Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Trojan.Brisv.A!inf Infection

This is a discussion on Trojan.Brisv.A!inf Infection within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, First of all I would like to say this site is awesome and your assistance is GREATLY appreciated! My


 
 
Thread Tools Search this Thread
Old 03-01-2009, 06:12 PM   #1
Registered Member
 
Join Date: Feb 2009
Posts: 5
OS: Windows XP Professional



Hello,

First of all I would like to say this site is awesome and your assistance is GREATLY appreciated! My computer has been infected with Trojan.Brisv.A!inf virus. My son tried downloading some movies and some music from Limewire and that's where the infected files are located. My computer has been running very slow and the internet connection is also slow. I have high speed cable modem with a wireless router. I have uninstalled Limewire from my computer and instructed my son not to download it again! The paths to the infected files are listed below. I searched for these files and they are no longer there. They may have been removed when I tried to run the removal tool posted on the link at symantecs site. After running the removal tool I did a new scan and the trojan still shows up???

C:\Documents and Settings\HP_Administrator\Shared\avant - message in a bottle.mp3

C:\Documents and Settings\HP_Administrator\Incomplete\preview-t5745425-smell money syles p.mp3

C:\Documents and Settings\HP_Administrator\Incomplete\preview-t5745425-the game - red magic (ft. lil wayne).mp3

C:\Documents and Settings\HP_Administrator\Incomplete\t-5745425-the game - red magic (ft. lil wayne).mp3


DDS.txt log


DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Administrator at 5:16:01.17 on Sun 03/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.212 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\arservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\16.2.0.7\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [Picasa Media Detector] "c:\program files\picasa2\PicasaMediaDetector.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org1.1.5\program\quickstart.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} - hxxp://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/axhomepr.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170562642234
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1002000.007\BHDrvx86.sys [2008-12-10 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1002000.007\cchpx86.sys [2008-12-10 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090225.002\IDSxpx86.sys [2009-2-27 276344]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\leapfrog\leapfrog connect\CommandService.exe [2008-11-25 991232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-28 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090228.021\NAVENG.SYS [2009-2-28 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090228.021\NAVEX15.SYS [2009-2-28 876144]
S2 vdo_68c6-6c81;vdo_68c6-6c81;\??\c:\windows\system32\vdo_68c6-6c81.sys --> c:\windows\system32\vdo_68c6-6c81.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-25 18560]

=============== Created Last 30 ================

2009-03-01 04:09 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 03:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 05:57 333,184 a------- c:\windows\system32\dllcache\srv.sys
2007-10-08 14:45 4,788 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat

============= FINISH: 5:17:19.50 ===============


Thank you very much for your time in reviewing the logs. Any help you can give me is greatly appreciated!

Julie
Attached Files
File Type: zip ark.zip (12.0 KB, 4 views)
File Type: zip Attach.zip (5.1 KB, 3 views)

__________________
julz.anderson05 is offline  
Old 03-03-2009, 04:19 AM   #2
Security Team
Analyst
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,242
OS: XP



Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

__________________
Member of ASAP since 2007
Member of UNITE since 2008


If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Old 03-05-2009, 05:18 PM   #3
Registered Member
 
Join Date: Feb 2009
Posts: 5
OS: Windows XP Professional



Hello and thank you for your reply. I have ran combofix and the following is the log from it.

Thanks so much for your help. Waiting for next instructions.


