________________
On computers as of Not Available
Last Used 9/21/2011 at 3:34:46 PM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________

____________________________
File Actions
File: c:\program files\motorola\motoconnectservice\installfile\installservice.exe
Removed
File: c:\program files\motorola\motoconnectservice\installfile\uninstallservice.exe
Removed
____________________________
File Thumbprint - SHA:
8018ff9aceeb0c42520dd790652480e49ab95f9732cbffcd42948b250e3eb107
____________________________
File Thumbprint - MD5:
d83fa0b99fb5748b1c4b1e1ae913703f
____________________________
junkdaddy
Active Member
 
Posts: 12
Joined: September 21st, 2011, 6:39 pm

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby junkdaddy » September 27th, 2011, 2:49 pm

sorry....here you go. the attach.txt

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Michael Peterson at 14:47:40 on 2011-09-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3006.1516 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\Streaming Client\RadeSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehRecvr.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\GhosteryIEplugin\GhosteryRegistryProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\windows-kb890830-v4.0-delta.exe
c:\15f49d79c05344e4f6d4044c6d55\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ghostery Add-On: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [KBD] "c:\hp\kbd\KbdStub.EXE"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghoste ... ostery.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{176AA2CC-1C1A-41BD-8334-0DEA79F5EB0B} : DhcpNameServer = 192.168.2.1 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - c:\program files\ghosteryieplugin\GhosteryMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael peterson\appdata\roaming\mozilla\firefox\profiles\3hwkct86.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\citrix\streaming client\nprade.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\michael peterson\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-6 64512]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301010.003\SymDS.sys [2011-9-21 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301010.003\SymEFA.sys [2011-9-21 897656]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301010.003\ccSetx86.sys [2011-9-21 132744]
R1 cdfdrv;cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [2010-1-19 31280]
R1 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [2010-9-1 57976]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20110924.030\IDSvix86.sys [2011-9-26 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301010.003\Ironx86.sys [2011-9-21 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1301010.003\symnets.sys [2011-9-21 314488]
R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [2010-9-1 200312]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.1.3\ccSvcHst.exe [2011-9-21 138760]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.6\ccSvcHst.exe [2011-9-21 130000]
R2 RadeHlprSvc;Citrix Streaming Helper Service;c:\program files\citrix\streaming client\RadeHlprSvc.exe [2010-9-10 120232]
R2 RadeSvc;Citrix Streaming Service;c:\program files\citrix\streaming client\RadeSvc.exe [2010-9-10 886176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-21 105592]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-17 136176]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-17 136176]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-7 52224]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-23 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
9/27/2011 18:39 -------- d-----w- C:\15f49d79c05344e4f6d4044c6d55
9/27/2011 18:16 -------- d-----w- c:\users\michael peterson\appdata\local\{0FA0FD75-29FF-48A8-8FA4-FE5FDFB07E03}
9/27/2011 18:16 -------- d-----w- c:\users\michael peterson\appdata\local\{3B441613-68A3-427F-996D-680246032B76}
9/27/2011 18:16 -------- d-----w- c:\users\michael peterson\appdata\local\{030FCD2D-70CB-4144-94C5-4E01F665C598}
9/21/2011 23:01 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
9/21/2011 19:20 -------- d-----w- c:\users\michael peterson\appdata\local\NPE
9/21/2011 18:22 314488 ----a-r- c:\windows\system32\drivers\nis\1301010.003\symnets.sys
9/21/2011 18:22 897656 ----a-r- c:\windows\system32\drivers\nis\1301010.003\SymEFA.sys
9/21/2011 18:22 566904 ----a-r- c:\windows\system32\drivers\nis\1301010.003\srtsp.sys
9/21/2011 18:22 340088 ----a-r- c:\windows\system32\drivers\nis\1301010.003\SymDS.sys
9/21/2011 18:22 31864 ----a-r- c:\windows\system32\drivers\nis\1301010.003\srtspx.sys
9/21/2011 18:22 149624 ----a-r- c:\windows\system32\drivers\nis\1301010.003\Ironx86.sys
9/21/2011 18:22 132744 ----a-r- c:\windows\system32\drivers\nis\1301010.003\ccSetx86.sys
9/21/2011 18:22 2801 ----a-r- c:\windows\system32\drivers\nis\1301010.003\SymVTcer.dat
9/21/2011 18:22 -------- d-----w- c:\windows\system32\drivers\nis\1301010.003
9/21/2011 18:04 -------- d-----w- c:\users\michael peterson\appdata\roaming\Tific
9/21/2011 17:58 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
9/21/2011 17:58 -------- d-----w- c:\program files\Symantec
9/21/2011 17:57 -------- d-----w- c:\windows\system32\drivers\NIS
9/21/2011 17:57 -------- d-----w- c:\program files\Norton Internet Security
9/21/2011 17:51 -------- d-----w- c:\windows\system32\drivers\nst\0102000.006
9/21/2011 17:51 -------- d-----w- c:\windows\system32\drivers\NST
9/21/2011 17:51 -------- d-----w- c:\program files\Norton Safe Web Lite
9/6/2011 22:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
9/6/2011 22:30 -------- d-----w- c:\program files\Lavasoft
9/2/2011 1:53 -------- d-----w- c:\program files\GhosteryIEplugin
9/1/2011 20:12 -------- d-----w- c:\users\michael peterson\appdata\local\{C0044D30-F5B4-4E76-9FB7-307AA5DB4040}
9/1/2011 20:12 -------- d-----w- c:\users\michael peterson\appdata\local\{77B5B013-FFBD-4338-82A1-85C4BDB2E77A}
9/1/2011 20:06 -------- d-----w- c:\windows\en
9/1/2011 20:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
9/1/2011 20:02 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
9/1/2011 20:02 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
9/1/2011 20:02 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
9/1/2011 20:02 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
9/1/2011 20:02 15712 ----a-w- c:\program files\common files\windows live\.cache\49570f01cc68e207\MeshBetaRemover.exe
9/1/2011 20:01 94040 ----a-w- c:\program files\common files\windows live\.cache\18fd2101cc68e206\DSETUP.dll
9/1/2011 20:01 525656 ----a-w- c:\program files\common files\windows live\.cache\18fd2101cc68e206\DXSETUP.exe
9/1/2011 20:01 1691480 ----a-w- c:\program files\common files\windows live\.cache\18fd2101cc68e206\dsetup32.dll
9/1/2011 20:01 94040 ----a-w- c:\program files\common files\windows live\.cache\fe830f101cc68e105\DSETUP.dll
9/1/2011 20:01 525656 ----a-w- c:\program files\common files\windows live\.cache\fe830f101cc68e105\DXSETUP.exe
9/1/2011 20:01 1691480 ----a-w- c:\program files\common files\windows live\.cache\fe830f101cc68e105\dsetup32.dll
9/1/2011 20:01 -------- d-----w- c:\users\michael peterson\appdata\local\Windows Live
9/1/2011 20:01 -------- d-----w- c:\program files\common files\Windows Live
9/1/2011 19:59 -------- d-----w- c:\users\michael peterson\appdata\local\{193B5C90-FA6C-4BF2-93B5-8CA8F0ABAFBD}
8/29/2011 15:37 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
9/10/2011 15:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
8/7/2011 17:27 106496 ----a-w- c:\windows\system32\ATL71.DLL
7/22/2011 2:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
7/22/2011 2:48 1126912 ----a-w- c:\windows\system32\wininet.dll
7/22/2011 2:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
7/16/2011 4:27 290816 ----a-w- c:\windows\system32\KernelBase.dll
7/16/2011 2:17 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
7/16/2011 2:17 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
7/16/2011 2:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
7/16/2011 2:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
7/13/2011 4:02 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
7/9/2011 2:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 14:48:39.00 ===============
NIS 2012 qurantine report:

