EN

The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FORUMS

SEARCH FORUM

Task Manager doesnt work + cant open some websites

Posted 12/12/2008 10:03 PM
#69823
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
Hi, I got some virus that prevent me from opening task manager when I do Ctl+alt+delete or ctl shift escape...When it pops up, it closes right away. There are also some websites that I cant acces and ho... I think the virus prevent me from doing updates (ex: AVG updates, WIndow Updates...)
Here is the highjack this. Hope you can help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:35, on 2008-12-12
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\dan\AppData\Local\Temp\winlogin.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\dan\svchost.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\explorer.exe
C:\Users\dan\AppData\Local\Temp\Low\1052473632.exe
C:\Windows\system32\taskeng.exe
C:\Users\dan\AppData\Local\Temp\Low\2681331744.exe
C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Temp\csrssc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: C:\Windows\system32\jkse73hedfdgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jkse73hedfdgf.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\Users\dan\AppData\Local\Temp\winlogin.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [lphcgurj0en6b] C:\Windows\system32\lphcgurj0en6b.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\dan\svchost.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\Users\dan\AppData\Local\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\Users\dan\AppData\Local\Temp\csrssc.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Connexions HP.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - https://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{05E80307-839B-43DE-B7E0-364E726C7E32}: NameServer = 207.164.234.129 207.164.234.193
O17 - HKLM\System\CS1\Services\Tcpip\..\{05E80307-839B-43DE-B7E0-364E726C7E32}: NameServer = 207.164.234.129 207.164.234.193
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\Windows\system32\jkse73hedfdgf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FCI - Unknown owner - C:\Windows\system32\fci.exe.exe:ext.exe
O23 - Service: Gestionnaire de connexion de base de données de Simple Comptable - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10109 bytes
Posted 12/13/2008 6:38 AM
#69856
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:







Download: CCleaner
[color=#0000ff>https://www.majorgeeks.com/download4191.html[/url]]https://www.ccleaner.com/[/color]

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok


Then click Run Cleaner (bottom right) then Exit

Reboot



Download malwarebyte

https://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968



Save the file as setup.exe


Run the setup.exe file
When it gets to the final step of the installation it will seem like it froze....it hasn't but it will take anywhere from 15mins to an hour to get through that step so just let it do its thing.
Go into the Malware folder in through Program Files
Rename the mbam.exe or what not file to mab.exe and run it.
Do a full computer scan
Check all and remove/fix/delete them.


Restart your computer and post the log


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/14/2008 12:11 AM
#69891
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
Okay, I did all you asked: the Ccleaner and the malwarebyte (I removed all of the quarantined files). Unfortunately, it didn't solve my task manager problem and I still Can't acces some websites. Thanks for your help anyway. Is there something else I can Try?

Here is the Hijackthis report, followed by the Malwarebyte log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:27, on 2008-12-13
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Connexions HP.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{05E80307-839B-43DE-B7E0-364E726C7E32}: NameServer = 207.164.234.129 207.164.234.193
O17 - HKLM\System\CS1\Services\Tcpip\..\{05E80307-839B-43DE-B7E0-364E726C7E32}: NameServer = 207.164.234.129 207.164.234.193
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Gestionnaire de connexion de base de données de Simple Comptable - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8329 bytes



-----------------

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 6.0.6000

2008-12-13 18:41:01
mbam-log-2008-12-13 (18-40-41).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 160672
Time elapsed: 53 minute(s), 31 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 1
Registry Keys Infected: 204
Registry Values Infected: 14
Registry Data Items Infected: 0
Folders Infected: 24
Files Infected: 95

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
C:\Users\dan\AppData\Local\Temp\winlogin.exe (Trojan.Agent) -> No action taken.
C:\Users\dan\svchost.exe (Trojan.Agent) -> No action taken.
C:\Users\dan\AppData\Local\Temp\csrssc.exe (Trojan.Downloader) -> No action taken.

Memory Modules Infected:
C:\Windows\System32\jkse73hedfdgf.dll (Trojan.BHO) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Zlob.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mywebsearchservice (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\browsingenhancer.browserwatcher (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\browsingenhancer.browserwatcher.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\browsingenhancer.pornpro_bho (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\browsingenhancer.pornpro_bho.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\browsingenhancer.precachebrowserhost (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\browsingenhancer.precachebrowserhost.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\videoaccessactivex.Chl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.Zlob.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\host process (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcgurj0en6b (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Online Video Add-on (Trojan.Zlob) -> No action taken.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> No action taken.
C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> No action taken.
C:\ProgramData\ZangoSA (Adware.Zango) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> No action taken.
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.

Files Infected:
C:\Windows\System32\jkse73hedfdgf.dll (Trojan.Zlob.H) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> No action taken.
C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Online Video Add-on\icmntr.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Online Video Add-on\ot.ico (Trojan.Zlob) -> No action taken.
C:\Program Files\Online Video Add-on\ts.ico (Trojan.Zlob) -> No action taken.
C:\Program Files\Online Video Add-on\uninst.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSA.dat (Adware.Zango) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSAau.dat (Adware.Zango) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> No action taken.
C:\ProgramData\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> No action taken.
C:\Users\dan\AppData\Local\Temp\winlogin.exe (Trojan.Agent) -> No action taken.
C:\Users\dan\Setup.exe (Trojan.Agent) -> No action taken.
C:\Users\dan\svchost.exe (Trojan.Agent) -> No action taken.
C:\Users\dan\ctfmon.exe (Trojan.Agent) -> No action taken.
C:\Users\dan\csrss.exe (Trojan.Agent) -> No action taken.
C:\Users\dan\services.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\pac.txt (Malware.Trace) -> No action taken.
C:\Users\dan\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.
C:\Users\dan\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.
C:\Users\dan\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
C:\Users\dan\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.
C:\Users\dan\AppData\Local\Temp\csrssc.exe (Trojan.Downloader) -> No action taken.
C:\Windows\System32\fci.exe.exe (Worm.Zhelatin) -> No action taken.
C:\Users\dan\SA_2008CCPUP1.EXE (Trojan.FakeAlert) -> No action taken.
C:\Users\dan\Favorites\Online Security Test.url (Rogue.Link) -> No action taken.
C:\Users\dan\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Posted 12/15/2008 5:16 AM
#69941
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Run malwarebyte again, and have it to fix what it find.





Please download Combofix:

https://download.bleepingcomputer.com/subs/combofix.exe



And save to the desktop.


Close all other browser windows.



Please connect all your external hard drive/flash drive before running Combofix







Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".



Double-click on the combofix icon found on your desktop.



Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.


When finished, it will produce a logfile located at C:\combofix.txt.


Post the contents of that log in your next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/8/2009 8:02 PM
#70877
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
Hey, it's been a while. I just arrived from my holyday trip so sry if I didnt reply sooner. I did run malwarebyte again and it found nothing else. Then I run combofix and I erased what it found. My problems are still persisting. Here is the logfile:
Thanks for your help.

ComboFix 09-01-07.02 - dan 2009-01-08 12:18:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.290 [GMT -5:00]
Lancé depuis: c:\users\dan\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\dan\AppData\Roaming\WeatherDPA
c:\users\dan\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\users\dan\AppData\Roaming\Zango
c:\windows\Tasks\hxxrxrpr.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 08:33 . 2009-01-05 08:33 167,555,201 --a------ c:\windows\MEMORY.DMP
2008-12-21 22:28 . 2008-12-21 22:28 d-------- c:\program files\BitLord
2008-12-16 19:58 . 2008-12-16 19:58 d-------- c:\program files\Bonjour
2008-12-16 19:57 . 2008-12-16 19:57 d----c--- c:\windows\System32\DRVSTORE
2008-12-16 19:57 . 2008-12-16 19:57 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 19:57 . 2008-12-16 19:57 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 19:57 . 2008-12-16 19:57 d-------- c:\program files\iTunes
2008-12-16 19:57 . 2008-12-16 19:57 d-------- c:\program files\iPod
2008-12-16 19:57 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-12-16 19:57 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-12-16 19:54 . 2008-12-16 19:55 d-------- c:\program files\QuickTime
2008-12-16 19:45 . 2008-12-16 19:45 d-------- c:\program files\Apple Software Update
2008-12-13 23:05 . 2008-12-13 23:10 d-------- c:\users\All Users\Lavasoft
2008-12-13 23:05 . 2008-12-13 23:10 d-------- c:\programdata\Lavasoft
2008-12-13 23:05 . 2008-12-13 23:05 d-------- c:\program files\Lavasoft
2008-12-13 23:05 . 2008-12-13 23:05 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-13 15:19 . 2008-12-13 18:41 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 15:19 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-13 15:19 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-13 15:08 . 2008-12-13 15:08 d-------- c:\users\dan\AppData\Roaming\Malwarebytes
2008-12-13 15:08 . 2008-12-13 15:08 d-------- c:\users\All Users\Malwarebytes
2008-12-13 15:08 . 2008-12-13 15:08 d-------- c:\programdata\Malwarebytes
2008-12-13 13:54 . 2008-12-13 13:54 d-------- c:\program files\CCleaner
2008-12-12 16:58 . 2008-12-12 16:58 d-------- c:\program files\Trend Micro
2008-12-12 14:42 . 2008-12-12 14:42 d-------- c:\users\All Users\Grisoft
2008-12-12 14:42 . 2008-12-12 14:42 d-------- c:\programdata\Grisoft
2008-12-12 13:10 . 2008-12-12 13:10 d-------- c:\windows\CheckSur
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\System32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\System32\dnssd.dll
2008-12-12 02:45 . 2008-12-12 02:45 0 --ah----- C:\ntuser.dat.LOG2
2008-12-12 02:45 . 2008-12-12 02:45 0 --ah----- C:\ntuser.dat.LOG1
2008-12-12 02:45 . 2008-12-12 02:45 0 --a------ C:\ntuser.dat
2008-12-11 21:32 . 2008-12-11 21:31 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-11 20:47 . 2008-12-13 15:22 147,456 --a------ c:\users\dan\vbzip10.dll
2008-12-11 19:53 . 2008-12-11 19:53 0 --a------ C:\~GLHTTP1.TMP
2008-12-11 15:56 . 2008-12-13 11:57 d--hs---- c:\users\dan\'
2008-12-11 15:56 . 2008-12-13 15:22 115,969 --a------ c:\users\dan\a.zip
2008-12-11 15:44 . 2008-12-11 15:44 8,192 --a------ C:\plnktmpb.exe
2008-12-11 15:44 . 2008-12-11 15:44 0 --a------ C:\-1772374567
2008-12-11 15:43 . 2008-12-12 01:19 d-------- c:\windows\System32\whSLD02
2008-12-11 15:43 . 2008-12-11 15:43 d-------- c:\temp\REX81
2008-12-11 15:43 . 2008-12-11 15:43 d-------- C:\Temp
2008-12-11 15:43 . 2008-12-11 15:43 21,504 --a------ C:\kdww.exe
2008-12-11 15:43 . 2008-12-11 15:43 316 --a------ c:\windows\System32\575.bat
2008-12-11 15:13 . 2009-01-07 21:44 16,384 --------- c:\windows\System32\Ikeext.etl
2008-12-10 03:04 . 2008-10-21 18:31 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-09 23:41 . 2008-10-31 18:38 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-09 23:41 . 2008-10-31 22:33 1,687,040 --a------ c:\windows\System32\gameux.dll
2008-12-09 23:41 . 2008-10-31 22:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-09 23:13 . 2008-10-21 00:16 297,472 --a------ c:\windows\System32\gdi32.dll
2008-12-09 23:11 . 2008-10-29 01:20 2,923,520 --a------ c:\windows\explorer.exe
2008-12-09 23:10 . 2008-06-22 20:52 2,855,424 --a------ c:\windows\System32\mf.dll
2008-12-09 23:10 . 2008-06-22 20:52 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-09 23:10 . 2008-06-22 20:52 98,816 --a------ c:\windows\System32\mfps.dll
2008-12-09 23:10 . 2008-06-22 20:52 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 23:10 . 2008-06-22 20:52 52,736 --a------ c:\windows\System32\rrinstaller.exe
2008-12-09 23:10 . 2008-06-22 20:52 24,576 --a------ c:\windows\System32\mfpmp.exe
2008-12-09 23:10 . 2008-06-22 17:34 2,048 --a------ c:\windows\System32\mferror.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 00:57 --------- d-----w c:\program files\Common Files\Apple
2008-12-13 23:44 --------- d-----w c:\program files\MSN Messenger
2008-12-13 20:22 --------- d-----w c:\users\dan\AppData\Roaming\LimeWire
2008-12-12 04:38 --------- d-----w c:\programdata\Yahoo! Companion
2008-12-12 02:31 --------- d-----w c:\program files\Java
2008-12-12 01:39 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-12 00:53 --------- d-----w c:\program files\Yahoo!
2008-12-11 18:00 --------- d-----w c:\programdata\Symantec
2008-12-11 17:59 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-12-11 17:59 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-11 17:59 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-11 17:59 --------- d-----w c:\program files\Symantec
2008-12-11 17:58 --------- d-----w c:\program files\Norton Internet Security
2008-12-10 08:16 174 --sha-w c:\program files\desktop.ini
2008-12-10 08:13 --------- d-----w c:\program files\Windows Mail
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-21 05:16 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 19:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 18:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-16 04:40 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-16 04:40 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-05-26 19:52 164 ----a-w c:\users\dan\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\users\dan\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2007-10-09 38184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Connexions HP.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-09 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2006-11-16 17:59 1480296 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-19 19:48 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-13 17:06 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{92F139A3-B9C8-4ABB-B741-1827023BA183}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{478C19C7-7CBC-4397-96E7-A9101ECAEAC8}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6519C6F7-0FDA-458D-BED2-A8849B40C38E}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{554E93EA-97B8-445F-9D0E-06901AA38BE2}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{9721B0EC-B857-4CCB-95F4-87E2148199EF}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{0B208427-AC56-4A1C-98E5-D523827AEC2B}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{BD8BBA63-2431-4266-AFBB-AD3FA28E0744}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{80431B57-F86E-4C45-89BE-CBD932C34698}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6C5E5C9F-D414-4C37-8F62-87426374E445}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{005DE927-7EEF-40A6-8695-094A821735F5}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{77264ACE-CEF6-4EB4-8905-06A27E90D306}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1B757D18-5C6F-4F89-BB87-8FC947427FAF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7313F568-2BD6-410A-8191-FC2053A81B84}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AA49B884-1C9D-442A-836D-6383C46CCF28}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{552190A8-5280-4D1D-9E06-9D2C54647130}"= UDP:c:\program files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:mysqld-nt
"{BE483A52-248D-4B8E-BD08-41D3B716114A}"= TCP:c:\program files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:mysqld-nt
"{4468FFBC-F6A3-4162-BD5F-2E272FDDB47E}"= UDP:c:\program files\Simple Comptable Entrepreneur\SimplyAccounting.exe:Simple Comptable Entrepreneur
"{1D461AE9-822B-491E-AA7D-D3674FBB35BB}"= TCP:c:\program files\Simple Comptable Entrepreneur\SimplyAccounting.exe:Simple Comptable Entrepreneur
"{63F97D8E-9C66-45B9-83E6-99346FDE999D}"= UDP:c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe:SimplyConnectionManager
"{0A0ABBD0-EB9A-4D5E-B9B5-0CC656C95B60}"= TCP:c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe:SimplyConnectionManager
"{E5D04BAD-2F26-45E8-82AA-3A5C0511B9C7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1B23D6BF-2E14-4C9F-A9B2-CBC1707305A0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CDB8293D-3A4D-44C1-A4FC-81064FF14D14}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A8197DF5-2B90-4D09-B78B-B2245CD87D3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC728E58-A7FB-422F-92AB-E02EC4081924}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1407EFA6-D0E2-426B-8768-2E13895D9B7F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{AF214C01-BEAD-45B8-9F1A-D709705CFCA4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AEBD48A2-9730-44AB-9175-D3FBA1ADAED1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070531.001\IDSvix86.sys [2007-06-01 212280]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-10-03 37936]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contenu du dossier 'Tâches planifiées'

2009-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2883011774-1222464163-3270046227-1000.job
- c:\users\dan\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-12 14:11]

2009-01-02 c:\windows\Tasks\HPCeeScheduleFordan.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-24 18:04]

2009-01-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - dan.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 12:48]

2009-01-08 c:\windows\Tasks\User_Feed_Synchronization-{C8BCFDDE-0CF5-4865-8718-29D2753AE5DB}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 04:45]
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.rds.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\dan\AppData\Roaming\Mozilla\Firefox\Profiles\8cwxqxn6.default\
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\users\dan\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-01-08 12:23:32
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-01-08 12:26:14
ComboFix-quarantined-files.txt 2009-01-08 17:26:11

Avant-CF: 224 137 969 664 bytes free
Après-CF: 224,112,095,232 bytes free

250 --- E O F --- 2009-01-08 08:01:27
Posted 1/9/2009 8:39 AM
#70906
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok :smile:


How are things running ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/9/2009 7:06 PM
#70934
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
Well, the same problems are occuring. Can't go to task manager (ctl+alt+del), can't acces some websites. For some strange reason, just before I went on my holydays and your last post, I could access to the websites I couldn't before, but now I can't anymore. So i guess all we did didn't help at all. D'you have any idea what's going on?
Posted 1/10/2009 3:36 AM
#70951
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Yes I do :smile:


You´ve got new infections - Are Norton updated ?



Update malwarebyte, run a complete scan and have it to fix what it find.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/13/2009 1:14 AM
#71105
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
lol...awesome!No, my norton is not updated, he's expired. I don't intend to pay for it either. I tried to update malwarebyte but I can't, surely cause of the virus. Therefore, I tried to download it on my laptop and update it and it worked. The only problem is that I don't know how to put the updated version on this computer. Any idea?
Thanks for your support.
Posted 1/13/2009 6:28 AM
#71114
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
See if you can update and run update malwarebyte from safe mode with network.

It also looks like we´ll have to replace your outdated Norton with a Freeware antivirus ;-)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/14/2009 2:49 AM
#71159
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
I'll try that and post back as soon as it is done.
Posted 1/14/2009 4:19 AM
#71162
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
Well, can't say it was much of an help. I can't acces the internet in safe mode+internet. Just my luck!
I read some threads on the net and found some people who couldn't use internet in safe mode+internet but couldn't find how to resolve this problem. I know that in safe mode the system doesn't load the device drivers into the primary memory so the internet can't work, but it should in safe mode+internet...Anyway, I'm sorry my computer is such a mess! Kind of a puzzle... ! D'you know what I could do to make the internet working in safemode+internet? (I already tried to create a new connection but it didn't work at all :(
Posted 1/14/2009 5:39 AM
#71168
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
There are some infections in combofix there possibly can block the net connection





Open notepad and copy/paste the text in the quotebox below into it:




Quote:



[table style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none; BORDER-COLLAPSE: collapse; mso-border-alt: solid windowtext .75pt; mso-padding-alt: 0cm 3.5pt 0cm 3.5pt" cellSpacing=0 cellPadding=0 border=1]
[tr ][td style="BORDER-RIGHT: windowtext 0.75pt solid; PADDING-RIGHT: 3.5pt; BORDER-TOP: windowtext 0.75pt solid; PADDING-LEFT: 3.5pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: windowtext 0.75pt solid; WIDTH: 488.9pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 0.75pt solid; BACKGROUND-COLOR: transparent" vAlign=top width=652]Killall::



Snapshot::



File::

c:\users\dan\vbzip10.dll

C:\~GLHTTP1.TMP

c:\users\dan\a.zip
C:\plnktmpb.exe
C:\-1772374567

C:\kdww.exe

c:\windows\System32\575.bat



Folder::

c:\users\dan\'

C:\windows\System32\whSLD02
c:\temp\REX81

C:\Temp





Domains::

Hosts::






[/td][/tr][/table]

Save this as:
CFScript



https://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif



Refering to the picture above, drag CFScript into ComboFix.exe


Then post fresh combofix log.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/16/2009 4:52 AM
#71262
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
Hey, I dragged the CFScript into the combofix exe and ran a scan. Here's the log.

ComboFix 09-01-13.04 - dan 2009-01-15 20:38:23.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.306 [GMT -5:00]
Lancé depuis: c:\users\dan\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-16 au 2009-01-16 ))))))))))))))))))))))))))))))))))))
.

