102938

I've had some problems with unidentified file problems with my computer after the computer had just been formatted. I later determined that a file from a download had embedded itself in the windows registry, the downloaded program was never installed, but as soon as i ran the set-up the computer froze. I did scan the file with Norton Internet Security 2009 and it appeared to be virus free. But i decided i didn't really need the program so i got rid of it.

After playing some games and watching some videos i turned the computer off. Around an hour later i turned the computer on, it was really slow, especially for a freshly formatted computer. When I logged onto my username a
“Open File – Security Warning” box shows up saying “The publisher could not be verified. Are you sure you want to run this software?” Of course this is nothing new, you always get that message from a downloaded file. But, wait? What was it trying to run? The details are as follows.

Name: Nwr.cmd
Publisher: Unknown Publisher
Type: Windows NT Command Script
From: C:\Windows\Nwr

After noticing that it wasn’t meant to be there, I did an advanced search for the file… Nothing. So on advice from another member, I used the Run tool in start menu. Open: C:\Windows\Nwr

It opened the folder only to be empty. After 2 days of help from other members in my thread URL http://www.techsupportforum.com/micr...ml#post2099598

I decided that I would use HiJackThis to find the file… I scanned the computer, nothing. I restarted the computer and let the security warning run while I scanned the computer again, sure enough I found it. Making sure it was the right file, I went ahead and deleted it. Everything seemed fine, computer ran faster and the security warning didn’t happen on next start-up. I still have the backup though, just in case.

After virus scan and spybot scan came up empty. But just to make sure I would like an analyst to look over the results of the scan to make sure no information is being stolen of anything like that. I had only one program running in the background when scans were in progress, Norton. I have attached the other 2 text files as well.

DDS.txt


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jake at 21:00:36.39 on Sun 04/26/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.671 [GMT 9.5:30]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jake\Desktop\dds.scr
C:\Documents and Settings\Jake\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jake\applic~1\mozilla\firefox\profiles\a0tx38e2.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-4-16 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-4-16 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-4-16 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090420.001\IDSXpx86.sys [2009-4-25 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-4-16 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-16 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090425.020\NAVENG.SYS [2009-4-26 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090425.020\NAVEX15.SYS [2009-4-26 876144]
S3 azt2320;Aztech 2320 Audio Driver (WDM);c:\windows\system32\drivers\aztw2320.sys [2009-4-16 36992]

=============== Created Last 30 ================

2009-04-26 17:51 <DIR> --d----- c:\program files\Ventrilo
2009-04-26 17:51 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-04-26 17:50 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-25 19:26 <DIR> --d----- c:\windows\pss
2009-04-25 12:54 <DIR> --d----- c:\docume~1\jake\applic~1\My Battle for Middle-earth Files
2009-04-24 19:19 <DIR> --d----- c:\documents and settings\jake\Contacts
2009-04-24 17:28 268 a---h--- C:\sqmdata05.sqm
2009-04-24 17:28 244 a---h--- C:\sqmnoopt05.sqm
2009-04-24 17:09 175,104 ac------ c:\windows\system32\dllcache\pintlcsa.dll
2009-04-24 17:08 24,632 ac------ c:\windows\system32\dllcache\fpadmcgi.exe
2009-04-24 17:06 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-24 17:06 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-24 17:06 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-24 17:06 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-24 17:06 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-24 17:02 20,992 a------- c:\windows\system32\drivers\RTL8139.sys
2009-04-24 15:32 268 a---h--- C:\sqmdata04.sqm
2009-04-24 15:32 244 a---h--- C:\sqmnoopt04.sqm
2009-04-24 15:22 <DIR> --d----- c:\documents and settings\Jake
2009-04-24 14:47 <DIR> --dshr-- c:\windows\Nwr
2009-04-20 20:44 <DIR> --d----- c:\program files\common files\HTML Executable Viewer
2009-04-19 18:56 <DIR> --d--r-- c:\program files\Norton Support
2009-04-18 16:04 <DIR> --d----- c:\program files\MSXML 6.0
2009-04-18 01:45 1,073,180,672 a------- c:\windows\MEMORY.DMP
2009-04-17 22:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-04-17 16:39 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-17 16:37 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-04-17 16:24 13,753 a----r-- c:\windows\SET36.tmp
2009-04-17 16:24 1,086,058 a----r-- c:\windows\SET2A.tmp
2009-04-17 16:24 1,042,903 a----r-- c:\windows\SET27.tmp
2009-04-17 11:00 <DIR> --d----- c:\program files\ATI Technologies
2009-04-17 08:52 <DIR> --d----- c:\windows\Profiles
2009-04-16 23:26 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-16 23:26 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-16 20:59 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-04-16 20:58 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-16 20:20 0 a------- c:\windows\system32\MSVolume.dll
2009-04-16 16:59 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-16 16:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-16 16:51 306,688 a------- c:\windows\IsUninst.exe
2009-04-16 16:01 268 a---h--- C:\sqmdata03.sqm
2009-04-16 16:01 244 a---h--- C:\sqmnoopt03.sqm
2009-04-16 15:58 <DIR> --d----- c:\program files\MSN Messenger
2009-04-16 15:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBT
2009-04-16 15:53 <DIR> --d----- c:\program files\Snapshot Viewer
2009-04-16 15:49 376 a------- c:\windows\ODBC.INI
2009-04-16 15:47 <DIR> --d-h--- c:\windows\ShellNew
2009-04-16 15:18 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-16 14:40 292 a---h--- C:\sqmdata02.sqm
2009-04-16 14:40 244 a---h--- C:\sqmnoopt02.sqm
2009-04-16 14:27 <DIR> --d----- c:\program files\World of Warcraft
2009-04-16 14:27 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-04-16 13:47 268 a---h--- C:\sqmdata01.sqm
2009-04-16 13:47 244 a---h--- C:\sqmnoopt01.sqm
2009-04-16 13:45 685,816 a------- c:\windows\system32\drivers\sptd.sys
2009-04-16 13:43 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-04-16 13:00 2,279,424 a------- c:\windows\system32\drivers\ALCXWDM.SYS
2009-04-16 13:00 156,672 a------- c:\windows\system32\RtlCPAPI.dll
2009-04-16 13:00 69,632 a------- c:\windows\soundman.exe
2009-04-16 13:00 57,344 a------- c:\windows\ALCXMNTR.EXE
2009-04-16 13:00 40,448 a------- c:\windows\system32\ChCfg.exe
2009-04-16 13:00 9,196,032 a------- c:\windows\system32\RTLCPL.exe
2009-04-16 13:00 141,016 a------- c:\windows\system32\alsndmgr.wav
2009-04-16 13:00 16,121,856 a------- c:\windows\system32\ALSNDMGR.CPL
2009-04-16 13:00 208,896 a------- c:\windows\alcupd.exe
2009-04-16 13:00 139,264 a------- c:\windows\alcrmv.exe
2009-04-16 11:54 268 a---h--- C:\sqmdata00.sqm
2009-04-16 11:54 244 a---h--- C:\sqmnoopt00.sqm
2009-04-16 11:54 <DIR> --d----- c:\windows\system32\scripting
2009-04-16 11:54 <DIR> --d----- c:\windows\l2schemas
2009-04-16 11:53 <DIR> --d----- c:\windows\system32\en
2009-04-16 11:53 <DIR> --d----- c:\windows\system32\bits
2009-04-16 11:50 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-16 11:48 <DIR> --d----- c:\windows\network diagnostic
2009-04-16 11:46 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-04-16 11:44 <DIR> --d----- c:\windows\EHome
2009-04-16 11:42 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx
2009-04-16 11:42 427,864 a------- c:\windows\system32\XceedZip.dll
2009-04-16 11:42 1,071,088 a------- c:\windows\system32\MSCOMCTL.OCX
2009-04-16 11:42 662,288 a------- c:\windows\system32\MSCOMCT2.OCX
2009-04-16 11:39 1,309,184 a------- c:\windows\system32\drivers\mtlstrm.sys
2009-04-16 09:34 2,944 a------- c:\windows\system32\drivers\msmpu401.sys
2009-04-16 09:26 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-04-16 09:26 57,472 a------- c:\windows\system32\drivers\redbook.sys
2009-04-16 09:26 1,041,536 a------- c:\windows\system32\drivers\HSFDPSP2.sys
2009-04-16 09:26 685,056 a------- c:\windows\system32\drivers\HSFCXTS2.sys
2009-04-16 09:26 220,032 a------- c:\windows\system32\drivers\HSFBS2S2.sys
2009-04-16 09:26 129,045 a------- c:\windows\system32\drivers\cxthsfS2.cty
2009-04-16 09:26 86,016 a------- c:\windows\system32\mdmxsdk.dll
2009-04-16 09:26 32,285 a------- c:\windows\system32\HSFCISP2.dll
2009-04-16 09:26 11,868 a------- c:\windows\system32\drivers\mdmxsdk.sys
2009-04-16 09:25 1,888,992 a------- c:\windows\system32\ati3duag.dll
2009-04-16 09:25 870,784 a------- c:\windows\system32\ati3d1ag.dll
2009-04-16 09:25 701,440 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-04-16 09:25 516,768 a------- c:\windows\system32\ativvaxx.dll
2009-04-16 09:25 201,728 a------- c:\windows\system32\ati2dvag.dll
2009-04-16 09:25 229,376 a------- c:\windows\system32\ati2cqag.dll
2009-04-16 09:25 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-04-16 09:24 <DIR> --d----- c:\program files\common files\ODBC
2009-04-16 09:24 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-04-16 09:24 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-04-16 09:23 <DIR> --d----- c:\windows\system32\CatRoot2
2009-04-16 09:23 <DIR> --d----- c:\windows\system32\CatRoot
2009-04-16 09:23 487,190 a------- c:\windows\setupapi.old
2009-04-16 09:23 <DIR> --d----- C:\Documents and Settings
2009-04-16 09:22 288 a------- c:\windows\system32\$winnt$.inf
2009-04-16 08:39 <DIR> --d----- c:\program files\EA GAMES
2009-04-16 01:11 <DIR> --d----- c:\program files\Symantec
2009-04-16 01:11 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-04-16 01:11 <DIR> --d----- c:\program files\Norton Internet Security
2009-04-16 01:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-04-16 01:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-04-16 01:10 <DIR> --d----- c:\program files\NortonInstaller
2009-04-16 01:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-16 01:08 <DIR> --d----- c:\documents and settings\all users\Symantec Temporary Files
2009-04-16 00:29 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-04-16 00:29 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-16 00:28 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-16 00:27 <DIR> --d----- c:\program files\Online Services
2009-04-16 00:27 <DIR> --d----- c:\program files\Messenger
2009-04-16 00:27 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-04-16 00:26 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-04-24 17:06 22,748 a------- c:\windows\system32\emptyregdb.dat
2009-04-16 11:56 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-16 01:11 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-16 01:11 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-16 01:11 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-16 01:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-16 01:11 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-03-03 03:40 67,584 a------- c:\windows\system32\ff_vfw.dll

============= FINISH: 21:01:09.73 ===============

Thank you.

Attached Files

Attach.zip (3.1 KB, 2 views)

102938

Anyone? I need to know if my information is at risk... A reply soon would be nice, i know your doing your best, thanks!