Full Path: c:\program files\motorola\motoconnectservice\installfile\installservice.exe
____________________________
____________________________
On computers as of Not Available
Last Used 9/21/2011 at 3:34:46 PM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________

____________________________
File Actions
File: c:\program files\motorola\motoconnectservice\installfile\installservice.exe
Removed
File: c:\program files\motorola\motoconnectservice\installfile\uninstallservice.exe
Removed
____________________________
File Thumbprint - SHA:
8018ff9aceeb0c42520dd790652480e49ab95f9732cbffcd42948b250e3eb107
____________________________
File Thumbprint - MD5:
d83fa0b99fb5748b1c4b1e1ae913703f
____________________________
junkdaddy
Active Member
 
Posts: 12
Joined: September 21st, 2011, 6:39 pm

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby melboy » September 27th, 2011, 3:00 pm

Hi

What you have posted is DDS.txt I need to see attach.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby junkdaddy » September 27th, 2011, 3:10 pm

the new post is the attach file. the previous one was the DDS file
junkdaddy
Active Member
 
Posts: 12
Joined: September 21st, 2011, 6:39 pm

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby melboy » September 27th, 2011, 3:18 pm

Hi

All the logs are DDS.txt, I can assure you. ;)

attach.txt, amongst other things will show an installed programs list.