ComboFix 09-03-04.01 - HP_Administrator 2009-03-05 18:54:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.320 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\_005112_.tmp.dll
c:\windows\system32\_005113_.tmp.dll
c:\windows\system32\_005114_.tmp.dll
c:\windows\system32\_005115_.tmp.dll
c:\windows\system32\_005118_.tmp.dll
c:\windows\system32\_005119_.tmp.dll
c:\windows\system32\_005120_.tmp.dll
c:\windows\system32\_005121_.tmp.dll
c:\windows\system32\_005122_.tmp.dll
c:\windows\system32\_005123_.tmp.dll
c:\windows\system32\_005124_.tmp.dll
c:\windows\system32\_005125_.tmp.dll
c:\windows\system32\_005127_.tmp.dll
c:\windows\system32\_005128_.tmp.dll
c:\windows\system32\_005131_.tmp.dll
c:\windows\system32\_005132_.tmp.dll
c:\windows\system32\_005134_.tmp.dll
c:\windows\system32\_005135_.tmp.dll
c:\windows\system32\_005136_.tmp.dll
c:\windows\system32\_005138_.tmp.dll
c:\windows\system32\_005140_.tmp.dll
c:\windows\system32\_005141_.tmp.dll
c:\windows\system32\_005142_.tmp.dll
c:\windows\system32\_005143_.tmp.dll
c:\windows\system32\_005144_.tmp.dll
c:\windows\system32\_005146_.tmp.dll
c:\windows\system32\_005147_.tmp.dll
c:\windows\system32\_005148_.tmp.dll
c:\windows\system32\_005149_.tmp.dll
c:\windows\system32\_005150_.tmp.dll
c:\windows\system32\_005151_.tmp.dll
c:\windows\system32\_005152_.tmp.dll
c:\windows\system32\_005154_.tmp.dll
c:\windows\system32\_005155_.tmp.dll
c:\windows\system32\_005156_.tmp.dll
c:\windows\system32\_005157_.tmp.dll
c:\windows\system32\_005158_.tmp.dll
c:\windows\system32\_005160_.tmp.dll
c:\windows\system32\_005161_.tmp.dll
c:\windows\system32\_005162_.tmp.dll
c:\windows\system32\_005163_.tmp.dll
c:\windows\system32\_005164_.tmp.dll
c:\windows\system32\_005165_.tmp.dll
c:\windows\system32\_005166_.tmp.dll
c:\windows\system32\_005168_.tmp.dll
c:\windows\system32\_005169_.tmp.dll
c:\windows\system32\_005170_.tmp.dll
c:\windows\system32\_005171_.tmp.dll
c:\windows\system32\_005172_.tmp.dll
c:\windows\system32\_005173_.tmp.dll
c:\windows\system32\_005175_.tmp.dll
c:\windows\system32\_005178_.tmp.dll
c:\windows\system32\_005179_.tmp.dll
c:\windows\system32\_005183_.tmp.dll
c:\windows\system32\_005184_.tmp.dll
c:\windows\system32\_005186_.tmp.dll
c:\windows\system32\_005188_.tmp.dll
c:\windows\system32\_005189_.tmp.dll
c:\windows\system32\_005191_.tmp.dll
c:\windows\system32\_005192_.tmp.dll
c:\windows\system32\_005193_.tmp.dll
c:\windows\system32\_005194_.tmp.dll
c:\windows\system32\_005197_.tmp.dll
c:\windows\system32\_005198_.tmp.dll
c:\windows\system32\_005199_.tmp.dll
c:\windows\system32\_005200_.tmp.dll
c:\windows\system32\_005201_.tmp.dll
c:\windows\system32\_005206_.tmp.dll
c:\windows\system32\_005208_.tmp.dll
c:\windows\system32\_005209_.tmp.dll
c:\windows\system32\AutoRun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 )))))))))))))))))))))))))))))))
.

2009-03-01 05:21 . 2009-03-01 18:17 250 --a------ c:\windows\gmer.ini
2009-03-01 04:09 . 2009-03-01 04:09 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-25 11:46 . 2009-02-25 11:46 <DIR> d-------- c:\documents and settings\Mateo\Application Data\MySpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 01:03 --------- d-----w c:\program files\OpenOffice.org1.1.5
2009-03-01 10:32 --------- d-----w c:\program files\Norton Security Scan
2009-03-01 10:09 --------- d-----w c:\program files\Java
2009-02-25 17:48 --------- d-----w c:\documents and settings\Mateo\Application Data\LimeWire
2009-02-12 09:05 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-24 23:04 --------- d-----w c:\program files\Vuze
2009-01-24 23:03 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-01-11 16:58 --------- d-----w c:\program files\JumpStart
2009-01-11 16:58 --------- d-----w c:\documents and settings\All Users\Application Data\Knowledge Adventure
2009-01-11 16:56 --------- d-----w c:\program files\Common Files\Knowledge Adventure
2009-01-11 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-11 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-01-11 16:44 --------- d-----w c:\program files\AIM6
2009-01-11 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2007-10-08 20:45 4,788 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
OpenOffice.org 1.1.5.lnk - c:\program files\OpenOffice.org1.1.5\program\quickstart.exe [2005-07-12 61440]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-10-15 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-14 180224]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\GameHouse\\Jigsaw\\Jigsaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-10 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2008-12-10 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090303.001\IDSxpx86.sys [2009-03-04 276344]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-10 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-25 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-28 101936]
S2 vdo_68c6-6c81;vdo_68c6-6c81;\??\c:\windows\system32\vdo_68c6-6c81.sys --> c:\windows\system32\vdo_68c6-6c81.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-25 18560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-03-05 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 19:03:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1676)
c:\windows\system32\WRLogonNTF.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxcycoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\OpenOffice.org1.1.5\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-03-05 19:08:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-06 01:08:48

Pre-Run: 148,309,053,440 bytes free
Post-Run: 152,151,252,992 bytes free

273 --- E O F --- 2009-03-05 09:00:49
__________________
julz.anderson05 is offline  
Old 03-06-2009, 03:52 AM   #4
Security Team
Analyst
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,242
OS: XP



Hello again julz

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

======

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here
ViewpointToolbar<---See Here for more information
Viewpoint Manager<---This program is used to update the Viewpoint Media Player. This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.
WildTangent Web Driver<---Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including

* Operating System Version
* CPU Type and Speed
* Memory Amount
* Video Card type and Driver Version
* Sound Card type and Driver Version
* DirectX Version
* Location that the Web Driver was installed from


=======

Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\Documents and Settings\HP_Administrator\Shared\avant - message in a bottle.mp3
C:\Documents and Settings\HP_Administrator\Incomplete\preview-t5745425-smell money syles p.mp3
C:\Documents and Settings\HP_Administrator\Incomplete\preview-t5745425-the game - red magic (ft. lil wayne).mp3
C:\Documents and Settings\HP_Administrator\Incomplete\t-5745425-the game - red magic (ft. lil wayne).mp3

Folder::
c:\documents and settings\Mateo\Application Data\LimeWire
c:\program files\Vuze
c:\documents and settings\HP_Administrator\Application Data\Azureus

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 12. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
    • J2SE Runtime Environment 5.0 Update 10
      Java(TM) SE Runtime Environment 6
      Java(TM) 6 Update 2
      Java(TM) 6 Update 3
      Java(TM) 6 Update 7
      Java(TM) 6 Update 11
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

=========

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

=========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

This animation will guide you through the process:




To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

==========
Logs Required
C:\Combofix.txt
Kaspersky Scan Report


How is your system running now.
__________________
Member of ASAP since 2007
Member of UNITE since 2008


If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Old 03-09-2009, 02:37 PM   #5
Registered Member
 
Join Date: Feb 2009
Posts: 5
OS: Windows XP Professional



Hello Bruce,

Thank you for the details and instructions! I followed them and my logs are below. My computer is running much faster now and my Norton does not detect the virus anymore.

Thank you so much for your help!


Combofix

ComboFix 09-03-06.02 - HP_Administrator 2009-03-08 18:52:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.313 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFscript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\documents and settings\HP_Administrator\Incomplete\preview-t5745425-smell money syles p.mp3
c:\documents and settings\HP_Administrator\Incomplete\preview-t5745425-the game - red magic (ft. lil wayne).mp3
c:\documents and settings\HP_Administrator\Incomplete\t-5745425-the game - red magic (ft. lil wayne).mp3
c:\documents and settings\HP_Administrator\Shared\avant - message in a bottle.mp3
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\Azureus
c:\documents and settings\HP_Administrator\Application Data\Azureus\.certs
c:\documents and settings\HP_Administrator\Application Data\Azureus\.keystore
c:\documents and settings\HP_Administrator\Application Data\Azureus\.lock
c:\documents and settings\HP_Administrator\Application Data\Azureus\active\587329B329A611D8A5262A237B284CA82BC8183F.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\active\587329B329A611D8A5262A237B284CA82BC8183F.dat.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\active\5E15EEAC08C739F29E411B78D10447DD96E12009.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\active\5E15EEAC08C739F29E411B78D10447DD96E12009.dat.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\active\cache.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\azureus.config
c:\documents and settings\HP_Administrator\Application Data\Azureus\azureus.config.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\azureus.statistics
c:\documents and settings\HP_Administrator\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\dht\general.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\dht\version.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\downloads.config
c:\documents and settings\HP_Administrator\Application Data\Azureus\downloads.config.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\friends.config
c:\documents and settings\HP_Administrator\Application Data\Azureus\ipfilter.cache
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_alerts_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_AutoSpeedSearchHistory_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_clientid_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_debug_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_Friends_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_MetaSearch_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_MetaSearch_Engine_3.txt
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_NetStatus_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_seltrace_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_Subscriptions_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_thread_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_thread_2.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_v3.ads_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_v3.CMsgr_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_v3.emp_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_v3.Friends_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_v3.MD_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_v3.PMsgr_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_v3.PMsgr_2.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\save\1232837873941_v3.Stream_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\v3.emp_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\v3.MD_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\v3.PMsgr_2.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\HP_Administrator\Application Data\Azureus\media\azpd\LBZSTMZJUYI5RJJGFIRXWKCMVAV4QGB7.azpd
c:\documents and settings\HP_Administrator\Application Data\Azureus\media\azpd\LYK65LAIY447FHSBDN4NCBCH3WLOCIAJ.azpd
c:\documents and settings\HP_Administrator\Application Data\Azureus\metasearch.config
c:\documents and settings\HP_Administrator\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\net\pm_6478.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\sidebarauto.config
c:\documents and settings\HP_Administrator\Application Data\Azureus\subs\19D197C718E86D5B1B15.vuze
c:\documents and settings\HP_Administrator\Application Data\Azureus\subs\6CE4CD4B41EB765CCBCF.vuze
c:\documents and settings\HP_Administrator\Application Data\Azureus\subs\808C6635290D32689561.vuze
c:\documents and settings\HP_Administrator\Application Data\Azureus\subs\8DE6E5753F5ADF094F49.vuze
c:\documents and settings\HP_Administrator\Application Data\Azureus\subs\95B34C1A1F40931D0972.vuze
c:\documents and settings\HP_Administrator\Application Data\Azureus\subscriptions.config
c:\documents and settings\HP_Administrator\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\tables.config
c:\documents and settings\HP_Administrator\Application Data\Azureus\tables.config.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\timingstats.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\tmp\AZU5988.tmp
c:\documents and settings\HP_Administrator\Application Data\Azureus\tmp\AZU5989.tmp
c:\documents and settings\HP_Administrator\Application Data\Azureus\tmp\AZU5990.tmp
c:\documents and settings\HP_Administrator\Application Data\Azureus\tmp\AZU5991.tmp
c:\documents and settings\HP_Administrator\Application Data\Azureus\tmp\AZU5992.tmp
c:\documents and settings\HP_Administrator\Application Data\Azureus\tmp\AZU5993.tmp
c:\documents and settings\HP_Administrator\Application Data\Azureus\tmp\AZU5994.tmp
c:\documents and settings\HP_Administrator\Application Data\Azureus\tmp\AZU5995.tmp
c:\documents and settings\HP_Administrator\Application Data\Azureus\tmp\AZU5996.tmp
c:\documents and settings\HP_Administrator\Application Data\Azureus\torrents\AZU9945.tmp
c:\documents and settings\HP_Administrator\Application Data\Azureus\torrents\Role Models Cast [LYK65LAIY447FHSBDN4NCBCH3WLOCIAJ].torrent
c:\documents and settings\HP_Administrator\Application Data\Azureus\torrents\The Wedding Day [LBZSTMZJUYI5RJJGFIRXWKCMVAV4QGB7].torrent
c:\documents and settings\HP_Administrator\Application Data\Azureus\tracker.config
c:\documents and settings\HP_Administrator\Application Data\Azureus\tracker.config.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\unsentdata.config
c:\documents and settings\HP_Administrator\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\HP_Administrator\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\HP_Administrator\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\HP_Administrator\Application Data\Azureus\VuzeActivities.config.bak
c:\documents and settings\Mateo\Application Data\LimeWire
c:\documents and settings\Mateo\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Mateo\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Mateo\Application Data\LimeWire\library.dat
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Mateo\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\program files\Vuze
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\mplayer\config
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.32

.
((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.

2009-03-07 15:30 . 2009-03-07 15:30 <DIR> d-------- c:\windows\LastGood
2009-03-07 15:30 . 2009-02-27 06:02 36,400 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-03-01 06:21 . 2009-03-01 19:17 250 --a------ c:\windows\gmer.ini
2009-03-01 05:09 . 2009-03-01 05:09 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-25 12:46 . 2009-02-25 12:46 <DIR> d-------- c:\documents and settings\Mateo\Application Data\MySpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 23:42 --------- d-----w c:\program files\WildTangent
2009-03-08 23:42 --------- d-----w c:\program files\HP Games
2009-03-08 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2009-03-08 23:38 --------- d-----w c:\program files\Viewpoint
2009-03-08 23:38 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Viewpoint
2009-03-08 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-07 20:29 --------- d-----w c:\program files\OpenOffice.org1.1.5
2009-03-06 03:18 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-06 03:18 7,386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-06 03:18 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-06 03:18 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-06 03:18 --------- d-----w c:\program files\Symantec
2009-03-01 10:32 --------- d-----w c:\program files\Norton Security Scan
2009-03-01 10:09 --------- d-----w c:\program files\Java
2009-02-12 09:05 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-17 03:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-11 16:58 --------- d-----w c:\program files\JumpStart
2009-01-11 16:58 --------- d-----w c:\documents and settings\All Users\Application Data\Knowledge Adventure
2009-01-11 16:56 --------- d-----w c:\program files\Common Files\Knowledge Adventure
2009-01-11 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-01-11 16:44 --------- d-----w c:\program files\AIM6
2009-01-11 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2007-10-08 20:45 4,788 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-05_19.07.48.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-12-05 09:52:09 36,272 ----a-r c:\windows\LastGood\system32\DRIVERS\SymIM.sys
- 2000-08-31 14:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 14:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2009-02-27 11:02:23 258,608 ----a-w c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys
+ 2009-03-06 03:17:40 482,352 ----a-w c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys
+ 2009-02-27 11:02:23 307,760 ----a-w c:\windows\system32\drivers\NAV\1005000.086\srtsp.sys
+ 2009-02-27 11:02:23 43,696 ----a-w c:\windows\system32\drivers\NAV\1005000.086\srtspx.sys
+ 2009-02-27 11:02:23 310,320 ----a-w c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys
+ 2009-02-27 11:02:23 89,776 ----a-w c:\windows\system32\drivers\NAV\1005000.086\symfw.sys
+ 2009-02-27 11:02:23 34,736 ----a-w c:\windows\system32\drivers\NAV\1005000.086\symids.sys
+ 2009-02-27 11:02:23 37,296 ----a-w c:\windows\system32\drivers\NAV\1005000.086\symndis.sys
+ 2009-02-27 11:02:23 39,984 ----a-w c:\windows\system32\drivers\NAV\1005000.086\symndisv.sys
+ 2009-02-27 11:02:23 217,392 ----a-w c:\windows\system32\drivers\NAV\1005000.086\symtdi.sys
+ 2009-03-07 20:32:28 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_1400.dat
+ 2009-03-07 20:27:49 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_5dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-04 235936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
OpenOffice.org 1.1.5.lnk - c:\program files\OpenOffice.org1.1.5\program\quickstart.exe [2005-07-12 61440]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-10-15 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-15 180224]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\GameHouse\\Jigsaw\\Jigsaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [2009-03-05 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [2009-03-05 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [2009-03-05 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090303.001\IDSxpx86.sys [2009-03-04 276344]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-03-05 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-28 101936]
S2 vdo_68c6-6c81;vdo_68c6-6c81;\??\c:\windows\system32\vdo_68c6-6c81.sys --> c:\windows\system32\vdo_68c6-6c81.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-25 18560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2009-03-08 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 18:55:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1664)
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2009-03-08 18:57:40
ComboFix-quarantined-files.txt 2009-03-08 23:57:35
ComboFix2.txt 2009-03-06 01:08:54

Pre-Run: 152,791,367,680 bytes free
Post-Run: 152,804,962,304 bytes free

348 --- E O F --- 2009-03-08 09:00:27






Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 09, 2009 00:57:06
Records in database: 1881392
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 121222
Threat name: 1
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:30:58


File name / Threat name / Threats count
D:\I386\APPS\APP02654\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP02654\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

The selected area was scanned.
__________________
julz.anderson05 is offline  
Old 03-09-2009, 03:42 PM   #6
Security Team
Analyst
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,242
OS: XP



Hello again julz

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
D:\I386\APPS\APP02654\src\CompaqPresario_Spring06.exe
D:\I386\APPS\APP02654\src\HPPavillion_Spring06.exe

Folder::
c:\program files\WildTangent
c:\documents and settings\All Users\Application Data\WildTangent
c:\program files\Viewpoint
c:\documents and settings\HP_Administrator\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the C:\Combofix.txt in your reply for review.
__________________
Member of ASAP since 2007
Member of UNITE since 2008


If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Old 03-11-2009, 06:44 PM   #7
Registered Member
 
Join Date: Feb 2009
Posts: 5
OS: Windows XP Professional



Hello Bruce,

I followed your instructions and below is the log you requested.


Thanks for your help!!

ComboFix 09-03-10.03 - HP_Administrator 2009-03-11 20:30:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.342 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFscript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
d:\i386\APPS\APP02654\src\CompaqPresario_Spring06.exe
d:\i386\APPS\APP02654\src\HPPavillion_Spring06.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1796378331.mtj&p2=0&p3=08279261237859470399166825666033&p4=0
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1805535082.mtj&p2=0&p3=08279261237859470399166825666033&p4=0
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
c:\documents and settings\All Users\Application Data\WildTangent
c:\documents and settings\All Users\Application Data\WildTangent\moregames.ico
c:\documents and settings\All Users\Application Data\WildTangent\oem-eula.exe
c:\documents and settings\HP_Administrator\Application Data\Viewpoint
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1324369662.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1627719655.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-299397824.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-873313396.mtz
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1054459834.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1624992797.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1991437604.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1679681788.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1859761695.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1381594637.mts
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1850579979.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1099791092.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\170927699.swf
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\HP_Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\WildTangent
c:\program files\WildTangent\LicenseStores\WT\WT.sto
d:\i386\APPS\APP02654\src\CompaqPresario_Spring06.exe
d:\i386\APPS\APP02654\src\HPPavillion_Spring06.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-08 19:48 . 2009-03-08 19:47 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-08 19:21 . 2009-03-08 19:24 76,633,496 --a------ c:\program files\jdk-6u12-windows-i586-p.exe
2009-03-08 19:20 . 2009-03-08 19:24 <DIR> d-------- c:\documents and settings\HP_Administrator\.SunDownloadManager
2009-03-07 15:30 . 2009-02-27 06:02 36,400 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-03-01 06:21 . 2009-03-01 19:17 250 --a------ c:\windows\gmer.ini
2009-03-01 05:09 . 2009-03-08 19:47 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-25 12:46 . 2009-02-25 12:46 <DIR> d-------- c:\documents and settings\Mateo\Application Data\MySpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 19:28 --------- d-----w c:\program files\OpenOffice.org1.1.5
2009-03-11 08:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-09 00:47 --------- d-----w c:\program files\Java
2009-03-08 23:42 --------- d-----w c:\program files\HP Games
2009-03-06 03:18 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-06 03:18 7,386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-06 03:18 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-06 03:18 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-06 03:18 --------- d-----w c:\program files\Symantec
2009-03-01 10:32 --------- d-----w c:\program files\Norton Security Scan
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:19 1,846,272 ------w c:\windows\system32\win32k.sys
2009-01-17 03:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2007-10-08 20:45 4,788 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-05_19.07.48.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 10:20:05 1,847,424 ----a-w c:\windows\$hf_mig$\KB958690\SP2QFE\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\$hf_mig$\KB958690\SP3GDR\win32k.sys
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:41:26 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP2QFE\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3GDR\schannel.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