2009-01-13 22:53 . 2009-01-13 23:01 d-------- C:\SDFix
2009-01-12 20:04 . 2009-01-12 20:08 d-------- c:\program files\Malwarebytes' Anti-Malware(1)
2009-01-12 20:04 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-12 20:04 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-05 08:33 . 2009-01-05 08:33 167,555,201 --a------ c:\windows\MEMORY.DMP
2008-12-21 22:28 . 2008-12-21 22:28 d-------- c:\program files\BitLord
2008-12-16 19:58 . 2008-12-16 19:58 d-------- c:\program files\Bonjour
2008-12-16 19:57 . 2008-12-16 19:57 d----c--- c:\windows\System32\DRVSTORE
2008-12-16 19:57 . 2008-12-16 19:57 d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 19:57 . 2008-12-16 19:57 d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-16 19:57 . 2008-12-16 19:57 d-------- c:\program files\iTunes
2008-12-16 19:57 . 2008-12-16 19:57 d-------- c:\program files\iPod
2008-12-16 19:57 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-12-16 19:57 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-12-16 19:54 . 2008-12-16 19:55 d-------- c:\program files\QuickTime
2008-12-16 19:45 . 2008-12-16 19:45 d-------- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 14:23 11,376 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-01-13 00:46 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-17 00:57 --------- d-----w c:\program files\Common Files\Apple
2008-12-14 04:10 --------- d-----w c:\programdata\Lavasoft
2008-12-14 04:05 --------- d-----w c:\program files\Lavasoft
2008-12-14 04:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-13 23:44 --------- d-----w c:\program files\MSN Messenger
2008-12-13 20:22 --------- d-----w c:\users\dan\AppData\Roaming\LimeWire
2008-12-13 20:08 --------- d-----w c:\users\dan\AppData\Roaming\Malwarebytes
2008-12-13 20:08 --------- d-----w c:\programdata\Malwarebytes
2008-12-13 18:54 --------- d-----w c:\program files\CCleaner
2008-12-12 21:58 --------- d-----w c:\program files\Trend Micro
2008-12-12 19:42 --------- d-----w c:\programdata\Grisoft
2008-12-12 16:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-12 07:45 0 ----a-w C:\ntuser.dat
2008-12-12 04:38 --------- d-----w c:\programdata\Yahoo! Companion
2008-12-12 02:31 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-12 02:31 --------- d-----w c:\program files\Java
2008-12-12 01:39 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-12 00:53 --------- d-----w c:\program files\Yahoo!
2008-12-11 18:00 --------- d-----w c:\programdata\Symantec
2008-12-11 17:59 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-12-11 17:59 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-11 17:59 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-11 17:59 --------- d-----w c:\program files\Symantec
2008-12-11 17:58 --------- d-----w c:\program files\Norton Internet Security
2008-12-10 08:16 174 --sha-w c:\program files\desktop.ini
2008-12-10 08:13 --------- d-----w c:\program files\Windows Mail
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-21 23:31 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:16 297,472 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:16 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 19:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 18:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 04:40 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-16 04:40 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-16 04:40 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-05-26 19:52 164 ----a-w c:\users\dan\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_17.23.28.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-15 21:32:39 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-15 22:22:44 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2009-01-15 19:35:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-16 01:25:53 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-15 19:35:05 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-16 01:25:53 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-15 19:35:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-16 01:25:53 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-14 14:28:11 42,284 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-15 22:51:37 42,542 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-01-15 19:19:21 321,814 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-01-16 00:59:55 322,480 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\users\dan\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2007-10-09 38184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Connexions HP.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-09 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2006-11-16 17:59 1480296 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-19 19:48 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-13 17:06 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{92F139A3-B9C8-4ABB-B741-1827023BA183}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{478C19C7-7CBC-4397-96E7-A9101ECAEAC8}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6519C6F7-0FDA-458D-BED2-A8849B40C38E}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{554E93EA-97B8-445F-9D0E-06901AA38BE2}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{9721B0EC-B857-4CCB-95F4-87E2148199EF}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{0B208427-AC56-4A1C-98E5-D523827AEC2B}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{BD8BBA63-2431-4266-AFBB-AD3FA28E0744}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{80431B57-F86E-4C45-89BE-CBD932C34698}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6C5E5C9F-D414-4C37-8F62-87426374E445}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{005DE927-7EEF-40A6-8695-094A821735F5}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{77264ACE-CEF6-4EB4-8905-06A27E90D306}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1B757D18-5C6F-4F89-BB87-8FC947427FAF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7313F568-2BD6-410A-8191-FC2053A81B84}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AA49B884-1C9D-442A-836D-6383C46CCF28}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{552190A8-5280-4D1D-9E06-9D2C54647130}"= UDP:c:\program files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:mysqld-nt
"{BE483A52-248D-4B8E-BD08-41D3B716114A}"= TCP:c:\program files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:mysqld-nt
"{4468FFBC-F6A3-4162-BD5F-2E272FDDB47E}"= UDP:c:\program files\Simple Comptable Entrepreneur\SimplyAccounting.exe:Simple Comptable Entrepreneur
"{1D461AE9-822B-491E-AA7D-D3674FBB35BB}"= TCP:c:\program files\Simple Comptable Entrepreneur\SimplyAccounting.exe:Simple Comptable Entrepreneur
"{63F97D8E-9C66-45B9-83E6-99346FDE999D}"= UDP:c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe:SimplyConnectionManager
"{0A0ABBD0-EB9A-4D5E-B9B5-0CC656C95B60}"= TCP:c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe:SimplyConnectionManager
"{E5D04BAD-2F26-45E8-82AA-3A5C0511B9C7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1B23D6BF-2E14-4C9F-A9B2-CBC1707305A0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CDB8293D-3A4D-44C1-A4FC-81064FF14D14}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A8197DF5-2B90-4D09-B78B-B2245CD87D3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC728E58-A7FB-422F-92AB-E02EC4081924}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1407EFA6-D0E2-426B-8768-2E13895D9B7F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{AF214C01-BEAD-45B8-9F1A-D709705CFCA4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AEBD48A2-9730-44AB-9175-D3FBA1ADAED1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070531.001\IDSvix86.sys [2007-06-01 212280]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-10-03 37936]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e4f43de-94f3-11db-9201-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
\shell\setup\command - E:\setup.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2883011774-1222464163-3270046227-1000.job
- c:\users\dan\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-12 14:11]

2009-01-02 c:\windows\Tasks\HPCeeScheduleFordan.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-24 18:04]

2009-01-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - dan.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 12:48]

2009-01-16 c:\windows\Tasks\User_Feed_Synchronization-{C8BCFDDE-0CF5-4865-8718-29D2753AE5DB}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 04:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.rds.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=71&bd=Pavilion&pf=desktop
TCP: {05E80307-839B-43DE-B7E0-364E726C7E32} = 207.164.234.129 207.164.234.193
FF - ProfilePath - c:\users\dan\AppData\Roaming\Mozilla\Firefox\Profiles\8cwxqxn6.default\
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\users\dan\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-01-15 20:41:06
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3656)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Heure de fin: 2009-01-15 20:43:36
ComboFix-quarantined-files.txt 2009-01-16 01:43:31
ComboFix2.txt 2009-01-15 22:29:10
ComboFix3.txt 2009-01-08 21:10:51
ComboFix4.txt 2009-01-08 17:26:16

Avant-CF: 270,016,282,624 bytes free
Après-CF: 269,988,167,680 bytes free

245 --- E O F --- 2009-01-15 08:02:54
Posted 1/16/2009 5:02 AM
#71263
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Looks clean. How are things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/17/2009 4:39 AM
#71303
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
Well, things are running fine. I can acces the websites and can do my updates. I did the malwabytes update I couldn't do before and found two infected files and quarantined then. I can't acces task manager though...The only thing I'M afraid of is that the websites will no longer be accessible in a few hours or days. They were temporarily accessible a few days ago and then for some reason, they weren't anymore. Anyway thanks for the help. If the problem reappear i'll come back to post another message. Here's the log from malwarebytes:

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 166235
Time elapsed: 1 hour(s), 9 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\kdww.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\plnktmpb.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
Posted 1/17/2009 4:52 AM
#71305
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
You are welcome to post back :smile:




For now, let´s do some cleanup ->




Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.







Uninstall ComboFix

Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter

This will ->

Uninstall ComboFix. Delete its related folders and files.

Reset your clock settings. Hide file extensions.

Hide the system/hidden files. And resets System Restore again.



BTW. Shall we get rid of Norton and install a Freeware antivirus program ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/17/2009 10:33 PM
#71323
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
Yes we shall! Will it work if I uninstall it by control panel>programs>uninstall program>norton internet security and while I am at it unistall the liveUpdate 3.2 and Liveupdate Notice too? Cause these are all parts of symantec corporation. So what's the best freeware available right now...AVG?
Posted 1/17/2009 10:35 PM
#71324
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
By the way I created the restore point and clean up the system restore point except the most recent one as you suggested. And then I also uninstalled combofix.
Posted 1/18/2009 4:36 AM
#71334
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok :smile:




We´ll remove Norton, but first download a antivirus program to desktop. I assume you want a Freeware program ?



Avast! makes an excellent free antivirus client, as does Avira or PC Tools
Please make sure to run your antivirus software regularly, and to keep it up-to-date. Most programs have an automatic update feature.

Then, use this link to remove Norton -



Download the Norton Removal Tool (SymNRT) to your Desktop.


https://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next


Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.


Once finished restart the PC and run the tool again to ensure everything has been removed.
Delete Nortonremoval tool from your Desktop.





Post new combofix log, along with fresh hijackthis log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/19/2009 7:24 PM
#71420
User avatar

LapinBlanc Valued member

Date Joined Nov 2016
Total Posts: 12
Hey :)
I uninstalled norton with the remover and run combofix and highjackthis. I also downloaded avast to my desktop, should I install it right now or wait till i'm sure the computer is clean? Here are the logs, respectively.

ComboFix 09-01-13.04 - dan 2009-01-19 14:06:54.6 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.276 [GMT -5:00]
Lancé depuis: c:\users\dan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-19 au 2009-01-19 ))))))))))))))))))))))))))))))))))))
.

2009-01-19 13:49 . 2009-01-19 13:49 d-------- c:\users\All Users\NortonInstaller
2009-01-19 13:49 . 2009-01-19 13:49 d-------- c:\programdata\NortonInstaller
2009-01-16 17:55 . 2009-01-16 17:57 d-------- c:\program files\Malwarebytes' Anti-Malware(2)
2009-01-13 22:53 . 2009-01-13 23:01 d-------- C:\SDFix
2009-01-12 20:04 . 2009-01-12 20:08 d-------- c:\program files\Malwarebytes' Anti-Malware(1)
2009-01-12 20:04 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-12 20:04 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-05 08:33 . 2009-01-05 08:33 167,555,201 --a------ c:\windows\MEMORY.DMP
2008-12-21 22:28 . 2008-12-21 22:28 d-------- c:\program files\BitLord

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 18:50 --------- d-----w c:\programdata\Symantec
2009-01-19 18:45 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-19 18:31 164 ----a-w c:\users\dan\AppData\Roaming\wklnhst.dat
2009-01-16 08:02 --------- d-----w c:\program files\Windows Mail
2009-01-14 14:23 11,376 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-01-13 00:46 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-17 00:58 --------- d-----w c:\program files\Bonjour
2008-12-17 00:57 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-17 00:57 --------- d-----w c:\program files\iTunes
2008-12-17 00:57 --------- d-----w c:\program files\iPod
2008-12-17 00:57 --------- d-----w c:\program files\Common Files\Apple
2008-12-17 00:55 --------- d-----w c:\program files\QuickTime
2008-12-17 00:45 --------- d-----w c:\program files\Apple Software Update
2008-12-14 04:10 --------- d-----w c:\programdata\Lavasoft
2008-12-14 04:05 --------- d-----w c:\program files\Lavasoft
2008-12-14 04:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-13 23:44 --------- d-----w c:\program files\MSN Messenger
2008-12-13 20:22 --------- d-----w c:\users\dan\AppData\Roaming\LimeWire
2008-12-13 20:08 --------- d-----w c:\users\dan\AppData\Roaming\Malwarebytes
2008-12-13 20:08 --------- d-----w c:\programdata\Malwarebytes
2008-12-13 18:54 --------- d-----w c:\program files\CCleaner
2008-12-12 21:58 --------- d-----w c:\program files\Trend Micro
2008-12-12 19:42 --------- d-----w c:\programdata\Grisoft
2008-12-12 16:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-12 07:45 0 ----a-w C:\ntuser.dat
2008-12-12 04:38 --------- d-----w c:\programdata\Yahoo! Companion
2008-12-12 02:31 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-12 02:31 --------- d-----w c:\program files\Java
2008-12-12 00:53 --------- d-----w c:\program files\Yahoo!
2008-12-11 17:59 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-12-11 17:59 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-10 08:16 174 --sha-w c:\program files\desktop.ini
2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:33 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 03:33 1,687,040 ----a-w c:\windows\System32\gameux.dll
2008-10-31 23:38 4,247,552 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-29 06:20 2,923,520 ----a-w c:\windows\explorer.exe
2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-21 23:31 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:16 297,472 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:16 1,645,568 ----a-w c:\windows\System32\connect.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_17.23.28.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-15 21:28:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-19 18:51:52 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-01-15 21:28:58 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-01-19 18:51:52 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-15 21:32:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-19 18:53:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-01-19 18:53:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-15 21:32:39 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-19 18:53:46 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-01-19 18:53:46 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-15 19:35:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-19 18:01:24 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-15 19:35:05 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-19 18:01:24 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-15 19:35:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-19 18:01:24 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-15 20:06:20 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-19 19:06:47 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-12-09 20:24:38 17,593,280 ----a-w c:\windows\System32\mrt.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
- 2009-01-15 21:35:11 103,726 ----a-w c:\windows\System32\perfc009.dat
+ 2009-01-19 18:56:44 103,726 ----a-w c:\windows\System32\perfc009.dat
- 2009-01-15 21:35:11 609,944 ----a-w c:\windows\System32\perfh009.dat
+ 2009-01-19 18:56:44 609,944 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-15 21:27:36 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-01-16 18:00:09 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-01-14 14:28:14 8,690 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2883011774-1222464163-3270046227-1000_UserData.bin
+ 2009-01-19 18:54:08 8,690 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2883011774-1222464163-3270046227-1000_UserData.bin
- 2009-01-14 14:28:13 67,344 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-19 18:54:08 67,368 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-14 14:28:11 42,284 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-19 18:54:07 42,746 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-01-15 19:19:21 321,814 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-01-16 22:50:12 322,480 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-01-15 22:19:39 278,936 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-01-16 20:58:52 279,608 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-01-15 19:35:04 19,761,495 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-16 17:59:39 19,771,057 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
- 2006-11-02 06:37:21 20,480 ----a-w c:\windows\winsxs\x86_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_5b761551c05a7af8\secdrv.sys
+ 2009-01-14 14:23:11 11,376 ----a-w c:\windows\winsxs\x86_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_5b761551c05a7af8\secdrv.sys
+ 2008-12-08 23:22:10 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16787_none_f052600a6e8e5046\OESpamFilter.dat
+ 2008-12-08 23:23:32 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20972_none_f0e1cd3587a85293\OESpamFilter.dat
+ 2008-12-09 23:54:42 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18182_none_f2339d3e6bb96284\OESpamFilter.dat
+ 2008-12-09 23:55:37 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22327_none_f3031ce984a1d682\OESpamFilter.dat
+ 2008-12-16 03:14:37 290,304 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16789_none_d7c3afd4f985c7a2\srv.sys
+ 2008-12-16 03:07:02 290,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20976_none_d8551d94129dfc9d\srv.sys
+ 2008-12-16 02:42:39 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18185_none_d9a5ed52f6aff337\srv.sys
+ 2008-12-16 01:53:56 288,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22331_none_da619a780fa89f17\srv.sys
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\users\dan\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2007-10-09 38184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Connexions HP.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-09 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2006-11-16 17:59 1480296 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-11-19 19:48 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-13 17:06 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{92F139A3-B9C8-4ABB-B741-1827023BA183}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{478C19C7-7CBC-4397-96E7-A9101ECAEAC8}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6519C6F7-0FDA-458D-BED2-A8849B40C38E}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{554E93EA-97B8-445F-9D0E-06901AA38BE2}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{9721B0EC-B857-4CCB-95F4-87E2148199EF}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{0B208427-AC56-4A1C-98E5-D523827AEC2B}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{BD8BBA63-2431-4266-AFBB-AD3FA28E0744}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{80431B57-F86E-4C45-89BE-CBD932C34698}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6C5E5C9F-D414-4C37-8F62-87426374E445}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{005DE927-7EEF-40A6-8695-094A821735F5}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{77264ACE-CEF6-4EB4-8905-06A27E90D306}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1B757D18-5C6F-4F89-BB87-8FC947427FAF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7313F568-2BD6-410A-8191-FC2053A81B84}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AA49B884-1C9D-442A-836D-6383C46CCF28}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{552190A8-5280-4D1D-9E06-9D2C54647130}"= UDP:c:\program files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:mysqld-nt
"{BE483A52-248D-4B8E-BD08-41D3B716114A}"= TCP:c:\program files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:mysqld-nt
"{4468FFBC-F6A3-4162-BD5F-2E272FDDB47E}"= UDP:c:\program files\Simple Comptable Entrepreneur\SimplyAccounting.exe:Simple Comptable Entrepreneur
"{1D461AE9-822B-491E-AA7D-D3674FBB35BB}"= TCP:c:\program files\Simple Comptable Entrepreneur\SimplyAccounting.exe:Simple Comptable Entrepreneur
"{63F97D8E-9C66-45B9-83E6-99346FDE999D}"= UDP:c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe:SimplyConnectionManager
"{0A0ABBD0-EB9A-4D5E-B9B5-0CC656C95B60}"= TCP:c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe:SimplyConnectionManager
"{E5D04BAD-2F26-45E8-82AA-3A5C0511B9C7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1B23D6BF-2E14-4C9F-A9B2-CBC1707305A0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CDB8293D-3A4D-44C1-A4FC-81064FF14D14}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A8197DF5-2B90-4D09-B78B-B2245CD87D3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BC728E58-A7FB-422F-92AB-E02EC4081924}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1407EFA6-D0E2-426B-8768-2E13895D9B7F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{AF214C01-BEAD-45B8-9F1A-D709705CFCA4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AEBD48A2-9730-44AB-9175-D3FBA1ADAED1}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7C88A377-596B-409C-A88E-DCEE8B20D0E5}"= UDP:c:\users\dan\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{1AC68768-B501-458F-A0FE-239099B75D86}"= TCP:c:\users\dan\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e4f43de-94f3-11db-9201-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
\shell\setup\command - E:\setup.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2883011774-1222464163-3270046227-1000.job
- c:\users\dan\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-12 14:11]

2009-01-02 c:\windows\Tasks\HPCeeScheduleFordan.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-24 18:04]

2009-01-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - dan.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []

2009-01-19 c:\windows\Tasks\User_Feed_Synchronization-{C8BCFDDE-0CF5-4865-8718-29D2753AE5DB}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 04:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.rds.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=71&bd=Pavilion&pf=desktop
TCP: {05E80307-839B-43DE-B7E0-364E726C7E32} = 207.164.234.129 207.164.234.193
FF - ProfilePath - c:\users\dan\AppData\Roaming\Mozilla\Firefox\Profiles\8cwxqxn6.default\
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\users\dan\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-01-19 14:10:07
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3868)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Heure de fin: 2009-01-19 14:12:44
ComboFix-quarantined-files.txt 2009-01-19 19:12:41
ComboFix2.txt 2009-01-16 01:43:38

Avant-CF: 266 349 486 080 bytes free
Après-CF: 266,352,001,024 bytes free

254 --- E O F --- 2009-01-19 15:22:27

-----------


Here is the highjackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:46, on 2009-01-19
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.rds.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Users\dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Connexions HP.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{05E80307-839B-43DE-B7E0-364E726C7E32}: NameServer = 207.164.234.129 207.164.234.193
O17 - HKLM\System\CS1\Services\Tcpip\..\{05E80307-839B-43DE-B7E0-364E726C7E32}: NameServer = 207.164.234.129 207.164.234.193
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Gestionnaire de connexion de base de données de Simple Comptable - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5570 bytes
Posted 1/20/2009 5:29 AM
#71445
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Install Avast, update it, run a complete systemscan.


Reboot.






Open notepad and copy/paste the text in the quotebox below into it:




Quote:



[table style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none; BORDER-COLLAPSE: collapse; mso-border-alt: solid windowtext .75pt; mso-padding-alt: 0cm 3.5pt 0cm 3.5pt" cellSpacing=0 cellPadding=0 border=1]
[tr ][td style="BORDER-RIGHT: windowtext 0.75pt solid; PADDING-RIGHT: 3.5pt; BORDER-TOP: windowtext 0.75pt solid; PADDING-LEFT: 3.5pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: windowtext 0.75pt solid; WIDTH: 488.9pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 0.75pt solid; BACKGROUND-COLOR: transparent" vAlign=top width=652]Killall::



Snapshot::



File:

c:\windows\Tasks\Norton Internet Security - Run Full System Scan - dan.job





Folder::

c:\users\All Users\NortonInstaller

c:\programdata\NortonInstaller

c:\programdata\Symantec
c:\program files\Common Files\Symantec Shared




Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=-


[/td][/tr][/table]

Save this as:
CFScript



https://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post fresh combofix log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Post a reply
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, August 18, 2022, 6:30 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
32 Guest(s), 0 Registered Member(s) are currently online.