If you do not have attach.txt to post, rerun DDS and post the fresh logs.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby junkdaddy » September 27th, 2011, 5:30 pm

i have posted the 2 logs that are generated by the DDS program below:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/22/2011 8:06:10 PM
System Uptime: 9/27/2011 1:42:21 PM (3 hours ago)
.
Motherboard: ECS | | Nettle2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ | Socket AM2 | 2800/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 361.726 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 0.805 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP69: 9/6/2011 4:17:27 PM - Windows Update
RP70: 9/6/2011 4:26:24 PM - Installed Ad-Aware
RP71: 9/6/2011 6:29:57 PM - Installed Ad-Aware
RP72: 9/15/2011 4:34:46 PM - Scheduled Checkpoint
RP73: 9/15/2011 6:04:03 PM - Windows Update
RP74: 9/21/2011 4:04:57 PM - Removed MotoConnect
RP75: 9/21/2011 4:06:21 PM - Removed Motorola Driver Installation 4.6.0
RP76: 9/21/2011 4:06:56 PM - Removed MotoConnect
RP77: 9/21/2011 4:08:31 PM - Removed MotoConnect
RP78: 9/21/2011 4:49:40 PM - Removed MotoConnect
RP79: 9/21/2011 4:52:44 PM - Removed MotoConnect
RP80: 9/21/2011 4:54:28 PM - Removed MotoConnect
RP81: 9/27/2011 2:38:37 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
ArcSoft Panorama Maker 3
Atomic Clock Sync
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
CCleaner
Citrix offline plug-in
Citrix online plug-in
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (PNA)
Citrix online plug-in (SSON)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Coupon Printer for Windows
D3DX10
Enhanced Multimedia Keyboard Solution
Ghostery IE Plugin
Google Earth Plug-in
Google Update Helper
HP Active Support Library 32 bit components
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 3.5
HP Picasso Media Center Add-In
HP Product Detection
HP Support Assistant
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
Internet TV for Windows Media Center
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 24
Lexmark 2500 Series
LightScribe 1.4.142.1
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MotoConnect
MotoHelper MergeModules
Mozilla Firefox 6.0.2 (x86 en-US)
Mozilla Thunderbird (5.0)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
My HP Games
Nikon Message Center 2
Norton Internet Security
Norton Safe Web Lite
NVIDIA Control Panel 260.99
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
OGA Notifier 2.0.0048.0
Picture Control Utility
PlayReady PC Runtime x86
PSSWCORE
PVSonyDll
Python 2.4.3
Quicken 2011
Quicken WillMaker Plus 2011
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
SAMSUNG PC Share Manager
Sansa Updater
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
Soft Data Fax Modem with SmartCP
Spelling Dictionaries Support For Adobe Reader 9
Symantec Technical Support Web Controls
System Requirements Lab
TBS WMP Plug-in
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnciper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnciper
TurboTax 2009 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553110)
ViewNX 2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WexTech AnswerWorks
WILLPower v6
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/27/2011 1:43:01 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
9/27/2011 1:42:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService service to connect.
9/27/2011 1:42:54 PM, Error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/26/2011 6:32:43 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MICHAEL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{176AA2CC-1C1A-41BD-8334-0DEA79F. The master browser is stopping or an election is being forced.
9/22/2011 3:45:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/22/2011 3:45:11 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Michael Peterson at 16:37:43 on 2011-09-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3006.1408 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\Streaming Client\RadeSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehRecvr.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DXPServer.exe
C:\Windows\system32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Michael Peterson\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\GhosteryIEplugin\GhosteryRegistryProxy.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ghostery Add-On: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SansaDispatch] c:\users\michael peterson\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [KBD] "c:\hp\kbd\KbdStub.EXE"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObject.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghoste ... ostery.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{176AA2CC-1C1A-41BD-8334-0DEA79F5EB0B} : DhcpNameServer = 192.168.2.1 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - c:\program files\ghosteryieplugin\GhosteryMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael peterson\appdata\roaming\mozilla\firefox\profiles\3hwkct86.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\citrix\streaming client\nprade.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\michael peterson\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-6 64512]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301010.003\SymDS.sys [2011-9-21 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301010.003\SymEFA.sys [2011-9-21 897656]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-26 816760]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301010.003\ccSetx86.sys [2011-9-21 132744]
R1 cdfdrv;cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [2010-1-19 31280]
R1 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [2010-9-1 57976]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20110924.030\IDSvix86.sys [2011-9-26 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301010.003\Ironx86.sys [2011-9-21 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1301010.003\symnets.sys [2011-9-21 314488]
R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [2010-9-1 200312]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.1.3\ccSvcHst.exe [2011-9-21 138760]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.6\ccSvcHst.exe [2011-9-21 130000]
R2 RadeHlprSvc;Citrix Streaming Helper Service;c:\program files\citrix\streaming client\RadeHlprSvc.exe [2010-9-10 120232]
R2 RadeSvc;Citrix Streaming Service;c:\program files\citrix\streaming client\RadeSvc.exe [2010-9-10 886176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-21 105592]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-17 136176]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-17 136176]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-7 52224]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-23 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
9/27/2011 19:08 -------- d-----w- c:\users\michael peterson\appdata\roaming\SanDisk
9/27/2011 18:16 -------- d-----w- c:\users\michael peterson\appdata\local\{0FA0FD75-29FF-48A8-8FA4-FE5FDFB07E03}
9/27/2011 18:16 -------- d-----w- c:\users\michael peterson\appdata\local\{3B441613-68A3-427F-996D-680246032B76}
9/27/2011 18:16 -------- d-----w- c:\users\michael peterson\appdata\local\{030FCD2D-70CB-4144-94C5-4E01F665C598}
9/21/2011 23:01 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
9/21/2011 19:20 -------- d-----w- c:\users\michael peterson\appdata\local\NPE
9/21/2011 18:22 314488 ----a-r- c:\windows\system32\drivers\nis\1301010.003\symnets.sys
9/21/2011 18:22 897656 ----a-r- c:\windows\system32\drivers\nis\1301010.003\SymEFA.sys
9/21/2011 18:22 566904 ----a-r- c:\windows\system32\drivers\nis\1301010.003\srtsp.sys
9/21/2011 18:22 340088 ----a-r- c:\windows\system32\drivers\nis\1301010.003\SymDS.sys
9/21/2011 18:22 31864 ----a-r- c:\windows\system32\drivers\nis\1301010.003\srtspx.sys
9/21/2011 18:22 149624 ----a-r- c:\windows\system32\drivers\nis\1301010.003\Ironx86.sys
9/21/2011 18:22 132744 ----a-r- c:\windows\system32\drivers\nis\1301010.003\ccSetx86.sys
9/21/2011 18:22 2801 ----a-r- c:\windows\system32\drivers\nis\1301010.003\SymVTcer.dat
9/21/2011 18:22 -------- d-----w- c:\windows\system32\drivers\nis\1301010.003
9/21/2011 18:04 -------- d-----w- c:\users\michael peterson\appdata\roaming\Tific
9/21/2011 17:58 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
9/21/2011 17:58 -------- d-----w- c:\program files\Symantec
9/21/2011 17:57 -------- d-----w- c:\windows\system32\drivers\NIS
9/21/2011 17:57 -------- d-----w- c:\program files\Norton Internet Security
9/21/2011 17:51 -------- d-----w- c:\windows\system32\drivers\nst\0102000.006
9/21/2011 17:51 -------- d-----w- c:\windows\system32\drivers\NST
9/21/2011 17:51 -------- d-----w- c:\program files\Norton Safe Web Lite
9/6/2011 22:31 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
9/6/2011 22:30 -------- d-----w- c:\program files\Lavasoft
9/2/2011 1:53 -------- d-----w- c:\program files\GhosteryIEplugin
9/1/2011 20:12 -------- d-----w- c:\users\michael peterson\appdata\local\{C0044D30-F5B4-4E76-9FB7-307AA5DB4040}
9/1/2011 20:12 -------- d-----w- c:\users\michael peterson\appdata\local\{77B5B013-FFBD-4338-82A1-85C4BDB2E77A}
9/1/2011 20:06 -------- d-----w- c:\windows\en
9/1/2011 20:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
9/1/2011 20:02 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
9/1/2011 20:02 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
9/1/2011 20:02 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
9/1/2011 20:02 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
9/1/2011 20:02 15712 ----a-w- c:\program files\common files\windows live\.cache\49570f01cc68e207\MeshBetaRemover.exe
9/1/2011 20:01 94040 ----a-w- c:\program files\common files\windows live\.cache\18fd2101cc68e206\DSETUP.dll
9/1/2011 20:01 525656 ----a-w- c:\program files\common files\windows live\.cache\18fd2101cc68e206\DXSETUP.exe
9/1/2011 20:01 1691480 ----a-w- c:\program files\common files\windows live\.cache\18fd2101cc68e206\dsetup32.dll
9/1/2011 20:01 94040 ----a-w- c:\program files\common files\windows live\.cache\fe830f101cc68e105\DSETUP.dll
9/1/2011 20:01 525656 ----a-w- c:\program files\common files\windows live\.cache\fe830f101cc68e105\DXSETUP.exe
9/1/2011 20:01 1691480 ----a-w- c:\program files\common files\windows live\.cache\fe830f101cc68e105\dsetup32.dll
9/1/2011 20:01 -------- d-----w- c:\users\michael peterson\appdata\local\Windows Live
9/1/2011 20:01 -------- d-----w- c:\program files\common files\Windows Live
9/1/2011 19:59 -------- d-----w- c:\users\michael peterson\appdata\local\{193B5C90-FA6C-4BF2-93B5-8CA8F0ABAFBD}
8/29/2011 15:37 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
9/10/2011 15:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
8/7/2011 17:27 106496 ----a-w- c:\windows\system32\ATL71.DLL
7/22/2011 2:54 1797632 ----a-w- c:\windows\system32\jscript9.dll
7/22/2011 2:48 1126912 ----a-w- c:\windows\system32\wininet.dll
7/22/2011 2:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
7/16/2011 4:27 290816 ----a-w- c:\windows\system32\KernelBase.dll
7/16/2011 2:17 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
7/16/2011 2:17 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
7/16/2011 2:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
7/16/2011 2:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
7/13/2011 4:02 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
7/9/2011 2:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 16:38:39.68 ===============
junkdaddy
Active Member
 