- 2005-10-21 02:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2009-02-12 09:05:04 1,165,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-11 08:01:13 1,165,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-02-12 09:05:05 20,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-11 08:01:14 20,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-12 09:05:04 159,504 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-11 08:01:13 159,504 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-02-12 09:05:04 184,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-11 08:01:13 184,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-02-12 09:05:04 217,864 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-11 08:01:14 217,864 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-12 09:05:05 18,704 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-11 08:01:14 18,704 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-12 09:05:06 35,088 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-11 08:01:14 35,088 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-12 09:05:04 845,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-11 08:01:14 845,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-02-12 09:05:04 922,384 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-11 08:01:14 922,384 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-02-12 09:05:04 272,648 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-11 08:01:14 272,648 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-12 09:05:06 888,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-11 08:01:14 888,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-02-12 09:05:04 1,172,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-11 08:01:13 1,172,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2000-08-31 14:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 14:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2007-04-25 14:21:15 144,896 ----a-w c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\dllcache\schannel.dll
- 2007-06-12 04:51:12 10,834,944 ----a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 23:34:42 10,838,016 ----a-w c:\windows\system32\dllcache\wmp.dll
+ 2009-02-27 11:02:23 258,608 ----a-w c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys
+ 2009-03-06 03:17:40 482,352 ----a-w c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys
+ 2009-02-27 11:02:23 307,760 ----a-w c:\windows\system32\drivers\NAV\1005000.086\srtsp.sys
+ 2009-02-27 11:02:23 43,696 ----a-w c:\windows\system32\drivers\NAV\1005000.086\srtspx.sys
+ 2009-02-27 11:02:23 310,320 ----a-w c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys
+ 2009-02-27 11:02:23 89,776 ----a-w c:\windows\system32\drivers\NAV\1005000.086\symfw.sys
+ 2009-02-27 11:02:23 34,736 ----a-w c:\windows\system32\drivers\NAV\1005000.086\symids.sys
+ 2009-02-27 11:02:23 37,296 ----a-w c:\windows\system32\drivers\NAV\1005000.086\symndis.sys
+ 2009-02-27 11:02:23 39,984 ----a-w c:\windows\system32\drivers\NAV\1005000.086\symndisv.sys
+ 2009-02-27 11:02:23 217,392 ----a-w c:\windows\system32\drivers\NAV\1005000.086\symtdi.sys
- 2009-01-11 18:45:33 374,464 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-11 08:10:38 374,464 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-03-01 10:09:16 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-03-09 00:47:40 144,792 ----a-w c:\windows\system32\java.exe
- 2009-03-01 10:09:17 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-09 00:47:40 144,792 ----a-w c:\windows\system32\javaw.exe
- 2009-03-01 10:09:17 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-09 00:47:40 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-12-25 16:19:08 65,248 ------w c:\windows\system32\perfc009.dat
+ 2009-03-09 00:42:37 65,248 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-25 16:19:08 410,904 ------w c:\windows\system32\perfh009.dat
+ 2009-03-09 00:42:38 410,904 ----a-w c:\windows\system32\perfh009.dat
- 2007-04-25 14:21:15 144,896 ------w c:\windows\system32\schannel.dll
+ 2008-12-05 07:12:45 144,896 ------w c:\windows\system32\schannel.dll
- 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2007-08-11 01:46:18 26,488 ------w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 14:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2007-06-12 04:51:12 10,834,944 ------w c:\windows\system32\wmp.dll
+ 2008-11-11 23:34:42 10,838,016 ------w c:\windows\system32\wmp.dll
- 2009-03-06 01:01:45 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_2d8.dat
+ 2009-03-11 08:13:04 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_2d8.dat
+ 2009-03-11 08:11:28 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_4a4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
OpenOffice.org 1.1.5.lnk - c:\program files\OpenOffice.org1.1.5\program\quickstart.exe [2005-07-12 61440]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-10-15 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-15 180224]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\GameHouse\\Jigsaw\\Jigsaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [2009-03-05 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [2009-03-05 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [2009-03-05 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSXpx86.sys [2009-03-11 276344]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-03-05 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-28 101936]
S2 vdo_68c6-6c81;vdo_68c6-6c81;\??\c:\windows\system32\vdo_68c6-6c81.sys --> c:\windows\system32\vdo_68c6-6c81.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-25 18560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2009-03-11 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient/PTGameLauncher.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 20:34:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1636)
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2009-03-11 20:35:58
ComboFix-quarantined-files.txt 2009-03-12 01:35:55
ComboFix2.txt 2009-03-08 23:57:41
ComboFix3.txt 2009-03-06 01:08:54

Pre-Run: 152,522,276,864 bytes free
Post-Run: 152,563,859,456 bytes free

327 --- E O F --- 2009-03-11 08:02:48
__________________
julz.anderson05 is offline  
Old 03-12-2009, 03:46 AM   #8
Security Team
Analyst
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,242
OS: XP



If there are no further issues, continue below.

========

Delete DDS from your desktop. You can keep ATF-Cleaner if you wish, otherwise delete from desktop.

=========

Well done, your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok.

==========

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.


Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.


For Internet Explorer users:
WOT for IE

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items

------------------------------------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Secunia PSI is a programme that will alert you to vulnerabilities and outdated programs you have installed, such as Java, Flash Player and many more.

It can also alert you if you have not installed the latest patches from Microsoft.

==============================================

Also, please take a look at this well written article:

PC Safety and Security--What Do I Need?

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.
__________________
Member of ASAP since 2007
Member of UNITE since 2008


If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Old 03-12-2009, 05:34 AM   #9
Registered Member
 
Join Date: Feb 2009
Posts: 5
OS: Windows XP Professional



Thank you for all of your help. I will follow your suggestions to secure my PC. That is great information!! My PC is running smoothly again thanks to your help! I appreciate that. You can close this thread now.

Thanks!!!
Julz
__________________
julz.anderson05 is offline  
Old 03-12-2009, 06:28 AM   #10
Security Team
Analyst
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 5,242
OS: XP



You`re welcome

__________________
Member of ASAP since 2007
Member of UNITE since 2008


If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 02:04 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts