Trojan.Brisv.A will not go away

[triviaace]

I am running WindowsXP Media Center and have Norton Internet Security 2009 installed as well as Norton System Works 2008. I also have SpyBot, SpyBlaster and Spy Sweeper (without virus protect) installed. My Windows firewall and virus protect are disabled. Now for my problem: after running full system scan on Norton Internet Security, a problem arose, namely Trojan.Brisv.A, which had to be removed manually, according to Norton. I contacted Symantec and the response was an email whose fix is shown below.

This issue can occur due to presence of threat. To resolve this issue, please follow the steps given below: 1. Delete the contents of the Windows Temporary folder.2. Download and run Intelligent Updater 3. Configure Auto-Protect options4. Run a Safe Mode Scan and Norton Security Scan. Step 1. Delete the contents of the Windows temporary folder. For instructions, please click on the web URL mentioned below. Title: 'Deleting Windows temporary files: Manual steps'Document ID: 2006100212410939Web URL: http://service1.symantec.com/Support...06100212410939 NOTE 1: You may encounter any error message stating " Access denied, this file is being used by another program". If so please delete as much as files you can and ignore the rest. NOTE 2: For Windows Vista the "Run" Dialog box will be available in a different location. Please see the below mentioned location.Click the Start button, and then click All Programs > Accessories > Run. Step 2. Download and run Intelligent Updater. Intelligent Updater is a process of updating the latest virus definitions to your computer and secure your system from new viruses and online threats. To download and update, please click on the web URL mentioned below: Title: 'How to update virus definition files using the Intelligent Updater: Manual Steps'Document ID: 2006071813095806Web URL: http://service1.symantec.com/Support...06071813095806 a. A file Download window prompts you to select 'Run' or 'Save' or' Cancel'b. Select save (Save the file on the desktop)c. Then Double click to run and update Virus definitions. Step 3. Modify the Auto-protect settings to remove the low risk items and run a Full System scan. Modify the Auto-protect settings, run Intelligent Updater and run a Full System Scan. For more information, please click on the web URL mentioned below: Title : What to do if you suspect that you have a threat when using a Norton 2009 productDocId: 20080611121132ENWeb URL:http://www.symantec.com/norton/suppo...080611121132EN Step 4. Run a Safe mode Scan. please click on the web URL mentioned below for instructions. Title: 'Update virus definitions and run a scan in Safe mode'Document ID: 2007071902321979Web URL: http://service1.symantec.com/Support...07071902321979 If the issue persists then please run a Norton Security scan. To make sure that their is virus infection in your computer or not, I recommend that you run a Norton Security Scan. To run a Norton Security Scan, please click on the URL given below: Title: 'Running a virus scan before installing your Norton product'Document ID: 2007120100084939Web URL: http://service1.symantec.com/Support...07120100084939 Note: Please ignore the title of the above document and follow the step 2 and step 3 provided in the document above. * To remove the Trojan.Brisv.A on your computer manually, please click on the web URL given below: Trojan.Brisv.A is aTrojan horse that infects multimedia files which may cause Windows Media Player to access a malicious link. Web URL: http://www.symantec.com/security_res...071823-1655-99 Note: If the link do not Open then please copy and paste the entire URL (http://.....) in the address bar of the web browser. If the issue persists, I am unable to provide assistance with Virus/Spyware related issues, but I will be happy to direct you to Symantec's virus removal resources. We have a dedicated team of technicians specialized in detecting and removing Virus/Spyware and they provide assistance through Chat and Phone. To contact our Virus/Spyware removal team, please click on the web URL below: Web URL:http://www.symantec.com/home_homeoff...ndex_virus.jsp Note: This is a fee based process. Also, Symantec Security Response maintains an online database of virus information, including links to an online scanner, Virus Encyclopedia, automated virus removal tools and instructions for submitting a possible virus to Symantec for analysis. This database is available from the Security Response homepage, linked below: http://securityresponse.symantec.com/ Please feel free to contact us for further assistance. Regards, Dhanasekaran Norton Support.

I ran everything described in this email and following the Norton Security Scan, the indication was that no viruses were present. I then reinstalled Internet Security 2009. I thought all was fine until I ran a full system scan and the Trojan Horse came up. Why did the Security Scan show all was well and the system scan show it was not? How can that be?

So far the only change in my system is that at boot up, I receive the following error message: "WINDOWS - NO DISK. Exception Processing Message c000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c". I don't know if this a result of the Trojan Horse or is the cause of it. As of this writing I am at a total loss. Any and all help is appreciated.

[Ried]

Hello triviaace,

I think it best you backtrack to the time before you followed those instructions.

Click Start>All Programs>Accessories>System Tools

• Select System Restore
• Next, select 'Restore my computer to an earlier time'
• Choose a bolded date closest to just before all these problems began.
• Follow the on-screen prompts.

After you've done that, please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

[triviaace]

Reverting to an earlier time would be OK if one of the steps in Norton's Trojan.Brisv.A removal procedure wasn't to disable System Restore thereby deleting all earlier restore points. Any other solutions?

[Ried]

Please continue following the steps outlined in the link I gave you. Post the requested logs in your next reply.

[triviaace]

Quote:

Originally Posted by Ried

Please continue following the steps outlined in the link I gave you. Post the requested logs in your next reply.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/12/2009 12:10:07 PM
System Uptime: 2/3/2009 12:11:21 PM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 87.672 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is FIXED (FAT32) - 931 GiB total, 873.589 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Service:

==== System Restore Points ===================

RP4: 2/2/2009 802 PM - System Checkpoint
RP5: 2/2/2009 8:07:44 PM - First restore point

==== Installed Programs ======================

1Click DVD Copy 5.5.9.0
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
AnyDVD
ATI Control Panel
ATI Display Driver
ATIMCEE
Audio Comparer
B57Inst
Broadcom Driver Installer
BufferChm
ccCommon
CheckIt Diagnostics
CodeStuff Starter
Component Framework
Connection Keep Alive
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Panorama1Config
CueTour
Cypress USB Mass Storage Driver Installation
Dell ResourceCD
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DigitImg
DocProc
DocumentViewer
DocumentViewerQFolder
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD X Rescue
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0
DVDFab HD Decrypter 3.1.3.2
DVDXCopy Platinum 3.1.0
EPSON Print CD
EPSON Printer Software
eSupportQFolder
Film Factory
FullDPAppQFolder
GemMaster Mystic
Google Toolbar for Internet Explorer
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Memories Disc
HP Scanjet 4800 series
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
hpg4850
HPProductAssistant
ImgBurn
InstantShareDevices
Intel(R) PRO Network Adapters and Drivers
LiveUpdate (Symantec Corporation)
Managed DirectX (0901)
Maxtor OneTouch
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Broadband Networking
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Streets and Trips 2005
Microsoft Visual C++ 2005 Redistributable
MSRedist
MSXML 4.0 SP2 (KB954430)
Norton Cleanup
Norton GoBack 4.2
Norton Internet Security
Norton Protection Center
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
Otto
PanoStandAlone
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 3
PowerDVD
PS7900
PSShortcuts
PSUsage
QuickTime
RandMap
RealOne Player
Roxio Easy Media Creator 7
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SereneScene Marine Aquarium 2
SkinsHP1
SolutionCenter
Sonic PrimeTime
Sonic Update Manager
Sonic_PrimoSDK
Sound Blaster Live!
SPBBC 32bit
Spy Sweeper
Spybot - Search & Destroy
SpywareBlaster 4.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
USB Storage Adapter FX (MXO)
USB Storage Adapter FX (SM1)
WD Diagnostics
WebFldrs XP
WebReg
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

==== Event Viewer Messages From Past Week ========

1/28/2009 8:45:03 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service WebrootSpySweeperService with arguments "" in order to run the server: {1281A68F-9E75-418F-B3AC-D5B23DD86408}
1/28/2009 8:45:03 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/28/2009 8:45:03 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/28/2009 8:45:03 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
1/28/2009 8:45:03 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
2/1/2009 11:51:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/1/2009 11:51:11 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/1/2009 4:58:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Scheduler Service service to connect.
2/1/2009 4:58:46 PM, error: Service Control Manager [7000] - The Media Center Scheduler Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/1/2009 4:58:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Norton UnErase Protection service to connect.
2/1/2009 4:58:46 PM, error: Service Control Manager [7000] - The Norton UnErase Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/1/2009 4:58:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Speed Disk service service to connect.
2/1/2009 5:01:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/1/2009 5:01:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/1/2009 5:02:05 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2009 5:02:05 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2009 5:02:05 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2009 5:02:05 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2009 5:02:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP cdudf_xp Cinemsup eeCtrl ElbyCDIO Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SRTSP SRTSPX SYMTDI Tcpip

==== End Of File ===========================
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-03 13:27:36
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 891E9050 ZwAlertResumeThread
SSDT 899AF050 ZwAlertThread
SSDT 89022490 ZwAllocateVirtualMemory
SSDT 899AC050 ZwAssignProcessToJobObject
SSDT GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) ZwClose [0xF795DA40]
SSDT 89A00660 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA829020]
SSDT 89021C08 ZwCreateMutant
SSDT 8A1DA570 ZwCreateProcess
SSDT 8A17F190 ZwCreateProcessEx
SSDT 890216F0 ZwCreateSymbolicLinkObject
SSDT 89150DF0 ZwCreateThread
SSDT 89170050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA8292A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA829800]
SSDT 890225E8 ZwDuplicateObject
SSDT 890222F0 ZwFreeVirtualMemory
SSDT GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) ZwFsControlFile [0xF795DAD0]
SSDT 899AE050 ZwImpersonateAnonymousToken
SSDT 89172050 ZwImpersonateThread
SSDT 899F3270 ZwLoadDriver
SSDT 89022210 ZwMapViewOfSection
SSDT 891E8050 ZwOpenEvent
SSDT 89022788 ZwOpenProcess
SSDT 891EB050 ZwOpenProcessToken
SSDT 899AD050 ZwOpenSection
SSDT 890226B8 ZwOpenThread
SSDT 890217C0 ZwProtectVirtualMemory
SSDT 8A1BF3A8 ZwQueueApcThread
SSDT 8A1BF240 ZwReadVirtualMemory
SSDT 8A1F9970 ZwRenameKey
SSDT 899E2920 ZwResumeThread
SSDT 899B0050 ZwSetContextThread
SSDT 8A1F88A0 ZwSetInformationKey
SSDT 890220B8 ZwSetInformationProcess
SSDT 8A1BF510 ZwSetInformationThread
SSDT 891E7050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA829A50]
SSDT 89171050 ZwSuspendProcess
SSDT 89173050 ZwSuspendThread
SSDT 899B5480 ZwTerminateProcess
SSDT 891EA050 ZwTerminateThread
SSDT 89174050 ZwUnmapViewOfSection
SSDT 890223C0 ZwWriteVirtualMemory

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip 89A0B258

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp 89A0B258

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\Tcpip \Device\Udp 89A0B258

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Disk \Device\Harddisk0\DR0 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation)
Device \Driver\Tcpip \Device\RawIp 89A0B258

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Disk \Device\Harddisk1\DR2 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation)
Device \Driver\Disk \Device\Harddisk2\DR4 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation)
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+5 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST 89A0B258

AttachedDevice \FileSystem\Fastfat \Fat SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

---- EOF - GMER 1.0.14 ----

I ran a scan using Clamwin antivirus with the following result:

Scan Started Tue Feb 03 15:58:31 2009

-------------------------------------------------------------------------------



C:\Documents and Settings\All Users\Application Data\Norton\0C55C096-0F1D-4F28-AAA2-85EF591126E7\Norton\QBackup\index.qbs: Permission denied

C:\gobackio.bin: Permission denied

C:\pagefile.sys: Permission denied

C:\Program Files\My Kazaa Gold\giFT\incoming\4C630004C2C00057AB11.boomer sooner.mp3: Permission denied

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak: Permission denied

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const: Permission denied

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst: Permission denied

C:\Program Files\Webroot\Spy Sweeper\Masters.base: Permission denied

C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied

C:\WINDOWS\system32\config\default: Permission denied

C:\WINDOWS\system32\config\SAM: Permission denied

C:\WINDOWS\system32\config\SECURITY: Permission denied

C:\WINDOWS\system32\config\software: Permission denied

C:\WINDOWS\system32\config\system: Permission denied



----------- SCAN SUMMARY -----------

Known viruses: 505406

Engine version: 0.94.1

Scanned directories: 4695

Scanned files: 59616

Infected files: 0



Data scanned: 10914.59 MB

Time: 11683.109 sec (194 m 43 s)

--------------------------------------

Completed

--------------------------------------

Where is the horse hiding?

--------------------------------------------------------------------------------
Last edited by amateur : 02-03-2009 at 07:47 PM. Reason: to retain 0-reply status

[Ried]

Where is the dds.txt? Please run it again and post that log for me.

[triviaace]

DDS (Ver_09-01-07.01) - NTFSx86
Run by Leon at 10:13:33.45 on Fri 02/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2467 [GMT -5:00]

AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Norton SystemWorks Basic Edition\Norton GoBack\GBTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Leon\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ltcmScheduler] c:\documents and settings\leon\local settings\application data\ltcm client\ltcmScheduler.exe
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVDtray.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Performance Center] c:\program files\ascentive\performance center\APCMain.exe -m
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] "c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe"
mRun: [EPSON Stylus Photo R200 Series] "c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
mRun: [MXOBG] c:\windows\MXOALDR.EXE
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [zzzHPSETUP] d:\setup.exe \RESET
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{638547c2-2aba-46f4-ae28-85ff6e83cb54}\_18be6784.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\norton~1.lnk - c:\program files\norton systemworks basic edition\norton goback\GBTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Notify: WRNotifier - WRLogonNTF.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1002000.007\SymEFA.sys [2009-2-1 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2009-2-1 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2009-2-1 362544]
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\cinemsup.sys [2003-12-19 6656]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090129.005\IDSxpx86.sys [2009-1-29 276344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-2 99376]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090205.072\NAVENG.SYS [2009-2-6 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090205.072\NAVEX15.SYS [2009-2-6 876112]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-12 1245064]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R4 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2009-2-1 115560]
R4 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
R4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-1-12 3376704]

=============== Created Last 30 ================

2009-02-05 06:32 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-05 06:32 1,409 a------- c:\windows\QTFont.for
2009-02-04 10:29 <DIR> --d----- c:\program files\Internet RadioFan
2009-02-04 10:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pingotron.com
2009-02-03 13:18 250 a------- c:\windows\gmer.ini
2009-02-02 19:41 <DIR> --d--r-- c:\program files\Norton Support
2009-02-01 20:21 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-02-01 20:20 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-02-01 20:20 <DIR> --d----- c:\program files\Norton Internet Security
2009-02-01 20:20 <DIR> --d----- c:\program files\NortonInstaller
2009-02-01 18:13 <DIR> --d----- C:\NSS
2009-02-01 12:09 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-01-31 21:07 <DIR> --d----- c:\docume~1\leon\applic~1\Obsidium
2009-01-31 21:07 <DIR> --d----- c:\program files\AudioComparer
2009-01-30 16:26 <DIR> --d-h--- c:\windows\PIF
2009-01-29 18:02 103,488 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-01-29 17:57 23,976 a------- c:\windows\system32\drivers\ElbyCDIO.sys
2009-01-29 16:54 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-01-26 18:11 <DIR> --d----- c:\docume~1\leon\applic~1\GARMIN
2009-01-25 13:15 36,864 a------- c:\windows\system32\ascbalon.dll
2009-01-25 13:15 45,056 a------- c:\windows\system32\CreateLog.dll
2009-01-25 13:15 20,480 a------- c:\windows\system32\SysRestore.dll
2009-01-25 13:15 <DIR> --d----- c:\program files\Ascentive
2009-01-24 12:07 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-24 12:07 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-24 12:07 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-22 10:08 <DIR> --d----- c:\program files\CodeStuff
2009-01-19 17:02 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-19 09:37 <DIR> --d----- c:\windows\Profiles
2009-01-19 09:31 <DIR> --d----- c:\docume~1\leon\applic~1\Pingotron.com
2009-01-18 10:27 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-17 14:38 <DIR> --d----- c:\windows\system32\Dell
2009-01-17 14:38 <DIR> --d----- c:\program files\Dell
2009-01-17 11:54 <DIR> --d----- c:\windows\pss
2009-01-16 17:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\1Click DVD Copy
2009-01-16 17:35 <DIR> --d----- c:\program files\LG Software Innovations
2009-01-16 17:35 <DIR> --d----- c:\program files\common files\Download Manager
2009-01-15 11:52 <DIR> --ds---- c:\docume~1\alluse~1\applic~1\Memeo
2009-01-15 11:47 <DIR> --d----- c:\program files\Western Digital
2009-01-15 11:37 <DIR> --d----- c:\program files\Western Digital Technologies
2009-01-14 14:51 43 a------- c:\windows\hpfccopy.INI
2009-01-14 11:48 713 -------- c:\windows\hpgmdl06.dat
2009-01-14 11:36 76,050 -------- c:\windows\hpgins06.dat.temp
2009-01-14 11:36 713 -------- c:\windows\hpgmdl06.dat.temp
2009-01-14 11:35 1,409 a------- c:\windows\system32\tmpC31BD.FOT
2009-01-14 11:35 1,409 a------- c:\windows\system32\tmp9B1BD.FOT
2009-01-14 11:35 1,409 a------- c:\windows\system32\tmp0B0BD.FOT
2009-01-14 11:35 1,409 a------- c:\windows\system32\tmpBDEAD.FOT
2009-01-14 11:35 1,409 a------- c:\windows\system32\tmp8BCAD.FOT
2009-01-14 11:35 1,409 a------- c:\windows\system32\tmp5EFAD.FOT
2009-01-14 11:35 1,409 a------- c:\windows\system32\tmp45DAD.FOT
2009-01-13 20:12 128,896 -c------ c:\windows\system32\dllcache\fltmgr.sys
2009-01-13 20:12 23,040 -c------ c:\windows\system32\dllcache\fltmc.exe
2009-01-13 20:12 16,896 -c------ c:\windows\system32\dllcache\fltlib.dll
2009-01-13 20:03 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-13 16:30 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-13 16:08 <DIR> --d----- c:\program files\My Kazaa Gold
2009-01-13 12:58 <DIR> --d----- c:\program files\Microsoft Broadband Networking
2009-01-13 12:56 <DIR> --d----- c:\windows\system32\appmgmt
2009-01-13 11:07 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-13 11:07 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-01-13 11:07 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-13 11:07 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-13 11:07 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-01-13 11:07 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-13 11:07 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-13 11:07 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-13 11:07 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-01-13 07:48 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-01-13 07:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCSettings
2009-01-13 07:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-01-13 07:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-01-13 07:39 <DIR> --d----- c:\documents and settings\all users\Symantec Temporary Files
2009-01-12 21:27 <DIR> --d----- c:\windows\network diagnostic
2009-01-12 21:22 33,792 ac------ c:\windows\system32\dllcache\custsat.dll
2009-01-12 21:19 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-12 21:18 582,656 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-01-12 21:18 333,184 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-12 21:13 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-01-12 21:11 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-01-12 21:08 332,800 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-12 21:06 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-12 21:06 2,180,352 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-12 21:06 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-12 21:06 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-12 21:05 172,416 -c------ c:\windows\system32\dllcache\kmixer.sys
2009-01-12 21:05 6,400 -c------ c:\windows\system32\dllcache\splitter.sys
2009-01-12 21:05 82,944 -c------ c:\windows\system32\dllcache\wdmaud.sys
2009-01-12 21:05 111,616 -c------ c:\windows\system32\dllcache\dhcpcsvc.dll
2009-01-12 21:05 94,720 -c------ c:\windows\system32\dllcache\iphlpapi.dll
2009-01-12 20:58 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-12 19:45 20,544 a------- c:\windows\system32\drivers\SSFS0509.sys
2009-01-12 19:45 144,448 a------- c:\windows\system32\drivers\ssidrv.sys
2009-01-12 19:45 22,080 a------- c:\windows\system32\drivers\sshrmd.sys
2009-01-12 19:45 21,056 a------- c:\windows\system32\drivers\sskbfd.sys
2009-01-12 19:45 <DIR> --d----- c:\program files\Webroot
2009-01-12 19:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-01-12 19:44 <DIR> --d----- c:\docume~1\leon\applic~1\Webroot
2009-01-12 19:02 <DIR> --d----- c:\program files\DVD Decrypter
2009-01-12 18:52 <DIR> --d----- c:\program files\DVD Shrink
2009-01-12 18:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-12 18:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-12 18:36 115,920 a------- c:\windows\system32\MSINET.OCX
2009-01-12 18:36 <DIR> --d----- c:\program files\SpywareBlaster
2009-01-12 18:29 1,435,648 -c------ c:\windows\system32\dllcache\query.dll
2009-01-12 18:29 69,120 -c------ c:\windows\system32\dllcache\ciodm.dll
2009-01-12 18:29 683,520 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-12 18:29 148,992 ac------ c:\windows\system32\dllcache\dnsapi.dll
2009-01-12 18:29 8,192 -c------ c:\windows\system32\dllcache\rasadhlp.dll
2009-01-12 18:29 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-01-12 18:29 283,648 -c------ c:\windows\system32\dllcache\gdi32.dll
2009-01-12 18:28 984,576 -c------ c:\windows\system32\dllcache\kernel32.dll
2009-01-12 18:04 36,963 a----r-- c:\program files\common files\SM1updtr.dll
2009-01-12 18:04 32,896 a----r-- c:\windows\system32\drivers\SM1fx_at.sys
2009-01-12 18:04 266,240 a----r-- c:\windows\SM1nint.exe
2009-01-12 18:04 94,208 a----r-- c:\windows\SM1bg.exe
2009-01-12 18:04 86,106 a----r-- c:\windows\system32\SM1un.exe
2009-01-12 18:04 12,382 a----r-- c:\windows\system32\SM1ui32.dll
2009-01-12 18:04 <DIR> --d----- c:\windows\DRIVERS
2009-01-12 18:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Napster
2009-01-12 17:56 <DIR> --d----- c:\program files\common files\TiVo Shared
2009-01-12 17:56 <DIR> --d----- c:\program files\Roxio
2009-01-12 17:47 1,708,032 a------- c:\windows\system32\Marine Aquarium 2.scr
2009-01-12 17:47 <DIR> --d----- c:\program files\SereneScreen
2009-01-12 17:46 80 a------- c:\windows\encore_launcher.ini
2009-01-12 17:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBT
2009-01-12 17:43 <DIR> --d----- c:\program files\Snapshot Viewer
2009-01-12 17:39 376 a------- c:\windows\ODBC.INI
2009-01-12 17:36 <DIR> --d----- c:\windows\ShellNew
2009-01-12 17:27 <DIR> --d----- c:\docume~1\leon\applic~1\RipIt4Me
2009-01-12 17:23 87,608 a------- c:\docume~1\leon\applic~1\inst.exe
2009-01-12 17:23 47,360 a------- c:\docume~1\leon\applic~1\pcouffin.sys
2009-01-12 17:23 <DIR> --d----- c:\program files\DVDFab 5
2009-01-12 17:22 <DIR> --d----- c:\program files\DVDFab HD Decrypter 3
2009-01-12 17:17 <DIR> --d----- c:\program files\common files\xing shared
2009-01-12 17:17 <DIR> --d----- c:\program files\common files\Real
2009-01-12 17:08 <DIR> --d----- c:\program files\common files\Sonic
2009-01-12 17:07 <DIR> --d----- c:\program files\Sonic
2009-01-12 16:43 <DIR> --d----- c:\program files\Microsoft Streets and Trips
2009-01-12 16:41 <DIR> --d----- c:\program files\SlySoft
2009-01-12 16:27 253,952 -c------ c:\windows\system32\dllcache\es.dll
2009-01-12 16:19 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-01-12 16:19 <DIR> --d----- c:\program files\321Studios
2009-01-12 16:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RetroExp
2009-01-12 16:04 28,672 -------- c:\windows\system32\verclsid.exe
2009-01-12 16:01 <DIR> --d----- c:\docume~1\leon\applic~1\Leader Technologies
2009-01-12 15:56 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-01-12 15:55 <DIR> --d----- c:\program files\common files\HP
2009-01-12 15:54 <DIR> --d----- c:\windows\system32\URTTemp
2009-01-12 15:51 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-01-12 15:51 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-12 15:48 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-01-12 15:45 76,435 a------- c:\windows\hpgins06.dat
2009-01-12 15:45 1,409 a------- c:\windows\system32\tmpF3886.FOT
2009-01-12 15:45 1,409 a------- c:\windows\system32\tmpE8886.FOT
2009-01-12 15:45 1,409 a------- c:\windows\system32\tmpCD886.FOT
2009-01-12 15:45 1,409 a------- c:\windows\system32\tmp1F786.FOT
2009-01-12 15:45 1,409 a------- c:\windows\system32\tmpB4686.FOT
2009-01-12 15:45 1,409 a------- c:\windows\system32\tmpA9686.FOT
2009-01-12 15:45 1,409 a------- c:\windows\system32\tmp49786.FOT
2009-01-12 15:37 <DIR> --d----- C:\EPSONREG
2009-01-12 15:37 <DIR> --d----- c:\program files\EPSON Print CD
2009-01-12 15:36 86,016 a------- c:\windows\unvise32qt.exe
2009-01-12 15:35 <DIR> --d----- c:\windows\system32\QuickTime
2009-01-12 15:35 303,104 a------- c:\windows\Film Factory.scr
2009-01-12 15:35 <DIR> --d----- c:\program files\EPSON Software
2009-01-12 15:34 <DIR> --d----- c:\documents and settings\leon\WINDOWS
2009-01-12 15:33 <DIR> --d----- c:\program files\EPSON
2009-01-12 15:33 98,304 a------- c:\windows\system32\E_SAGSET.DLL
2009-01-12 15:33 309,248 a------- c:\windows\system32\EAL32.DLL
2009-01-12 15:33 82,944 a------- c:\windows\system32\EAL.EXE
2009-01-12 15:33 79,622 a------- c:\windows\system32\EBPMON24.DLL
2009-01-12 15:33 64,000 a------- c:\windows\system32\ECBTEG.DLL
2009-01-12 15:33 34,304 a------- c:\windows\system32\EBPCHP.DLL
2009-01-12 15:33 58 a------- c:\windows\system32\EAL32.INI
2009-01-12 15:32 66 a------- c:\windows\ESPR200.ini
2009-01-12 15:27 <DIR> --d----- c:\program files\Smith Micro
2009-01-12 15:12 <DIR> --d-h--- c:\windows\$hf_mig$
2009-01-12 15:04 8,388,608,000 a--sh--- C:\gobackio.bin
2009-01-12 15:04 <DIR> --d----- c:\windows\Downloaded Installations
2009-01-12 15:02 <DIR> --d----- c:\program files\Norton SystemWorks Basic Edition
2009-01-12 14:54 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-12 14:52 <DIR> --d----- c:\docume~1\leon\applic~1\Symantec
2009-01-12 14:48 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-12 14:48 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-12 14:48 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-12 14:48 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-12 14:48 <DIR> --d----- c:\program files\Symantec
2009-01-12 14:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-01-12 14:47 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-01-12 14:37 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-12 14:36 2,897,920 -------- c:\windows\system32\xpsp2res.dll
2009-01-12 14:35 19,528 a------- c:\windows\002740_.tmp
2009-01-12 14:28 626,960 a----r-- c:\windows\system32\hpvaut32.dll
2009-01-12 14:28 487,424 a----r-- c:\windows\system32\hpvcp70.dll
2009-01-12 14:28 344,064 a----r-- c:\windows\system32\hpvcr70.dll
2009-01-12 14:28 82,432 a----r-- c:\windows\system32\MSXML4r.dll
2009-01-12 14:28 44,544 a----r-- c:\windows\system32\MSXML4a.dll
2009-01-12 14:28 <DIR> --d----- c:\program files\HP
2009-01-12 14:27 35,840 a------- c:\windows\system32\drivers\AFS2K.SYS
2009-01-12 14:24 483,328 a----r-- c:\windows\system32\hphmon05.exe
2009-01-12 14:24 6,371 a----r-- c:\windows\system32\hphmon05.dat
2009-01-12 14:23 18,283 a------- c:\windows\HPHins01.dat
2009-01-12 14:23 4,284 -------- c:\windows\hphmdl01.dat
2009-01-12 14:13 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-01-12 14:11 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-01-12 14:10 <DIR> --d----- c:\program files\Creative
2009-01-12 14:10 6,752 -------- c:\windows\system32\PFMODNT.SYS
2009-01-12 14:06 166,016 ac------ c:\windows\system32\dllcache\b57xp32.sys
2009-01-12 14:06 166,016 a----r-- c:\windows\system32\drivers\b57xp32.sys
2009-01-12 14:06 <DIR> --d----- c:\program files\Broadcom
2009-01-12 13:49 122,880 a------- c:\windows\system32\drivers\atinevxx.sys
2009-01-12 13:49 67,072 a------- c:\windows\system32\drivers\atinesxx.sys
2009-01-12 13:49 64,352 a------- c:\windows\system32\drivers\ativmc20.cod
2009-01-12 13:49 51,712 a------- c:\windows\system32\drivers\atinraxx.sys
2009-01-12 13:49 47,104 a------- c:\windows\system32\drivers\atineuxx.sys
2009-01-12 13:49 32,768 a------- c:\windows\system32\ativtmxx.dll
2009-01-12 13:49 23,040 a------- c:\windows\system32\ativmvxx.ax
2009-01-12 13:49 14,336 a------- c:\windows\system32\drivers\atinpdxx.sys
2009-01-12 13:49 13,824 a------- c:\windows\system32\drivers\atinmdxx.sys
2009-01-12 13:49 9,728 a------- c:\windows\system32\ativdaxx.ax
2009-01-12 13:49 <DIR> --d----- c:\program files\ATI Technologies
2009-01-12 13:46 5,110 a----r-- c:\windows\system32\e100b325.din
2009-01-12 13:46 145,408 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-01-12 13:46 145,408 a------- c:\windows\system32\drivers\e100b325.sys
2009-01-12 13:46 118,784 a------- c:\windows\system32\Prounstl.exe
2009-01-12 13:46 24,064 a------- c:\windows\system32\IntelNic.dll
2009-01-12 13:46 12,288 a------- c:\windows\system32\e100bmsg.dll
2009-01-12 13:46 <DIR> --d----- C:\drvrtmp
2009-01-12 13:44 42,368 a------- c:\windows\system32\drivers\agp440.sys
2009-01-12 13:44 142,976 a------- c:\windows\system32\drivers\usbport.sys
2009-01-12 13:44 74,240 a------- c:\windows\system32\usbui.dll
2009-01-12 13:44 57,600 a------- c:\windows\system32\drivers\usbhub.sys
2009-01-12 13:44 20,480 a------- c:\windows\system32\drivers\usbuhci.sys
2009-01-12 13:44 3,328 ac------ c:\windows\system32\dllcache\pciide.sys
2009-01-12 13:44 95,360 a------- c:\windows\system32\drivers\atapi.sys
2009-01-12 13:44 25,088 a------- c:\windows\system32\drivers\pciidex.sys
2009-01-12 13:44 3,328 a------- c:\windows\system32\drivers\pciide.sys
2009-01-12 13:43 35,840 ac------ c:\windows\system32\dllcache\isapnp.sys
2009-01-12 13:43 35,840 a------- c:\windows\system32\drivers\isapnp.sys
2009-01-12 13:43 68,224 a------- c:\windows\system32\drivers\pci.sys
2009-01-12 13:43 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-01-12 13:40 446,464 a----r-- c:\windows\system32\hhactivex.dll
2009-01-12 13:40 645,616 a------- c:\windows\system32\MSCOMCT2.OCX
2009-01-12 13:40 414,944 a------- c:\windows\system32\COMCT332.OCX
2009-01-12 13:40 328,480 a------- c:\windows\system32\ssa3d30.ocx
2009-01-12 13:40 176,128 a------- c:\windows\system32\RcdScan.dll
2009-01-12 13:40 171,967 a------- c:\windows\system32\Odbcjet.hlp
2009-01-12 13:40 7,348 a------- c:\windows\system32\Odbcjet.cnt
2009-01-12 13:40 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-01-12 13:40 13,632 -------- c:\windows\system32\drivers\omci.sys
2009-01-12 12:28 <DIR> --d----- c:\program files\GemMaster
2009-01-12 12:28 <DIR> --d----- c:\program files\EnglishOtto
2009-01-12 12:23 2,940,928 a------- c:\windows\system32\wmploc.dll
2009-01-12 12:23 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-01-12 12:23 168,448 a------- c:\windows\system32\wmerror.dll
2009-01-12 12:23 114,688 a------- c:\windows\system32\wmpasf.dll
2009-01-12 12:23 102,400 a------- c:\windows\system32\wmpshell.dll
2009-01-12 12:23 20,480 a------- c:\windows\system32\wmpcore.dll
2009-01-12 12:23 8,192 a------- c:\windows\system32\asferror.dll
2009-01-12 12:23 20,480 a------- c:\windows\system32\wmpui.dll
2009-01-12 12:23 20,480 a------- c:\windows\system32\wmpcd.dll
2009-01-12 12:23 20,480 a------- c:\windows\system32\wmp.ocx
2009-01-12 12:22 <DIR> --d----- c:\program files\Managed DirectX (0901)
2009-01-12 12:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2009-01-12 12:21 218,245 a------- c:\windows\orun32.isu
2009-01-12 12:21 791 a------- c:\windows\orun32.ini
2009-01-12 12:21 306,688 a------- c:\windows\IsUninst.exe
2009-01-12 12:21 <DIR> --d----- c:\documents and settings\Leon
2009-01-12 12:20 <DIR> --ds---- c:\windows\system32\Microsoft
2009-01-12 12:09 571,392 ac------ c:\windows\system32\dllcache\tintlgnt.ime
2009-01-12 12:08 7,168 ac------ c:\windows\system32\dllcache\isapips.dll
2009-01-12 12:07 134,339 ac------ c:\windows\system32\dllcache\imekr.lex
2009-01-12 12:07 6,656 ac------ c:\windows\system32\dllcache\iissync.exe
2009-01-12 12:07 3,584 ac------ c:\windows\system32\dllcache\iismui.dll
2009-01-12 12:07 19,456 ac------ c:\windows\system32\dllcache\iiscrmap.dll
2009-01-12 12:07 60,928 ac------ c:\windows\system32\dllcache\iisclex4.dll
2009-01-12 12:07 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-01-12 12:06 13,463,552 ac------ c:\windows\system32\dllcache\hwxjpn.dll
2009-01-12 12:06 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-01-12 12:04 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
2009-01-12 12:03 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-01-12 12:03 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-01-12 12:03 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-01-12 12:03 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-01-12 12:03 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-01-12 12:03 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-01-12 12:03 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-01-12 12:03 <DIR> --d----- c:\windows\system32\xircom
2009-01-12 12:01 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-12 12:01 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-01-12 12:01 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-12 12:01 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-01-12 12:01 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-01-12 12:01 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-12 12:01 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-12 12:01 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-12 12:01 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-01-12 12:01 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-12 12:01 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-01-12 12:01 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-01-12 12:01 <DIR> --d----- c:\windows\system32\DirectX
2009-01-12 12:00 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-12 11:58 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-12 11:58 <DIR> --d----- c:\program files\Online Services
2009-01-12 11:57 <DIR> --d----- c:\program files\Messenger
2009-01-12 11:57 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-12 11:57 <DIR> --d----- c:\program files\Windows NT
2009-01-12 06:49 <DIR> --d----- c:\program files\common files\ODBC
2009-01-12 06:49 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-12 06:49 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-01-12 17:38 5,058 a------- c:\windows\help\hhcolreg.dat
2009-01-12 16:11 94,208 a------- c:\windows\MXOALDR.EXE
2009-01-12 14:41 87,747 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-12 11:59 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-01-05 17:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys

============= FINISH: 10:14:57.71 ===============

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-06 10:33:22
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 89193050 ZwAlertResumeThread
SSDT 899C4050 ZwAlertThread
SSDT 89158470 ZwAllocateVirtualMemory
SSDT 89190050 ZwAssignProcessToJobObject
SSDT GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) ZwClose [0xF795DA40]
SSDT 89A24340 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA984020]
SSDT 891579D0 ZwCreateMutant
SSDT 8A1F0478 ZwCreateProcess
SSDT 8A19EC10 ZwCreateProcessEx
SSDT 891574B8 ZwCreateSymbolicLinkObject
SSDT 8915DAB0 ZwCreateThread
SSDT 899C1050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA9842A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA984800]
SSDT 891585C8 ZwDuplicateObject
SSDT 891582D0 ZwFreeVirtualMemory
SSDT GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) ZwFsControlFile [0xF795DAD0]
SSDT 899C3050 ZwImpersonateAnonymousToken
SSDT 891E9050 ZwImpersonateThread
SSDT 89A257E0 ZwLoadDriver
SSDT 89157FB0 ZwMapViewOfSection
SSDT 89192050 ZwOpenEvent
SSDT 89158768 ZwOpenProcess
SSDT 89195050 ZwOpenProcessToken
SSDT 899C2050 ZwOpenSection
SSDT 89158698 ZwOpenThread
SSDT 89157588 ZwProtectVirtualMemory
SSDT 8A17FF30 ZwQueueApcThread
SSDT 8A17FDC8 ZwReadVirtualMemory
SSDT 8A180150 ZwRenameKey
SSDT 899D00B8 ZwResumeThread
SSDT 899C5050 ZwSetContextThread
SSDT 8A211588 ZwSetInformationKey
SSDT 89157E58 ZwSetInformationProcess
SSDT 8A19A370 ZwSetInformationThread
SSDT 891E7050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA984A50]
SSDT 891E8050 ZwSuspendProcess
SSDT 891EA050 ZwSuspendThread
SSDT 899C6050 ZwTerminateProcess
SSDT 89194050 ZwTerminateThread
SSDT 891EB050 ZwUnmapViewOfSection
SSDT 891583A0 ZwWriteVirtualMemory

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip 89A3D0E8
Device \Driver\Tcpip \Device\Ip 89E13020

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp 89A3D0E8
Device \Driver\Tcpip \Device\Tcp 89E13020

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\Tcpip \Device\Udp 89A3D0E8
Device \Driver\Tcpip \Device\Udp 89E13020

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Disk \Device\Harddisk0\DR0 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation)
Device \Driver\Tcpip \Device\RawIp 89A3D0E8
Device \Driver\Tcpip \Device\RawIp 89E13020

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Disk \Device\Harddisk1\DR2 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation)
Device \Driver\Disk \Device\Harddisk2\DR4 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation)
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+5 GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST 89A3D0E8
Device \Driver\Tcpip \Device\IPMULTICAST 89E13020

AttachedDevice \FileSystem\Fastfat \Fat SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

---- EOF - GMER 1.0.14 ----


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/12/2009 12:10:07 PM
System Uptime: 2/6/2009 8:21:44 AM (2 hours ago)

Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 86.979 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is FIXED (FAT32) - 931 GiB total, 873.588 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0
Service:

==== System Restore Points ===================

RP6: 2/3/2009 7:21:37 PM - System Checkpoint
RP7: 2/3/2009 7:24:00 PM - Configured Maxtor OneTouch
RP8: 2/3/2009 9:05:30 PM - Software Distribution Service 3.0
RP9: 2/4/2009 9:35:43 PM - System Checkpoint
RP10: 2/4/2009 11:41:00 PM - Software Distribution Service 3.0
RP11: 2/6/2009 9:19:55 AM - System Checkpoint

==== Installed Programs ======================

1Click DVD Copy 5.5.9.0
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
AnyDVD
ATI Control Panel
ATI Display Driver
ATIMCEE
Audio Comparer
B57Inst
Broadcom Driver Installer
BufferChm
ccCommon
CheckIt Diagnostics
CodeStuff Starter
Component Framework
Connection Keep Alive
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Panorama1Config
CueTour
Cypress USB Mass Storage Driver Installation
Dell ResourceCD
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DigitImg
DocProc
DocumentViewer
DocumentViewerQFolder
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD X Rescue
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0
DVDFab HD Decrypter 3.1.3.2
DVDXCopy Platinum 3.1.0
EPSON Print CD
EPSON Printer Software
eSupportQFolder
Film Factory
FullDPAppQFolder
GemMaster Mystic
Google Toolbar for Internet Explorer
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Memories Disc
HP Scanjet 4800 series
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
hpg4850
HPProductAssistant
ImgBurn
InstantShareDevices
Intel(R) PRO Network Adapters and Drivers
Internet RadioFan 1.3.0
LiveUpdate (Symantec Corporation)
Managed DirectX (0901)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Broadband Networking
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Streets and Trips 2005
Microsoft Visual C++ 2005 Redistributable
MSRedist
MSXML 4.0 SP2 (KB954430)
Norton Cleanup
Norton GoBack 4.2
Norton Internet Security
Norton Protection Center
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
Otto
PanoStandAlone
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 3
PowerDVD
PS7900
PSShortcuts
PSUsage
QuickTime
RandMap
RealOne Player
Roxio Easy Media Creator 7
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SereneScene Marine Aquarium 2
SkinsHP1
SolutionCenter
Sonic PrimeTime
Sonic Update Manager
Sonic_PrimoSDK
Sound Blaster Live!
SPBBC 32bit
Spy Sweeper
Spybot - Search & Destroy
SpywareBlaster 4.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
USB Storage Adapter FX (MXO)
USB Storage Adapter FX (SM1)
WD Diagnostics
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

==== Event Viewer Messages From Past Week ========

2/1/2009 5:01:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/1/2009 4:58:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Speed Disk service service to connect.
2/1/2009 4:58:46 PM, error: Service Control Manager [7000] - The Norton UnErase Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/1/2009 4:58:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Norton UnErase Protection service to connect.
2/1/2009 4:58:46 PM, error: Service Control Manager [7000] - The Media Center Scheduler Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/1/2009 4:58:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Scheduler Service service to connect.
2/1/2009 11:51:11 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/1/2009 11:51:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/1/2009 5:01:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/1/2009 5:02:05 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2009 5:02:05 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2009 5:02:05 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2009 5:02:05 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/1/2009 5:02:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP cdudf_xp Cinemsup eeCtrl ElbyCDIO Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SRTSP SRTSPX SYMTDI Tcpip

==== End Of File ===========================

[Ried]

Thank you. : )

Quote:

I also have SpyBot, SpyBlaster and Spy Sweeper (without virus protect) installed.

It seems you do have the AV installed:

Quote:

AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

Uninstall it and reinstall it again without the AV.

Quote:

I thought all was fine until I ran a full system scan and the Trojan Horse came up.

Where is it finding the infection? What is the full file path?



Let's see if an online scan helps us out any. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[triviaace]

The version of Spy Sweeper on my computer is without anti-virus. In order to run Kaspersky I am told I need to download Java 1.5, ActivX control and Add On. I will do this if you say it is necessary.

[Ried]

Yes, please do install Sun Java. It is much more secure than Microsoft's java.

• Download the latest version of Java Runtime Environment (JRE) 6.
  
  
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 12. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  
  
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
  
  
• Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Then from your desktop, double-click on jre-6u12-windows-i586-p.exe to install the program.

[triviaace]

Listed below is the Kasperski scan report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, February 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 09, 2009 15:46:56
Records in database: 1774542
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 77296
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:02:23


File name / Threat name / Threats count
C:\Program Files\My Kazaa Gold\giFT\incoming\4C630004C2C00057AB11.boomer sooner.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\WINDOWS\Downloaded Installations\{F0E5FAD3-859E-457C-BEBE-779A607E7BF3}\My Kazaa Gold.msi Infected: not-a-virus:Porn-Tool.Win32.Porn2Peer.b 1

The selected area was scanned.

[triviaace]

Will deleting the infected files remove the virus?

[Ried]

Hello, apologies for the delay, but I was at work all day.

You do need to delete those infected files, but as long as you are using a P2P program, you will continue to place yourself at risk. Please take a look at our sticky topic Perils of P2P File Sharing.

Let me know if Norton still detects Brisv.A after you delete those files.

[triviaace]

Thank you very much for the assistance. It appears Kaspersky found what Norton and other AV programs could not. I deleted those files and the Trojan Horse rode off with them. To think, I only tried to share a college fight song and got more than I bargained for. Thank you again.

[Ried]

You're welcome, triviaace. As explained in the link I just gave you, caution is always advised with P2P programs and file sharing.

Take care and surf safely.