Posts: 12
Joined: September 21st, 2011, 6:39 pm

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby junkdaddy » September 27th, 2011, 8:06 pm

MELBOY....my apologies. This issue is on both my desktop and laptop. The post above is for my desktop. When we finish with desktop, i'd appreciate your help on my laptop as well. thank you
junkdaddy
Active Member
 
Posts: 12
Joined: September 21st, 2011, 6:39 pm

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby melboy » September 28th, 2011, 7:59 am

Hi

Taking a look at the file and having read your thread on the Symantec/Norton Forums I do believe these are false positives. We'll run a couple of alternative scans to see what they find, if anything.


Create a System Restore Point

  • Right-click on Computer ... select Properties.
  • In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select System Protection
  • Under Protection Settings, click the disk (C:) and then click Configure
  • Click Restore system settings and previous versions of files
  • Click Apply > OK
  • Click Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
  • A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click Apply > OK ...then close the System Restore dialog.

Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.



TFC

Please download TFC by Old Timer to your desktop,

  • Save any unsaved work. TFC will close all open application windows.
  • Right click on TFC.exe and select "Run as Administrator"
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarbytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop. (mbam-setup-1.51.2.1300.exe 9.39mb)

  • Right click on mbam-setup.exe and select Run as Administrator and then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Select to the Scanner tab, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

The log can also be found here:
  1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  2. Or via the Logs tab when the application is started.
Please post that log back here.



ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby junkdaddy » September 28th, 2011, 7:56 pm

ESET SCANNER FOUND NO THREATS AS WELL.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7820

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

9/28/2011 16:26
mbam-log-2011-09-28 (16-26-51).txt

Scan type: Quick scan
Objects scanned: 207222
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

so looks like false positives on my desktop. can we move to my laptop now?
junkdaddy
Active Member
 
Posts: 12
Joined: September 21st, 2011, 6:39 pm

Re: WS.Trojan.H HELP! How do I get rid of this?

Unread postby melboy » September 28th, 2011, 8:01 pm

Hi

Yes, follow the same instructions and post the same logs for the laptop (Including DDS.txt and Attach.txt).
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware