NSSstub malware? on my computer, Happy Thanksgiving

View previous topic View next topic Go down

NSSstub malware? on my computer, Happy Thanksgiving

Post by mpeastep on 26th November 2009, 7:55 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:11 AM, on 1/29/2002
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mikeal Eastep\Desktop\malware\HiJack(GP)This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /runonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Global Startup: Bluetooth.lnk.disabled
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

--
End of file - 7789 bytes

mpeastep
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-06-18
OS OS : windows
Points Points : 27342
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NSSstub malware? on my computer, Happy Thanksgiving

Post by Belahzur on 26th November 2009, 8:55 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

contents of MBAM log

Post by mpeastep on 10th December 2009, 4:19 pm

Malwarebytes' Anti-Malware 1.42
Database version: 3338
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/12/2002 4:52:48 AM
mbam-log-2002-02-12 (04-52-47).txt

Scan type: Quick Scan
Objects scanned: 99612
Time elapsed: 10 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

mpeastep
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-06-18
OS OS : windows
Points Points : 27342
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NSSstub malware? on my computer, Happy Thanksgiving

Post by Belahzur on 10th December 2009, 8:14 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: NSSstub malware? on my computer, Happy Thanksgiving

Post by mpeastep on 11th December 2009, 6:35 pm

DDS (Ver_09-12-01.01) - NTFSx86
Run by Mikeal Eastep at 6:53:28.64 on Wed 02/13/2002
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.377 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mikeal Eastep\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.7.2.11\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IDTSysTrayApp] sttray.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /runonce
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Bluetooth.lnk.disabled
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mikeal~1\applic~1\mozilla\firefox\profiles\0fi7ltzt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1007020.00b\SymEFA.sys [2009-8-31 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1007020.00b\BHDrvx86.sys [2009-8-31 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1007020.00b\cchpx86.sys [2009-8-31 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091111.001\IDSXpx86.sys [2002-1-15 329592]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.7.2.11\ccSvcHst.exe [2009-8-31 117640]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-12-19 112128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091211.002\NAVENG.SYS [2002-2-13 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091211.002\NAVEX15.SYS [2002-2-13 1323568]

=============== Created Last 30 ================

2009-09-13 22:29:29 0 d-----w- c:\program files\THQ
2009-09-09 11:33:41 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-06 22:52:14 0 d-----w- C:\mom
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-09-03 17:39:25 0 d-----w- c:\program files\VDMSound
2009-09-03 17:38:46 0 d-----w- c:\program files\DOSBox-0.73
2009-09-03 17:22:12 0 d--h--w- c:\windows\PIF
2009-08-27 00:59:47 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-08-27 00:59:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-08-13 03:12:17 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 03:10:51 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-09 13:16:22 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2009-08-09 04:41:39 0 d-----w- c:\windows\system32\XPSViewer
2009-08-09 04:35:56 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 04:35:56 117760 -c----w- c:\windows\system32\prntvpt.dll
2009-08-09 04:35:55 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 04:35:54 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 04:35:54 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-09 04:35:49 1676288 -c----w- c:\windows\system32\xpssvcs.dll
2009-08-09 04:35:49 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 04:35:35 0 d-----w- C:\87abfd443ac490df7402af5d5138721a
2009-08-06 13:33:39 1393 ----a-w- c:\windows\imsins.BAK
2009-08-05 09:01:48 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 22:44:40 0 d-----w- c:\program files\iPod
2009-08-01 22:43:56 0 d-----w- c:\program files\iTunes
2009-07-17 19:01:06 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-07-17 16:22:18 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-07-14 22:01:54 0 d-----w- c:\program files\TweetDeck
2009-07-14 03:43:24 286208 ------w- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-14 03:43:24 10841088 ------w- c:\windows\system32\dllcache\wmp.dll
2009-07-09 18:40:51 0 d-----w- c:\docume~1\mikeal~1\applic~1\Search Settings
2009-07-09 18:40:33 0 d-----w- c:\docume~1\mikeal~1\applic~1\Dealio
2009-07-09 18:30:41 0 d-----w- c:\program files\Search Settings
2009-07-09 18:29:04 0 d-----w- c:\program files\Dealio Toolbar
2009-07-09 18:28:20 164144 ----a-w- c:\windows\system32\COMCT232.OCX
2009-07-09 17:40:23 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-07-09 17:40:22 0 d-----w- c:\docume~1\mikeal~1\applic~1\AVS4YOU
2009-07-09 17:37:20 0 d-----w- c:\program files\common files\AVSMedia
2009-07-09 17:37:19 658432 ----a-w- c:\windows\system32\cc3270mt.dll
2009-07-09 17:36:44 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-07-09 17:36:44 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-07-09 17:36:42 0 d-----w- c:\program files\AVS4YOU
2009-07-04 05:53:03 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-04 05:53:03 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-04 05:49:56 0 d-----w- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-04 05:48:54 0 d-----w- c:\program files\Bonjour
2009-07-04 05:43:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-04 05:43:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-29 16:12:14 17408 ------w- c:\windows\system32\dllcache\corpol.dll
2009-06-29 00:48:03 0 d-----w- C:\Temp
2009-06-29 00:46:23 337 ----a-w- c:\windows\lgfwup.ini
2009-06-29 00:46:17 59904 -c--a-w- c:\windows\system32\wbemdisp.tlb
2009-06-29 00:46:17 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-29 00:46:16 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2009-06-29 00:46:16 115920 ----a-w- c:\windows\system32\msinet.OCX
2009-06-29 00:46:16 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2009-06-29 00:46:14 0 d-----w- c:\program files\lg_fwupdate
2009-06-29 00:37:35 0 d-----w- C:\MyWorks
2009-06-29 00:35:51 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-25 08:25:26 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25:26 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 08:25:26 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-24 11:18:41 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-19 16:33:50 0 d-sha-r- C:\cmdcons
2009-06-19 16:31:12 98816 ----a-w- c:\windows\sed.exe
2009-06-19 16:31:12 161792 ----a-w- c:\windows\SWREG.exe
2009-06-19 16:31:12 155136 ----a-w- c:\windows\PEV.exe
2009-06-18 23:13:00 0 d-----r- c:\program files\Norton Support
2009-06-18 22:25:23 0 d-----w- c:\documents and settings\mikeal eastep\.SunDownloadManager
2009-06-18 17:33:57 0 d-----w- c:\windows\system32\CatRoot2
2009-06-16 14:36:30 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36:30 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-06-12 12:31:39 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-06-10 14:13:29 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 13:19:38 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 06:14:49 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-05-27 00:18:34 90112 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-05-27 00:18:34 57344 ----a-w- c:\windows\system32\QuickTime.qts
2009-05-17 07:48:42 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-17 07:48:39 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-17 07:48:37 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-05-17 02:27:33 0 d-----w- c:\docume~1\mikeal~1\applic~1\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-05-07 15:32:35 345600 ------w- c:\windows\system32\dllcache\localspl.dll
2009-04-17 01:39:07 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-04-17 01:39:06 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-04-17 01:39:02 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-04-17 01:39:01 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-04-17 01:39:00 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-04-17 01:38:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 01:38:58 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 01:38:57 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 01:38:56 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-04-17 01:38:52 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-04-17 01:36:49 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-04-17 01:36:42 1203922 ------w- c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 01:36:40 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:51:25 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-04-12 22:51:50 0 d-----w- c:\program files\UltimateBet
2009-04-10 02:38:15 0 d-----w- c:\windows\system32\Adobe
2009-04-02 03:02:22 604160 ------w- c:\windows\system32\dllcache\wmspdmod.dll
2009-03-21 14:06:58 989696 ------w- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 15:08:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-03-19 15:08:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-03-18 18:03:42 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-03-14 05:56:56 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-03-14 05:56:51 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-03-08 15:46:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-03-06 20:15:11 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-03-06 20:15:11 215920 ----a-w- c:\windows\system32\muweb.dll
2009-03-06 20:15:11 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-03-06 06:11:44 744 ----a-w- c:\docume~1\mikeal~1\applic~1\wklnhst.dat
2009-03-04 11:14:25 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-03-04 11:14:25 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-03-04 11:13:24 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-03-04 11:12:34 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-03-04 11:11:15 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-03-04 11:11:04 27648 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-03-04 11:11:03 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-04 11:11:03 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-03-04 11:11:02 44544 ------w- c:\windows\system32\dllcache\iernonce.dll
2009-03-04 11:11:02 193024 ------w- c:\windows\system32\dllcache\msrating.dll
2009-03-04 11:11:01 44544 ------w- c:\windows\system32\dllcache\pngfilt.dll
2009-03-04 11:11:00 102912 ------w- c:\windows\system32\dllcache\occache.dll
2009-03-04 11:09:59 1847168 ------w- c:\windows\system32\dllcache\win32k.sys
2009-03-04 11:09:44 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-03-04 11:09:10 765952 ------w- c:\windows\system32\dllcache\vgx.dll
2009-03-04 11:09:01 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-04 11:08:59 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-04 11:08:52 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-04 11:08:51 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-04 11:07:58 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-04 11:06:23 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-03-04 11:06:05 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-03-04 11:05:47 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-03-04 11:00:25 0 d-----w- c:\windows\system32\PreInstall
2009-03-04 10:55:29 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-03-04 10:54:46 873134 ----a-w- c:\windows\system32\oem1.inf
2009-03-04 10:53:50 0 d-----w- c:\docume~1\mikeal~1\applic~1\TMP
2009-03-04 10:42:50 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2009-03-04 10:42:50 10752 ----a-w- c:\windows\system32\c_iscii.dll
2009-03-04 10:42:48 66594 ----a-w- c:\windows\system32\c_864.nls
2009-03-04 10:42:48 66082 ----a-w- c:\windows\system32\C_28596.NLS
2009-03-04 10:42:48 66082 ----a-w- c:\windows\system32\c_10004.nls
2009-03-04 10:42:48 5632 ----a-w- c:\windows\system32\kbdusa.dll
2009-03-04 10:42:47 66594 ----a-w- c:\windows\system32\c_720.nls
2009-03-04 10:42:47 66082 ----a-w- c:\windows\system32\c_708.nls
2009-03-04 10:42:40 66594 ----a-w- c:\windows\system32\c_862.nls
2009-03-04 10:42:40 66082 ----a-w- c:\windows\system32\c_10005.nls
2009-03-04 10:42:39 66082 ----a-w- c:\windows\system32\c_10021.nls
2009-03-04 10:42:39 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2009-03-04 10:41:50 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-03-04 04:27:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-03-04 04:25:37 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-04 04:25:37 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-04 04:25:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-03-04 04:25:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-04 04:25:37 0 d-----w- c:\program files\Symantec
2009-03-04 04:25:37 0 d-----w- c:\program files\common files\Symantec Shared
2009-03-04 04:24:34 0 d-----w- c:\windows\system32\drivers\NAV
2009-03-04 04:24:31 0 d-----w- c:\program files\Norton AntiVirus
2009-03-04 04:24:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-03-04 04:24:18 0 d-----w- c:\program files\NortonInstaller
2009-03-04 04:24:18 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-03-04 04:22:48 0 d-----w- c:\documents and settings\all users\Symantec Temporary Files
2009-02-20 18:09:38 78336 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-02-03 19:59:07 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2009-01-17 05:35:14 3598336 ------w- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 08:10:33 172032 ----a-w- c:\windows\system32\igfxres.dll
2008-12-19 08:05:14 22198 ----a-w- c:\windows\system32\OEMLogo.bmp
2008-12-19 08:05:14 1843256 ----a-w- c:\windows\Tempest.bmp
2008-12-19 08:05:14 1769528 ----a-w- c:\windows\Firestorm.bmp
2008-12-19 08:01:40 28510 ----a-w- c:\windows\system32\oeminfo.ini
2008-12-19 08:00:53 0 d-----w- c:\program files\HP
2008-12-19 08:00:52 0 d-----w- c:\program files\HPQ
2008-12-19 08:00:37 13312 ----a-w- c:\windows\HPWWANVersion.dll
2008-12-19 08:00:12 0 d-----w- c:\windows\Downloaded Installations
2008-12-19 08:00:01 0 d-----w- c:\windows\HPQ
2008-12-19 07:59:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-12-19 07:59:48 0 d-----w- c:\program files\Viewpoint
2008-12-19 07:59:28 0 d-----w- c:\program files\common files\AOL
2008-12-19 07:59:27 0 d-----w- c:\program files\AIM6
2008-12-19 07:52:40 0 d-----w- c:\program files\Broadcom
2008-12-19 07:52:19 0 d-----w- c:\program files\Synaptics
2008-12-19 07:51:50 0 d-----w- c:\program files\Marvell
2008-12-19 07:49:29 0 d-----w- c:\program files\WIDCOMM
2008-12-19 07:48:33 0 d-----w- c:\program files\IDT
2008-12-19 07:31:52 0 d--h--w- c:\program files\WindowsUpdate
2008-12-19 07:31:52 0 d-----w- c:\program files\Windows NT
2008-12-19 07:31:52 0 d-----w- c:\program files\Windows Media Connect 2
2008-12-19 07:31:52 0 d-----w- c:\program files\Online Services
2008-12-19 07:31:52 0 d-----w- c:\program files\MSN Gaming Zone
2008-12-19 07:31:52 0 d-----w- c:\program files\Messenger
2008-12-19 07:31:52 0 d-----w- c:\program files\common files\SpeechEngines
2008-12-19 07:31:52 0 d-----w- c:\program files\common files\ODBC
2008-12-19 07:31:52 0 d-----w- c:\program files\common files\MSSoap
2008-12-19 07:31:51 0 d-sh--w- c:\documents and settings\all users\DRM
2008-12-19 07:31:51 0 d-----r- c:\documents and settings\all users\Documents
2002-02-12 09:38:08 0 d-----w- c:\docume~1\mikeal~1\applic~1\Malwarebytes
2002-02-12 09:37:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2002-02-12 09:37:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-28 10:28:59 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-28 10:28:59 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-08-27 05:18:44 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-08-27 05:18:41 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-13 15:16:05 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-14 03:43:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 08:33:41 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-25 08:25:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25:26 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25:26 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25:26 147456 ------w- c:\windows\system32\dllcache\schannel.dll
2009-06-24 11:18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36:30 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13:29 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19:38 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09:37 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 19:09:37 1291264 ------w- c:\windows\system32\dllcache\quartz.dll
2009-05-20 08:56:52 2458112 ------w- c:\windows\system32\dllcache\WMVCore.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26:40 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 03:02:22 604160 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-06 14:22:18 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10:48 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10:48 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10:48 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10:48 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10:48 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-02-06 11:11:05 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 10:39:08 35328 ----a-w- c:\windows\system32\sc.exe
2009-02-06 10:10:02 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2008-12-19 07:52:37 1294200 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2008-12-16 12:30:34 354304 ----a-w- c:\windows\system32\winhttp.dll
2008-12-16 12:30:34 354304 ------w- c:\windows\system32\dllcache\winhttp.dll
2008-12-12 18:18:16 87336 ----a-w- c:\windows\system32\dns-sd.exe
2008-12-12 18:11:46 61440 ----a-w- c:\windows\system32\dnssd.dll
2008-12-11 10:57:09 333952 ----a-w- c:\windows\system32\drivers\srv.sys
2008-10-24 11:21:09 455296 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36:14 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-10-23 12:36:14 286720 ------w- c:\windows\system32\dllcache\gdi32.dll
2008-09-10 01:14:56 1307648 ----a-w- c:\windows\system32\msxml6.dll
2008-09-10 01:14:56 1307648 ------w- c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:15:04 1106944 ----a-w- c:\windows\system32\msxml3.dll
2008-08-30 00:03:24 446579 ----a-w- c:\windows\system32\stacapi.dll
2008-08-30 00:03:24 442477 ----a-w- c:\windows\sttray.exe
2008-08-30 00:03:24 2871296 ----a-w- c:\windows\system32\stlang.dll
2008-08-30 00:03:24 237667 ----a-w- c:\windows\system32\stacsv.exe
2008-08-30 00:03:24 169472 ----a-w- c:\windows\system32\staco.dll
2008-08-30 00:03:24 1388980 ----a-w- c:\windows\system32\drivers\sthda.sys
2008-08-28 15:16:36 112128 ----a-w- c:\windows\system32\drivers\AESTAud.sys
2008-08-28 15:16:34 471040 ----a-w- c:\windows\system32\AESTFltr.exe
2008-08-14 10:04:36 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-08-14 10:04:36 138496 ------w- c:\windows\system32\dllcache\afd.sys
2008-07-31 19:17:24 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2008-07-31 18:57:24 155648 ----a-w- c:\windows\system32\SynTPAPI.dll
2008-07-31 18:42:26 200704 ----a-w- c:\windows\system32\SynCtrl.dll
2008-07-31 18:41:30 163840 ----a-w- c:\windows\system32\SynCOM.dll
2008-07-31 18:38:46 230464 ----a-w- c:\windows\system32\drivers\SynTP.sys
2008-07-30 18:56:18 27176 ----a-w- c:\windows\BtwIEProxy.exe
2008-07-30 18:55:02 2854912 ----a-w- c:\windows\system32\btwicons.dll
2008-07-30 18:54:34 73728 ----a-w- c:\windows\system32\BtMmHook.dll
2008-07-30 18:53:38 90112 ----a-w- c:\windows\system32\BtWiaExt.dll
2008-07-30 18:48:14 233472 ----a-w- c:\windows\system32\btwhidcs.dll
2008-07-30 18:47:38 1802305 ----a-w- c:\windows\system32\BtWizard.dll
2008-07-30 18:46:46 991309 ----a-w- c:\windows\system32\BTNeighborhood.dll
2008-07-30 18:45:12 102400 ----a-w- c:\windows\system32\btsec.dll
2008-07-30 18:44:54 426043 ----a-w- c:\windows\system32\btcss.dll
2008-07-30 18:43:28 81920 ----a-w- c:\windows\system32\btsendto_ie.dll
2008-07-30 18:43:06 274486 ----a-w- c:\windows\system32\btsendto_office.dll
2008-07-30 18:42:28 155699 ----a-w- c:\windows\system32\btsendto_wab.dll
2008-07-30 18:41:32 49152 ----a-w- c:\windows\system32\btsendto_notes.dll
2008-07-30 18:41:06 147456 ----a-w- c:\windows\system32\btosif_olx.dll
2008-07-30 18:40:48 172032 ----a-w- c:\windows\system32\btosif_ol.dll
2008-07-30 18:40:28 159744 ----a-w- c:\windows\system32\btosif_notes.dll
2008-07-30 18:39:54 77824 ----a-w- c:\windows\system32\btprn2k.dll
2008-07-30 18:39:40 114688 ----a-w- c:\windows\system32\bthcrpui.dll
2008-07-30 18:39:04 106496 ----a-w- c:\windows\system32\bthcrp.dll
2008-07-30 18:38:34 61440 ----a-w- c:\windows\system32\btwpimif.dll
2008-07-30 18:38:16 622592 ----a-w- c:\windows\system32\BTChooser.dll
2008-07-30 18:37:58 221184 ----a-w- c:\windows\system32\btsendto.dll
2008-07-30 18:37:30 122880 ----a-w- c:\windows\system32\btosif.dll
2008-07-30 18:36:48 122880 ----a-w- c:\windows\system32\btbigbmp.dll
2008-07-30 18:36:36 106496 ----a-w- c:\windows\system32\BTXPPanel.dll
2008-07-30 18:36:18 24576 ----a-w- c:\windows\system32\BtXpShell.dll
2008-07-30 18:36:04 65536 ----a-w- c:\windows\system32\BtAudioHelper.dll

============= FINISH: 6:55:27.39 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/4/2009 5:52:39 AM
System Uptime: 2/12/2002 9:17:47 PM (9 hours ago)

Motherboard: Hewlett-Packard | | 361A
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 15 GiB total, 0.823 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP9: 8/9/2009 12:17:55 AM - Software Distribution Service 3.0
RP10: 8/10/2009 2:45:19 AM - Software Distribution Service 3.0
RP11: 8/13/2009 12:03:14 AM - Software Distribution Service 3.0
RP12: 8/26/2009 10:10:17 PM - Software Distribution Service 3.0
RP13: 9/2/2009 7:10:55 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11.5
AIM 6
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CyberLink DVD Suite
Dealio Toolbar v4.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Doc Viewer
HP Help and Support
HP Mobile Broadband Setup Utility
HP User Guides 0119
HP Wireless Assistant
HpSdpAppCoreApp
IDT Audio
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 6
LG ODD Auto Firmware Update
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.15)
Norton AntiVirus
PowerDVD
PowerProducer
QuickTime
Search Settings 1.2.1
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TweetDeck
UltimateBet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Backup Utility
Windows Driver Package - SMSC LAN9500 USB 2.0 to Ethernet 10/100 Adapter x64 Driver (05/12/2008 1.52.0000.0000)
Windows Driver Package - SMSC LAN9500 USB 2.0 to Ethernet 10/100 Adapter x86 Driver (05/12/2008 1.52.0000.0000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11

==== Event Viewer Messages From Past Week ========

2/8/2002 4:56:20 AM, error: PlugPlayManager [12] - The device 'Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller' (PCI\VEN_11AB&DEV_4354&SUBSYS_361A103C&REV_00\4&23c6fc68&0&00E1) disappeared from the system without first being prepared for removal.
2/7/2002 1:46:14 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by +246954146 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.199:123->207.46.232.182:123) is working properly.
2/13/2002 4:33:55 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
2/11/2002 4:14:48 AM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 f79e7948, parameter3 f79e7644, parameter4 f732eae8.

==== End Of File ===========================

mpeastep
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-06-18
OS OS : windows
Points Points : 27342
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NSSstub malware? on my computer, Happy Thanksgiving

Post by Belahzur on 11th December 2009, 10:32 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 6
    Viewpoint Media Player

Post a new Hijack This log now please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: NSSstub malware? on my computer, Happy Thanksgiving

Post by mpeastep on 11th December 2009, 10:51 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:35 AM, on 2/13/2002
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Mikeal Eastep\Desktop\malware\HiJack(GP)This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /runonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Global Startup: Bluetooth.lnk.disabled
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

--
End of file - 8125 bytes

mpeastep
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-06-18
OS OS : windows
Points Points : 27342
# Likes # Likes : 0

View user profile

Back to top Go down

Re: NSSstub malware? on my computer, Happy Thanksgiving

Post by Belahzur on 12th December 2009, 12:50 am

Hello.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll


  • Press "Fix Checked"
  • Close Hijack This.

Delete this folder in bold:
C:\Program Files\Search Settings

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum