Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

Virus Removal Help Needed

This is a discussion on Virus Removal Help Needed within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hi- I have been having a ton of troubles with my computer lately. I have scanned everything using Norton 360


Reply
 
Thread Tools Search this Thread
Old 07-24-2010, 03:52 PM   #1
Registered Member
 
Join Date: Jul 2010
Posts: 6
OS: XP



Hi-

I have been having a ton of troubles with my computer lately. I have scanned everything using Norton 360 (previously McAfee which is now expired), Malware Bytes, HitmanPro,etc. with no luck. I am hoping this is the place that can help. I have attached a copy of the hijackthis log and combofix log. I am not the greatest with computers so any detailed instructions to get rid of this virus will help greatly. Thanks in advance!!!

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:59:47 PM, on 7/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1180840173\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.2.0.12\IPSBHO.DLL
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.2.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180840173\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [RegistryQuick.exe] C:\Program Files\Rq\RegistryQuick.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Documents and Settings\Bradley Zaumseil\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Documents and Settings\Bradley Zaumseil\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoSysTray.exe
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe -t
O4 - HKUS\S-1-5-18\..\Run: [yltedbmi] C:\Documents and Settings\NetworkService\Local Settings\Application Data\utshdnyut\jogrwvqtssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [yltedbmi] C:\Documents and Settings\NetworkService\Local Settings\Application Data\utshdnyut\jogrwvqtssd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1010011 (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128273016421
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Validation Trust Protection Service mfevtpw32time (mfevtpw32time) - Unknown owner - C:\WINDOWS\system32\12520437w.exe (file missing)
O23 - Service: McAfee Anti-Spam Service MSK80ServiceALG (MSK80ServiceALG) - Unknown owner - C:\WINDOWS\system32\1054g.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)
O23 - Service: Uninterruptible Power Supply UPSclr_optimization_v2.0.50727_32 (UPSclr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\system32\ACCTRESx.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11762 bytes

COMBOFIX Log:
ComboFix 10-07-24.01 - 07/24/2010 15:17:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.209 [GMT -7:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\GoToAssistDownloadHelper.exe
c:\windows\system32\603538015.dat
c:\windows\SYSTEM32\DRIVERS\61203KR.sys

Infected copy of c:\windows\system32\drivers\ULTRA.SYS was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-17 16:47 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-17 05:59 . 2010-07-17 05:59 -------- d-----w- c:\program files\iPod
2010-07-17 05:58 . 2010-07-17 06:00 -------- d-----w- c:\program files\iTunes
2010-07-17 05:58 . 2010-07-17 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-17 05:52 . 2010-07-17 05:53 -------- d-----w- c:\program files\QuickTime
2010-07-17 05:47 . 2010-07-17 05:47 -------- d-----w- c:\program files\Bonjour
2010-07-17 05:43 . 2010-07-17 05:44 -------- d-----w- c:\program files\Safari
2010-07-11 05:38 . 2010-07-11 05:38 -------- d-----w- c:\program files\Trend Micro
2010-07-08 00:19 . 2010-07-08 00:19 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-07-07 19:06 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-07-07 19:06 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-07-07 19:06 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-07-07 19:06 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-07-07 19:06 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-07-07 19:06 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-07-04 19:25 . 2010-07-04 19:25 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-04 19:25 . 2010-07-04 19:25 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-04 19:25 . 2010-07-06 19:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-04 19:25 . 2010-07-04 19:25 -------- d-----w- c:\program files\Symantec
2010-07-04 19:22 . 2010-07-07 23:38 -------- d-----w- c:\windows\system32\drivers\N360
2010-07-04 19:22 . 2010-07-04 19:22 -------- d-----w- c:\program files\Norton 360
2010-07-04 19:22 . 2010-07-04 19:22 -------- d-----w- c:\program files\Windows Sidebar
2010-07-04 19:15 . 2010-07-04 19:15 -------- d-----w- c:\program files\NortonInstaller
2010-07-04 19:15 . 2010-07-04 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-04 19:12 . 2010-07-04 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-04 02:37 . 2010-07-04 02:37 -------- d-----w- c:\documents and settings\Local Settings\Application Data\PackageAware
2010-07-03 21:53 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-03 21:53 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 06:14 . 2006-12-26 20:05 -------- d-----w- c:\documents and settings\Application Data\Apple Computer
2010-07-17 05:59 . 2007-12-15 17:02 -------- d-----w- c:\program files\Common Files\Apple
2010-07-17 05:45 . 2010-07-17 05:45 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-17 05:40 . 2010-07-17 05:40 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-11 05:38 . 2010-07-11 05:38 388096 ----a-r- c:\documents and settings\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-04 19:40 . 2006-07-14 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-04 19:40 . 2006-07-14 19:19 -------- d-----w- c:\program files\McAfee
2010-07-04 19:39 . 2005-04-01 17:42 -------- d-----w- c:\program files\McAfee.com
2010-07-04 19:39 . 2006-07-29 22:52 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-04 19:25 . 2010-07-04 19:25 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-04 19:25 . 2010-07-04 19:25 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-03 23:04 . 2010-05-22 02:18 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-26 19:42 . 2010-05-23 06:21 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-05-27 02:00 . 2005-04-01 17:35 -------- d-----w- c:\program files\Common Files\Java
2010-05-27 01:56 . 2010-05-27 01:56 61440 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47a78c81-n\decora-sse.dll
2010-05-27 01:56 . 2010-05-27 01:56 503808 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-108b5111-n\msvcp71.dll
2010-05-27 01:56 . 2010-05-27 01:56 499712 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-108b5111-n\jmc.dll
2010-05-27 01:56 . 2010-05-27 01:56 348160 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-108b5111-n\msvcr71.dll
2010-05-27 01:56 . 2010-05-27 01:56 12800 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47a78c81-n\decora-d3d.dll
2010-05-27 01:51 . 2010-05-27 01:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 01:50 . 2005-04-01 17:35 -------- d-----w- c:\program files\Java
2010-05-26 01:38 . 2010-05-26 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-23 06:26 . 2010-05-23 06:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 19:07 . 2010-05-12 19:07 36736 ----a-w- c:\windows\system32\drivers\ULTRA.SYS
2010-05-09 20:59 . 2009-10-01 02:34 48100 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-06 10:41 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 05:45 . 2005-04-07 04:00 50768 ----a-w- c:\documents and settings\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 22:39 . 2010-05-22 19:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-05-22 19:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-07-21 15:10 . 2005-07-21 15:10 0 ----a-w- c:\program files\MCAFEE.CXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PlaxoUpdate"="c:\documents and settings\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe" [2010-06-30 773448]
"PlaxoSysTray"="c:\documents and settings\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoSysTray.exe" [2010-06-30 15688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-04-01 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-10-31 101888]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1180840173\ee\AOLSoftware.exe" [2006-09-26 50736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-07-04 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-4-1 156784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1180840173\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symds.sys [7/7/2010 12:06 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symefa.sys [7/7/2010 12:06 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/14/2010 12:06 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\cchpx86.sys [7/7/2010 12:06 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\ironx86.sys [7/7/2010 12:06 PM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccsvchst.exe [7/7/2010 12:06 PM 126392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/3/2008 12:03 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/24/2010 9:44 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100723.001\IDSXpx86.sys [7/23/2010 5:08 PM 331640]
S1 61203KR;61203KR;c:\windows\system32\drivers\61203KR.sys --> c:\windows\system32\drivers\61203KR.sys [?]
S1 MpKsl7796e192;MpKsl7796e192;\??\c:\windows\system32\MpEngineStore\MpKsl7796e192.sys --> c:\windows\system32\MpEngineStore\MpKsl7796e192.sys [?]
S2 HOHROBJQ;HOHROBJQ;\??\c:\windows\system32\hohrobjq.coc --> c:\windows\system32\hohrobjq.coc [?]
S2 mfevtpw32time;McAfee Validation Trust Protection Service mfevtpw32time;c:\windows\system32\12520437w.exe srv --> c:\windows\system32\12520437w.exe srv [?]
S2 MSK80ServiceALG;McAfee Anti-Spam Service MSK80ServiceALG;c:\windows\system32\1054g.exe srv --> c:\windows\system32\1054g.exe srv [?]
S2 UPSclr_optimization_v2.0.50727_32;Uninterruptible Power Supply UPSclr_optimization_v2.0.50727_32;c:\windows\system32\ACCTRESx.exe srv --> c:\windows\system32\ACCTRESx.exe srv [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [5/22/2010 12:32 PM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://espn.go.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-UpdateMyDrivers - c:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe
HKLM-Run-RegistryQuick.exe - c:\program files\Rq\RegistryQuick.exe
SafeBoot-61203KR
AddRemove-IrfanView - c:\documents and settings\Desktop\iv_uninstall.exe
AddRemove-McAfee Uninstall Utility - c:\progra~1\McAfee.com\Shared\mcappins.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 15:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-24 15:36:56
ComboFix-quarantined-files.txt 2010-07-24 22:36

Pre-Run: 52,610,514,944 bytes free
Post-Run: 52,990,439,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 21C4E8B5613D8B626552DFF471692394

__________________
babyz18 is offline   Reply With Quote
Old 07-25-2010, 01:30 PM   #2
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code:
Driver::
61203KR
MpKsl7796e192
mfevtpw32time
MSK80ServiceALG
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



How is everything running??

__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 07-25-2010, 11:16 PM   #3
Registered Member
 
Join Date: Jul 2010
Posts: 6
OS: XP



Hi-

My computer seems to be running a lot better. Still a little on the slower side but definitely much better than it has been since I got the virus. I have attached for you my newest log after following your steps. Please let me know what else you recommend, if anything.

Thanks!

COMBOFIX Log:

ComboFix 10-07-24.04 - 07/25/2010 22:47:57.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.178 [GMT -7:00]
Running from: c:\documents and settings\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MFEVTPW32TIME
-------\Legacy_MPKSL7796E192
-------\Legacy_MSK80SERVICEALG
-------\Service_61203KR
-------\Service_mfevtpw32time
-------\Service_MpKsl7796e192
-------\Service_MSK80ServiceALG


((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-17 16:47 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-17 05:59 . 2010-07-17 05:59 -------- d-----w- c:\program files\iPod
2010-07-17 05:58 . 2010-07-17 06:00 -------- d-----w- c:\program files\iTunes
2010-07-17 05:58 . 2010-07-17 06:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-17 05:52 . 2010-07-17 05:53 -------- d-----w- c:\program files\QuickTime
2010-07-17 05:47 . 2010-07-17 05:47 -------- d-----w- c:\program files\Bonjour
2010-07-17 05:43 . 2010-07-17 05:44 -------- d-----w- c:\program files\Safari
2010-07-11 05:38 . 2010-07-11 05:38 -------- d-----w- c:\program files\Trend Micro
2010-07-08 00:19 . 2010-07-08 00:19 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-07-07 19:06 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-07-07 19:06 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-07-07 19:06 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-07-07 19:06 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-07-07 19:06 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-07-07 19:06 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-07-04 19:25 . 2010-07-04 19:25 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-04 19:25 . 2010-07-04 19:25 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-04 19:25 . 2010-07-06 19:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-04 19:25 . 2010-07-04 19:25 -------- d-----w- c:\program files\Symantec
2010-07-04 19:22 . 2010-07-07 23:38 -------- d-----w- c:\windows\system32\drivers\N360
2010-07-04 19:22 . 2010-07-04 19:22 -------- d-----w- c:\program files\Norton 360
2010-07-04 19:22 . 2010-07-04 19:22 -------- d-----w- c:\program files\Windows Sidebar
2010-07-04 19:15 . 2010-07-04 19:15 -------- d-----w- c:\program files\NortonInstaller
2010-07-04 19:15 . 2010-07-04 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-04 19:12 . 2010-07-04 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-04 02:37 . 2010-07-04 02:37 -------- d-----w- c:\documents and settings\Local Settings\Application Data\PackageAware
2010-07-03 21:53 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-03 21:53 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 06:14 . 2006-12-26 20:05 -------- d-----w- c:\documents and settings\Application Data\Apple Computer
2010-07-17 05:59 . 2007-12-15 17:02 -------- d-----w- c:\program files\Common Files\Apple
2010-07-17 05:45 . 2010-07-17 05:45 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-17 05:40 . 2010-07-17 05:40 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-11 05:38 . 2010-07-11 05:38 388096 ----a-r- c:\documents and settings\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-04 19:40 . 2006-07-14 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-04 19:40 . 2006-07-14 19:19 -------- d-----w- c:\program files\McAfee
2010-07-04 19:39 . 2005-04-01 17:42 -------- d-----w- c:\program files\McAfee.com
2010-07-04 19:39 . 2006-07-29 22:52 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-04 19:25 . 2010-07-04 19:25 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-04 19:25 . 2010-07-04 19:25 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-03 23:04 . 2010-05-22 02:18 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-26 19:42 . 2010-05-23 06:21 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-14 14:31 . 2004-08-04 11:00 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-05-27 01:56 . 2010-05-27 01:56 61440 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47a78c81-n\decora-sse.dll
2010-05-27 01:56 . 2010-05-27 01:56 503808 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-108b5111-n\msvcp71.dll
2010-05-27 01:56 . 2010-05-27 01:56 499712 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-108b5111-n\jmc.dll
2010-05-27 01:56 . 2010-05-27 01:56 348160 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-108b5111-n\msvcr71.dll
2010-05-27 01:56 . 2010-05-27 01:56 12800 ----a-w- c:\documents and settings\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47a78c81-n\decora-d3d.dll
2010-05-27 01:51 . 2010-05-27 01:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 06:26 . 2010-05-23 06:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 19:07 . 2010-05-12 19:07 36736 ----a-w- c:\windows\system32\drivers\ULTRA.SYS
2010-05-09 20:59 . 2009-10-01 02:34 48100 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-06 10:41 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 05:45 . 2005-04-07 04:00 50768 ----a-w- c:\documents and settings\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 22:39 . 2010-05-22 19:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-05-22 19:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-07-21 15:10 . 2005-07-21 15:10 0 ----a-w- c:\program files\MCAFEE.CXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"PlaxoUpdate"="c:\documents and settings\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe" [2010-06-30 773448]
"PlaxoSysTray"="c:\documents and settings\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoSysTray.exe" [2010-06-30 15688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-04-01 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-10-31 101888]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1180840173\ee\AOLSoftware.exe" [2006-09-26 50736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-07-04 53248]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-4-1 156784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1180840173\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symds.sys [7/7/2010 12:06 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symefa.sys [7/7/2010 12:06 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/14/2010 12:06 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\cchpx86.sys [7/7/2010 12:06 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\ironx86.sys [7/7/2010 12:06 PM 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.2.0.12\ccsvchst.exe [7/7/2010 12:06 PM 126392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/3/2008 12:03 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/24/2010 9:44 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100723.001\IDSXpx86.sys [7/23/2010 5:08 PM 331640]
S2 HOHROBJQ;HOHROBJQ;\??\c:\windows\system32\hohrobjq.coc --> c:\windows\system32\hohrobjq.coc [?]
S2 UPSclr_optimization_v2.0.50727_32;Uninterruptible Power Supply UPSclr_optimization_v2.0.50727_32;c:\windows\system32\ACCTRESx.exe srv --> c:\windows\system32\ACCTRESx.exe srv [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [5/22/2010 12:32 PM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://espn.go.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 23:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\documents and settings\Local Settings\Application Data\Plaxo\3.24.0.119\plx_hook.dll
c:\documents and settings\Local Settings\Application Data\Plaxo\3.24.0.119\MSVCR90.dll
c:\documents and settings\Local Settings\Application Data\Plaxo\3.24.0.119\MSVCP90.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2010-07-25 23:09:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-26 06:09
ComboFix2.txt 2010-07-24 22:36

Pre-Run: 52,850,634,752 bytes free
Post-Run: 52,899,971,072 bytes free

- - End Of File - - C5E7647C4DAAC524DB124802E3AD85A1
__________________
babyz18 is offline   Reply With Quote
Old 07-26-2010, 03:39 PM   #4
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



We need to see some additional information about what is happening in your machine.
Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 07-27-2010, 11:57 AM   #5
Registered Member
 
Join Date: Jul 2010
Posts: 6
OS: XP



Thanks for the further assistance. Please find the two attached logs:

DDS:
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-14 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-7-7 501888]

=============== Created Last 30 ================

2010-07-24 22:10:14 0 d-sha-r- C:\cmdcons
2010-07-24 22:05:54 98816 ----a-w- c:\windows\sed.exe
2010-07-24 22:05:54 77312 ----a-w- c:\windows\MBR.exe
2010-07-24 22:05:54 256512 ----a-w- c:\windows\PEV.exe
2010-07-24 22:05:54 161792 ----a-w- c:\windows\SWREG.exe
2010-07-17 16:47:51 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-17 05:59:40 0 d-----w- c:\program files\iPod
2010-07-17 05:58:31 0 d-----w- c:\program files\iTunes
2010-07-17 05:58:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-17 05:47:28 0 d-----w- c:\program files\Bonjour
2010-07-11 05:38:31 0 d-----w- c:\program files\Trend Micro
2010-07-08 00:19:38 0 d-----w- c:\windows\system32\N360_BACKUP
2010-07-07 1937 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-07-07 1937 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-07-07 1936 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-07-07 1936 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-07-07 1936 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-07-07 1935 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-07-04 19:25:42 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-04 19:25:42 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-04 19:25:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-04 19:25:42 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-04 19:25:41 0 d-----w- c:\program files\Symantec
2010-07-04 19:25:41 0 d-----w- c:\program files\common files\Symantec Shared
2010-07-04 19:22:49 0 d-----w- c:\windows\system32\drivers\N360
2010-07-04 19:22:46 0 d-----w- c:\program files\Norton 360
2010-07-04 19:15:15 0 d-----w- c:\program files\NortonInstaller
2010-07-04 19:15:15 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-07-04 19:12:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-07-03 21:53:45 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-03 21:53:45 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll

==================== Find3M ====================

2010-06-26 19:42:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-27 01:51:25 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 06:26:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 23:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-09 20:59:56 48100 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2005-07-21 15:10:15 0 ----a-w- c:\program files\MCAFEE.CXE
2009-10-19 10:20:20 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-10-13 07:48:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat

============= FINISH: 11:54:51.75 ===============

ATTACH:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/5/2005 7:57:26 PM
System Uptime: 7/27/2010 11:45:39 AM (0 hours ago)

Motherboard: Dell Inc. | | 0M3918
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 49.256 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 7/3/2010 2:43:01 PM - System Checkpoint
RP2: 7/3/2010 4:03:43 PM - Removed Banctec Service Agreement
RP3: 7/3/2010 4:04:36 PM - Removed Ask Toolbar.
RP4: 7/3/2010 4:05:12 PM - Removed NetZeroInstallers
RP5: 7/3/2010 4:05:35 PM - Removed MSXML 4.0 SP2 (KB973688)
RP6: 7/3/2010 409 PM - Removed MSXML 6.0 Parser
RP7: 7/3/2010 450 PM - Removed Get High Speed Internet!
RP8: 7/3/2010 4:07:56 PM - Removed Bonjour
RP9: 7/7/2010 12:59:07 PM - System Checkpoint
RP10: 7/10/2010 3:00:03 PM - System Checkpoint
RP11: 7/10/2010 10:38:22 PM - Installed HiJackThis
RP12: 7/11/2010 11:24:13 PM - System Checkpoint
RP13: 7/14/2010 12:47:07 PM - System Checkpoint
RP14: 7/16/2010 12:38:26 PM - System Checkpoint
RP15: 7/17/2010 1:17:22 PM - Software Distribution Service 3.0
RP16: 7/19/2010 12:44:42 PM - System Checkpoint
RP17: 7/22/2010 12:19:05 PM - System Checkpoint
RP18: 7/23/2010 12:42:17 PM - System Checkpoint
RP19: 7/24/2010 1:14:37 PM - System Checkpoint
RP20: 7/25/2010 11:55:49 PM - System Checkpoint

==== Installed Programs ======================

Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader for Palm OS, 3.05
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Compatibility Pack for the 2007 Office system
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support Center
Dell System Restore
DellSupport
ESPN RunTime
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
HiJackThis
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer for Sony
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 5
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
My Way Search Assistant
Norton 360
Photo Click
Plaxo Toolbar for Windows
PowerDVD 5.3
QuickTime
RealPlayer Basic
Safari
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
Spyware Doctor 3.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
Wiley CPA Examination Review - Business Environment and Concepts
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WordPerfect Office 12
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer

==== Event Viewer Messages From Past Week ========

7/23/2010 9:34:36 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'cmls_ms.tlv.tmp' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/21/2010 12:22:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
7/21/2010 12:22:32 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/21/2010 12:22:32 PM, error: Service Control Manager [7000] - The SQL Server VSS Writer service failed to start due to the following error: The system cannot find the file specified.
7/21/2010 12:22:32 PM, error: Service Control Manager [7000] - The SQL Server Browser service failed to start due to the following error: The system cannot find the file specified.
7/21/2010 12:20:14 PM, error: Service Control Manager [7000] - The SDDMI2 service failed to start due to the following error: The system cannot find the file specified.
7/21/2010 12:18:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DHCP Client service to connect.
7/21/2010 12:18:42 PM, error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/21/2010 12:16:46 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/21/2010 12:16:46 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================
__________________
babyz18 is offline   Reply With Quote
Old 07-27-2010, 06:39 PM   #6
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



I need the dds log too. That log is the attach.txt one. Thanks.
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 07-27-2010, 08:45 PM   #7
Registered Member
 
Join Date: Jul 2010
Posts: 6
OS: XP



Here is the DDS log that came out:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Bradley Zaumseil at 11:52:47.34 on Tue 07/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.194 [GMT -7:00]

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1180840173\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\Bradley Zaumseil\Local Settings\Application Data\Plaxo\3.24.0.119\PlaxoHelper_en.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Bradley Zaumseil\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://espn.go.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:\program files\espn\toolbar\DIGToolBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [PlaxoUpdate] c:\documents and settings\bradley zaumseil\local settings\application data\plaxo\3.24.0.119\PlaxoHelper_en.exe -a
uRun: [PlaxoSysTray] c:\documents and settings\bradley zaumseil\local settings\application data\plaxo\3.24.0.119\PlaxoSysTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DIGServices] c:\program files\espnruntime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1180840173\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1010011
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128273016421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-14 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-7-7 501888]

=============== Created Last 30 ================

2010-07-24 22:10:14 0 d-sha-r- C:\cmdcons
2010-07-24 22:05:54 98816 ----a-w- c:\windows\sed.exe
2010-07-24 22:05:54 77312 ----a-w- c:\windows\MBR.exe
2010-07-24 22:05:54 256512 ----a-w- c:\windows\PEV.exe
2010-07-24 22:05:54 161792 ----a-w- c:\windows\SWREG.exe
2010-07-17 16:47:51 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-17 05:59:40 0 d-----w- c:\program files\iPod
2010-07-17 05:58:31 0 d-----w- c:\program files\iTunes
2010-07-17 05:58:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-17 05:47:28 0 d-----w- c:\program files\Bonjour
2010-07-11 05:38:31 0 d-----w- c:\program files\Trend Micro
2010-07-08 00:19:38 0 d-----w- c:\windows\system32\N360_BACKUP
2010-07-07 1937 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-07-07 1937 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-07-07 1936 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-07-07 1936 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-07-07 1936 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-07-07 1935 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-07-04 19:25:42 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-04 19:25:42 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-04 19:25:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-04 19:25:42 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-04 19:25:41 0 d-----w- c:\program files\Symantec
2010-07-04 19:25:41 0 d-----w- c:\program files\common files\Symantec Shared
2010-07-04 19:22:49 0 d-----w- c:\windows\system32\drivers\N360
2010-07-04 19:22:46 0 d-----w- c:\program files\Norton 360
2010-07-04 19:15:15 0 d-----w- c:\program files\NortonInstaller
2010-07-04 19:15:15 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-07-04 19:12:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-07-03 21:53:45 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-03 21:53:45 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll

==================== Find3M ====================

2010-06-26 19:42:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-27 01:51:25 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 06:26:24 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 23:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-09 20:59:56 48100 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2005-07-21 15:10:15 0 ----a-w- c:\program files\MCAFEE.CXE
2009-10-19 10:20:20 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-10-13 07:48:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat

============= FINISH: 11:54:51.75 ===============
__________________
babyz18 is offline   Reply With Quote
Old 07-28-2010, 04:05 PM   #8
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



how is everything running??
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 07-28-2010, 05:44 PM   #9
Registered Member
 
Join Date: Jul 2010
Posts: 6
OS: XP



Everything is running a million times better than before. Does everything look good to you now based on the logs?

Thanks@!
__________________
babyz18 is offline   Reply With Quote
Old 07-28-2010, 06:24 PM   #10
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



Yes

Go to Start ---> Run ---> Type ComboFix /uninstall and press Enter.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.


============================================


Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:
  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update

  2. How to update Adobe Acrobat Reader
    1. On your desktop, double-click on your Adobe icon.
    2. Click on Help.
    3. Click on Check for Updates.
    4. Visit my blog Here to view the video.
  3. How to update Jave SE Runtime
    1. Go to Start.
    2. Click on Control Panel
    3. Double-Click on the Java icon.
    4. Click on Update tab
    5. Click on Update Now.
    6. Visit my blog Here to view the video.
  4. Check out Tony Klein's "So how did i get infected in the first place" here
__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Old 07-28-2010, 07:49 PM   #11
Registered Member
 
Join Date: Jul 2010
Posts: 6
OS: XP



Thank you. I did everything in your last email.
__________________
babyz18 is offline   Reply With Quote
Old 07-29-2010, 06:05 PM   #12
Security Team
Analyst
 
sjpritch25's Avatar

Microsoft Most Valuable Professional
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,379
OS: Windows 7 Ultimate 64bit



Thanks

__________________

Microsoft MVP - Consumer Security 2007-2010
sjpritch25 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 08:11 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts