My original problem was after my McAfee expired with my Comcast service. I tried to sign up for their new security package and noticed there was a screen that said Symantec was unavailable. I soon noticed that I was denied access to most major security websites. Now when I do a search in firefox I am redirected to a different site totally unrelated to the site address I clicked on.
I downloaded HiJackThis after several attempts on different websites. I tried to fix several items but after rebooting they reappear on a new scan.
Airscape got me to the point were I could finally download Norton’s new Security suite and I thought I was “good to go”. Airscape stated “The pc isn't clean yet, if you still need help post the TDSSKiller and Security Check logs you ran previously, otherwise let me know.” We have run quite a few scans after that and I don’t think we are getting anywhere and now I have “timed out” after 3 days
I‘ve included the logs he asked me to run below, if anyone can be of any help. Can you see from the logs Airscape asked for if the PC is still infected?
Thanks,
John
ComboFix log
ComboFix 10-06-27.02 - Johnny Pants 06/27/2010 18:47:21.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.677 [GMT -5:00]
Running from: c:\documents and settings\Johnny Pants\My Documents\downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Johnny Pants\Desktop\CFScript.txt
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FILE ::
"c:\documents and settings\All Users\Application Data\2cV2301.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\!KillBox
c:\!killbox\Logs\kb.log
c:\documents and settings\All Users\Application Data\2cV2301.dat
c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\All Users\Application Data\McAfee\dspwrp\SmartMessaging.db
c:\documents and settings\All Users\Application Data\McAfee\MBK\Exceptions.txt
c:\documents and settings\All Users\Application Data\McAfee\MBK\MbkUsrPath
c:\documents and settings\All Users\Application Data\McAfee\MBK\UserBindingInfo.xml
c:\documents and settings\All Users\Application Data\McAfee\MSC\Cache\McSubDB.Bak
c:\documents and settings\All Users\Application Data\McAfee\MSC\mcifolog.log
c:\documents and settings\All Users\Application Data\McAfee\MSC\mcini.ini
c:\documents and settings\All Users\Application Data\McAfee\MSC\McSubDB.Dat
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Configuration.ini
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.041015-2042.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.041015-2045.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.050519-0508.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.050519-0517.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.050519-1706.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.050519-1709.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060916-1603.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060916-1603.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060917-1349.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060917-1354.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061130-2032.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061130-2038.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061205-2140.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061205-2141.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061206-1642.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061206-1647.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061206-1654.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061206-1704.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061206-2149.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061207-1253.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061207-1337.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061207-1343.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061207-1350.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061207-1359.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061207-2008.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061207-2010.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061227-1819.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061227-1824.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061227-1831.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061227-1841.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061230-2139.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061230-2139.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061230-2142.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.061230-2148.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070107-1137.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070107-1144.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070107-1340.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070107-1352.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070204-1339.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070204-1346.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070205-1133.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070205-1145.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070816-0552.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070829-2135.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.070829-2135.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.071206-1540.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.071206-1540.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080828-1024.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080828-1041.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100602-1612.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100602-1710.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100602-2209.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100602-2210.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100602-2213.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100602-2316.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-0643.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-0904.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-1040.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-1302.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-1902.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-1950.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-2033.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-2133.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-2234.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-2238.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100603-2339.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100604-1104.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100604-1104.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100604-1335.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100604-1540.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100606-2020.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100606-2021.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100607-0638.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100607-0849.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.041015-2121.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060917-1507.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.061206-1651.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.061207-1348.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.061207-1419.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.061227-1827.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.061230-2153.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.070107-1322.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.070205-1131.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.100603-0624.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.100603-0942.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.100603-1853.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.100603-1854.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.100603-1858.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.100603-2116.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.100604-0643.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.100604-2135.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Include errors.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Resident.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Update downloads.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\ProcCache.sbc
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRotator.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRotator1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService10.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService11.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService12.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService13.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService14.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService15.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService16.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService17.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService18.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService19.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService20.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService21.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService22.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService23.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService24.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService25.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService26.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService27.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService28.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService29.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService30.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService31.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService32.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService33.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService34.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService35.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService36.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService37.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService38.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService39.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService40.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService41.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService42.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService43.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService44.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService6.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService7.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService8.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService9.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CouponBar.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CouponBar1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CouponBar2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CouponBar3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CouponBar4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CouponBar5.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CouponBar6.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntimalwareDoctor.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntimalwareDoctor1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MaxFiles.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Opachkiru.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Opachkiru1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Opachkiru2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Overview.ini
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchPixieBar.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentieu.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoad.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoad1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoad2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WurldMedia.zip
c:\documents and settings\Johnny Pants\Application Data\Lavasoft
c:\program files\Common Files\Real\Update_OB\bak
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\Common Files\Sonic\Update Manager\bak
c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
c:\program files\Coupons
c:\program files\Coupons\uninstall.exe
c:\program files\Coupons\Uninstall\Verdana_1.FON
c:\program files\Dell\Media Experience\bak
c:\program files\Dell\Media Experience\bak\PCMService.exe
c:\program files\Lavasoft
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe
c:\program files\QuickTime\bak
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\Help\English.Resident.chm
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Symantec_Client_Security\Symantec AntiVirus\bak
c:\program files\Symantec_Client_Security\Symantec AntiVirus\bak\vptray.exe
c:\program files\Visual Networks\Visual IP InSight\SBC\bak
c:\program files\Visual Networks\Visual IP InSight\SBC\bak\IPClient.exe
c:\program files\Visual Networks\Visual IP InSight\SBC\bak\IPMon32.exe
c:\windows\bak
c:\windows\bak\MXOaldr.exe
c:\windows\Sm9obm55IFBhbnRz
c:\windows\SYSTEM32\bak
c:\windows\SYSTEM32\bak\ctfmon.exe
c:\windows\SYSTEM32\bak\hkcmd.exe
c:\windows\SYSTEM32\bak\igfxtray.exe
c:\windows\SYSTEM32\bak\taskswitch.exe
c:\windows\SYSTEM32\dla\bak
c:\windows\SYSTEM32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kkkkk
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.
2010-06-10 12:13 . 2010-06-10 12:13 -------- d-----w- C:\N360_BACKUP
2010-06-10 12:04 . 2010-06-10 12:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-10 12:04 . 2010-06-10 12:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-10 12:04 . 2010-06-10 12:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-10 12:04 . 2010-06-10 17:59 -------- d-----w- c:\windows\system32\drivers\N360
2010-06-10 12:04 . 2010-06-10 12:04 -------- d-----w- c:\program files\Norton Security Suite
2010-06-10 12:04 . 2010-06-10 12:04 -------- d-----w- c:\program files\Windows Sidebar
2010-06-10 12:01 . 2010-06-10 12:01 -------- d-----w- c:\program files\NortonInstaller
2010-06-10 12:01 . 2010-06-10 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-08 11:52 . 2010-06-08 11:52 -------- d-----w- c:\documents and settings\Johnny Pants\Application Data\Malwarebytes
2010-06-08 11:52 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-08 11:52 . 2010-06-08 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-08 11:52 . 2010-06-08 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 11:52 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 14:02 . 2010-06-07 14:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-07 12:45 . 2010-06-07 12:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-07 12:45 . 2010-06-07 12:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-02 20:20 . 2010-06-10 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-02 20:19 . 2010-06-02 20:54 -------- d-----w- c:\documents and settings\Johnny Pants\Local Settings\Application Data\NPE
2010-06-02 14:27 . 2010-06-02 15:55 -------- d-----w- c:\documents and settings\Johnny Pants\SecurityScans
2010-06-02 02:50 . 2010-06-02 17:36 -------- d-----w- C:\System Volume Information2
2010-06-01 20:29 . 2010-06-01 20:29 -------- d-----w- c:\program files\Trend Micro
2010-06-01 19:29 . 2010-06-01 19:29 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-06-01 19:28 . 2010-06-01 19:28 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-01 15:50 . 2004-08-04 05:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-06-01 15:50 . 2004-08-04 05:59 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-06-01 15:49 . 2004-08-04 06:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-06-01 15:49 . 2004-08-04 06:00 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 04:06 . 2004-04-10 16:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-10 12:04 . 2004-06-12 03:13 -------- d-----w- c:\program files\Symantec
2010-06-10 12:04 . 2010-06-10 12:04 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-10 12:04 . 2010-06-10 12:04 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-10 11:31 . 2002-08-29 07:27 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-06-08 11:17 . 2004-03-23 14:08 -------- d-----w- c:\program files\Java
2010-06-07 12:46 . 2007-09-23 23:40 -------- d-----w- c:\program files\Google
2010-06-02 17:33 . 2007-10-23 18:08 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-01 20:29 . 2010-06-01 20:29 388096 ----a-r- c:\documents and settings\Johnny Pants\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-01 18:46 . 2005-09-25 20:18 -------- d-----w- c:\program files\SpywareBlaster
2010-06-01 16:42 . 2010-05-21 19:31 -------- d-----w- c:\program files\Carbonite
2010-05-21 19:36 . 2007-02-12 20:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-21 19:35 . 2010-05-21 19:35 -------- d-----w- c:\program files\Seagate
2010-05-21 19:35 . 2010-05-21 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-05-21 19:31 . 2010-05-21 19:31 -------- d-----w- c:\program files\MSXML 6.0
2010-05-02 05:56 . 2002-08-29 11:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 09:57 . 2009-11-25 01:26 79488 ----a-w- c:\documents and settings\Johnny Pants\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-13 09:52 . 2004-04-02 02:56 98960 ----a-w- c:\documents and settings\Johnny Pants\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-04-24 02:29 . 2004-05-30 05:36 450 -c-ha-w- c:\program files\hpothb07.dat
2004-06-01 01:26 . 2004-05-30 05:36 50934 ---ha-w- c:\program files\hpothb07.tif
2004-05-30 05:37 . 2004-05-30 05:37 3005544 ----a-w- c:\program files\wedding card1.tif
2004-05-30 05:36 . 2004-05-30 05:36 9576032 ----a-w- c:\program files\wedding card.tif
2004-05-30 05:35 . 2004-05-30 05:35 9576008 ----a-w- c:\program files\Scan0001.tif
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\FileVOoM Pro\\FileVOoM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symds.sys [6/10/2010 9:43 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symefa.sys [6/10/2010 9:43 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/22/2010 5:36 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\cchpx86.sys [6/10/2010 9:43 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\ironx86.sys [6/10/2010 9:43 AM 116784]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [6/10/2010 9:42 AM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/10/2010 7:22 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100622.001\IDSXpx86.sys [6/22/2010 8:39 PM 331640]
S4 Seti;Seti;c:\windows\seti\SRVANY.EXE [6/11/2004 10:09 PM 13312]
--- Other Services/Drivers In Memory ---
*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder
2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2008-01-04 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4191349867.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Johnny Pants\Application Data\Mozilla\Firefox\Profiles\xikpd5yo.default\
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Johnny Pants\Application Data\Mozilla\Firefox\Profiles\xikpd5yo.default\extensions\{f2257711-226b-4529-8e1d-e82e1c55ebd8}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Johnny Pants\Application Data\Mozilla\Firefox\Profiles\xikpd5yo.default\extensions\{f2257711-226b-4529-8e1d-e82e1c55ebd8}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Johnny Pants\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Johnny Pants\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-27 18:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\SanDisk\Sansa Updater\SansaSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\StartupMonitor.exe
.
**************************************************************************
.
Completion time: 2010-06-27 19:10:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-28 00:10
ComboFix2.txt 2010-06-23 14:58
ComboFix3.txt 2010-06-19 01:09
ComboFix4.txt 2010-06-16 01:40
Pre-Run: 13,691,777,024 bytes free
Post-Run: 13,552,693,248 bytes free
- - End Of File - - 669711902061E2480CEB3F73D118B0BF