|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-04-2009, 02:09 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 32
OS: XP Pro
|
virus
Hello,
I was browsing unfamiliar territory and a popup got me--disabled anitivirus, spyware blaster does not run, gmer.exe did not run until I renamed it, firefox shuts down. I shut down and deleted executibles named a.exe, b.exe and c.exe. A file named a.dat keeps appearing in my temp directory. I bet the virus has something to do with the file UACvpptjniqpvqlsvo.sys, but I can see it in explorer. Thank you for your assistance, and I look forward to hearing from you. Best, D DDS (Ver_09-05-14.01) - NTFSx86 Run by Dissonance at 13:30:02.85 on Thu 06/04/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1030 [GMT -6:00] AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\msa.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Weather Watcher\ww.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Screen Saver Control\ScreenSaverControl.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Thunderbird\thunderbird.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Paul\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://classiclit.about.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [WeatherWatcher] "c:\program files\weather watcher\ww.exe" uRun: [Screen Saver Control] c:\program files\screen saver control\ScreenSaverControl.exe -quiet uRun: [net] "c:\windows\system32\net.net" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [MsUpdater] c:\windows\system32\msupdater.exe mRun: [VirtualCloneDrive] "c:\program files\virtualclonedrive\VCDDaemon.exe" /s mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [net] "c:\windows\system32\net.net" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {2B121CDA-A8C6-4E78-85AB-6A422485C098} - hxxps://www.certmanserv.com/AUTHORize/Controls/AUTHORize_ItemEditorControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\disson~1\applic~1\mozilla\firefox\profiles\8wmdym00.default\ FF - prefs.js: browser.startup.homepage - paul.lombardi.ws FF - component: c:\documents and settings\dissonance\application data\mozilla\firefox\profiles\8wmdym00.default\extensions\{31513e58-f253-47ad-86db-d5f21e905429}\components\mintray-9178506d-2005072516-trunk.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyrMus.dll ============= SERVICES / DRIVERS =============== R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392] R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2007-12-14 417792] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176] R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [2007-3-9 25704] R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2007-3-9 23400] R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\system32\drivers\hpusbfd.sys [2008-12-14 7552] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090529.003\naveng.sys [2009-5-29 89104] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090529.003\navex15.sys [2009-5-29 876144] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2008-11-15 102912] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568] S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2007-11-30 20992] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608] =============== Created ================ 2009-06-04 09:17 111,094 a------- c:\windows\system32\net.net 2009-06-01 13:23 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys 2009-06-01 13:23 <DIR> --d----- c:\program files\PC Connectivity Solution 2009-06-01 12:02 <DIR> --d----- c:\documents and settings\dissonance\Tracing ==================== Find3M ==================== 2009-03-21 08:06 56,880 a------- c:\windows\system32\scvideo.dll 2009-03-17 10:38 364,544 -------- c:\windows\system32\MACDll.dll 2009-03-13 20:30 81,736 -------- c:\windows\system32\lmdimon8.dll 2009-03-12 09:30 142,504 -------- c:\windows\system32\ElbyVCD.dll 2008-06-01 23:09 87,608 -------- c:\docume~1\disson~1\applic~1\inst.exe 2008-06-01 23:09 47,360 -------- c:\docume~1\disson~1\applic~1\pcouffin.sys ============= FINISH: 13:31:48.71 =============== |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-07-2009, 02:32 PM
|
#3 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,705
OS: XP SP3
|
Re: virus
Hello and Welcome to TSF.
Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. ------------------------------------------------------ Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ One or more of the identified infections is a backdoor trojan. This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud? ------------------------------------------------------ Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper. ------------------------------------------------------ Download ComboFix from any of the links below. You must rename it to Combo-Fix before saving it. Save it to your Desktop. If you are using Firefox, go to Tools > Options > Main and select 'Always ask me where to save files' and click OK. Link 1 Link 2 Link 3   * IMPORTANT !!! Save Combo-Fix.exe to your Desktop ------------------------------------------------------
 Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. ------------------------------------------------------ Go to Start > Run and copy/paste the following into the Run box and click OK: C:\Qoobox\Add-Remove Programs.txt A text file should open. Please post the contents of that file in your next reply. ------------------------------------------------------ Please post the following in your next reply: ComboFix.txt Add-Remove Programs.txt If you have any questions along the way...STOP and ask them before proceeding. |
|
|
|
|
06-07-2009, 03:41 PM
|
#4 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 32
OS: XP Pro
|
Re: virus
chemist, thanks for your help.
ComboFix 09-06-07.01 - Dissonance 06/07/2009 15:19.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1405 [GMT -6:00] Running from: c:\paul\Desktop\Combo-Fix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point . ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Dissonance\Application Data\inst.exe c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf c:\windows\system32\uacinit.dll c:\windows\system32\UACrgrnvibhdawwwfx.db c:\windows\system32\UACuegrwraklnrudfo.dat c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job . ((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 ))))))))))))))))))))))))))))))) . 2009-06-07 21:20 . 2009-06-07 21:20 27312 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.dll 2009-06-07 21:20 . 2009-06-07 21:20 22192 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.dll 2009-06-07 21:13 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-06-07 21:13 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-06-07 21:13 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-06-07 21:13 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-06-07 21:13 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-06-07 21:13 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-06-07 21:13 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-06-07 21:13 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-06-07 21:13 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-06-07 21:13 . 2009-06-07 21:13 -------- d-----w- c:\program files\Alwil Software 2009-06-07 19:21 . 2009-06-07 21:10 -------- d-----w- c:\program files\Enigma Software Group 2009-06-07 18:34 . 2009-06-07 21:09 -------- d-----w- c:\program files\Panda Security 2009-06-07 01:55 . 2009-03-17 20:24 30560 ----a-w- c:\windows\system32\drivers\nx6000.sys 2009-06-07 01:55 . 2009-03-17 20:24 186208 ----a-w- c:\windows\system32\LCCoin20.dll 2009-06-07 01:55 . 2009-06-07 01:55 -------- d-----w- c:\program files\Microsoft LifeCam 2009-06-07 01:52 . 2007-07-20 00:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2009-06-07 00:36 . 2009-06-07 00:39 -------- d-----w- c:\documents and settings\Dissonance\Application Data\SumatraPDF 2009-06-07 00:36 . 2009-06-07 00:36 -------- d-----w- c:\program files\SumatraPDF 2009-06-07 00:27 . 2009-06-07 04:58 -------- d-----w- c:\documents and settings\Dissonance\Local Settings\Application Data\CutePDF Writer 2009-06-06 23:49 . 2009-06-06 23:49 -------- d-----w- c:\program files\GPLGS 2009-06-06 23:48 . 2009-06-06 23:48 -------- d-----w- c:\program files\Acro Software 2009-06-06 23:48 . 2007-07-13 04:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2009-06-06 21:05 . 2009-06-06 22:50 -------- d-----w- c:\windows\BDOSCAN8 2009-06-02 23:36 . 2009-06-02 23:36 -------- d-----w- c:\documents and settings\Dissonance\Application Data\Publish Providers 2009-06-01 19:22 . 2009-06-01 19:22 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe 2009-06-01 19:22 . 2009-06-01 19:22 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-06-01 19:22 . 2009-06-01 19:22 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe 2009-06-01 18:02 . 2009-06-01 18:02 -------- d-----w- c:\documents and settings\Dissonance\Tracing 2009-05-20 16:57 . 2009-05-20 16:55 1109 ------w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Paul's Files (work)\00000014\maindata.sys 2009-05-18 04:26 . 2009-05-18 04:26 -------- d-----w- c:\documents and settings\Dissonance\Application Data\dvdcss 2009-05-15 17:58 . 2009-05-15 17:58 -------- d-----w- c:\documents and settings\Dissonance\Local Settings\Application Data\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-07 21:19 . 2008-06-02 01:06 -------- d-----w- c:\documents and settings\Dissonance\Application Data\WeatherWatcher 2009-06-07 20:26 . 2008-06-01 21:12 -------- d-----w- c:\program files\Symantec AntiVirus 2009-06-07 19:55 . 2008-06-01 23:34 -------- d-----w- c:\program files\Thunderbird 2009-06-07 19:16 . 2008-07-08 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-07 19:14 . 2008-06-01 21:37 -------- d-----w- c:\program files\Dell 2009-06-07 19:04 . 2008-09-24 22:45 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-06-07 16:34 . 2008-07-11 16:12 -------- d-----w- c:\documents and settings\Dissonance\Application Data\Skype 2009-06-07 15:02 . 2008-07-11 16:02 -------- d-----w- c:\documents and settings\Dissonance\Application Data\skypePM 2009-06-07 07:28 . 2008-06-27 19:06 -------- d-----w- c:\documents and settings\Dissonance\Application Data\uTorrent 2009-06-07 01:38 . 2008-07-11 16:36 -------- d-----w- c:\program files\SplitCam 2009-06-06 19:25 . 2008-06-02 01:09 -------- d-----w- c:\program files\SpywareGuard 2009-06-05 16:15 . 2008-07-08 16:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-04 18:57 . 2009-04-10 20:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-04 18:56 . 2008-06-12 13:59 -------- d-----w- c:\program files\SpywareBlaster 2009-06-04 01:21 . 2008-06-02 01:06 -------- d-----w- c:\program files\Weather Watcher 2009-06-01 19:28 . 2008-09-08 21:13 -------- d-----w- c:\program files\Common Files\Nokia 2009-06-01 19:22 . 2009-04-01 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-05-31 15:14 . 2008-12-20 20:53 1109 ----a-w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Paul's iTunes\00000009\maindata.sys 2009-05-30 22:56 . 2009-04-23 02:53 1109 ----a-w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Maestro (home)\00000000\maindata.sys 2009-05-22 20:40 . 2008-09-24 22:17 -------- d-----w- c:\documents and settings\Dissonance\Application Data\Any Video Converter 2009-05-20 22:33 . 2008-06-01 22:17 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-20 16:29 . 2008-12-18 17:00 1109 ------w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Maestro (work)\00000009\maindata.sys 2009-05-14 13:12 . 2007-04-20 16:47 -------- d-----w- c:\program files\Trillian 2009-05-14 12:33 . 2008-06-02 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-05-12 01:56 . 2008-11-28 17:37 -------- d-----w- c:\program files\Finale 2009 2009-05-05 16:57 . 2009-05-05 19:07 1109 ------w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Paul's Files (home)\00000010\maindata.sys 2009-05-05 15:38 . 2009-05-05 15:41 1109 ------w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Paul's Files (work)\00000013\maindata.sys 2009-05-04 21:36 . 2009-05-04 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications 2009-05-03 19:18 . 2009-05-03 19:18 -------- d-----w- c:\documents and settings\Dissonance\Application Data\vlc 2009-05-03 19:17 . 2008-09-15 00:22 -------- d-----w- c:\program files\VLC 2009-04-23 00:25 . 2008-06-02 06:41 -------- d-----w- c:\documents and settings\Dissonance\Application Data\Apple Computer 2009-04-21 22:30 . 2009-04-21 22:30 -------- d-----w- c:\documents and settings\Dissonance\Application Data\Design Science 2009-04-21 19:41 . 2009-04-21 21:45 1109 ------w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Paul's Files (home)\00000009\maindata.sys 2009-04-21 19:39 . 2009-04-21 19:40 1109 ------w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Paul's Files (work)\00000012\maindata.sys 2009-04-20 15:35 . 2009-04-20 15:35 -------- d-----w- c:\program files\Monkey's Audio 2009-04-19 23:36 . 2009-04-19 23:36 -------- d-----w- c:\program files\iTunes 2009-04-19 23:36 . 2009-04-19 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-04-19 23:36 . 2009-04-19 23:36 -------- d-----w- c:\program files\iPod 2009-04-19 23:36 . 2008-06-02 06:38 -------- d-----w- c:\program files\Common Files\Apple 2009-04-19 23:28 . 2009-04-19 23:28 75048 ------w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-04-09 18:12 . 2009-04-09 20:30 1109 ------w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Paul's Files (home)\00000008\maindata.sys 2009-04-09 17:18 . 2009-04-09 18:11 1109 ------w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Paul's Files (work)\00000011\maindata.sys 2009-04-06 02:16 . 2008-12-14 19:37 1080 ------w- c:\windows\AUTOLNCH.REG 2009-04-02 16:03 . 2009-04-02 18:22 1109 ------w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Paul's Files (home)\00000007\maindata.sys 2009-04-02 15:35 . 2009-04-02 15:37 1109 ------w- c:\documents and settings\Dissonance\Application Data\Genie-soft\GBMPro8\Jobs\Paul's Files (work)\00000010\maindata.sys 2009-03-21 14:06 . 2004-08-04 12:00 56880 ----a-w- c:\windows\system32\scvideo.dll 2009-03-19 22:32 . 2009-03-19 22:32 23400 ------w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-19 22:32 . 2008-01-29 18:01 23400 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-17 16:38 . 2009-04-20 15:35 364544 ------w- c:\windows\system32\MACDll.dll 2009-03-14 02:30 . 2008-11-07 23:09 81736 ------w- c:\windows\system32\lmdimon8.dll 2009-03-12 15:30 . 2009-03-12 15:30 142504 ------w- c:\windows\system32\ElbyVCD.dll 2008-04-25 20:32 . 2008-04-25 20:32 5817064 ------w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2009-06-02 1110016] "Screen Saver Control"="c:\program files\Screen Saver Control\ScreenSaverControl.exe" [2005-12-07 741376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800] "GBMPro8Agent"="c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe" [2007-12-03 230016] "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128] "VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"= "c:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "\\\\dlink-ED30F8\\Volume_1\\easy_search_utility_4400.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] R2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [12/14/2007 3:24 AM 417792] R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [3/9/2007 12:09 PM 25704] R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [3/9/2007 12:16 PM 23400] R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\system32\drivers\hpusbfd.sys [12/14/2008 12:45 PM 7552] R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [11/15/2008 11:29 AM 102912] S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [11/30/2007 6:33 PM 20992] S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [6/6/2009 7:55 PM 30560] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608] --- Other Services/Drivers In Memory --- *NewlyCreated* - MCHINJDRV *Deregistered* - EraserUtilDrv10910 *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F345481E-B281-BD4B-B7DF-52BFF089E176}] c:\windows\system32\msupdater.exe . Contents of the 'Scheduled Tasks' folder 2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34] . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {2B121CDA-A8C6-4E78-85AB-6A422485C098} - hxxps://www.certmanserv.com/AUTHORize/Controls/AUTHORize_ItemEditorControl.cab FF - ProfilePath - c:\documents and settings\Dissonance\Application Data\Mozilla\Firefox\Profiles\8wmdym00.default\ FF - prefs.js: browser.startup.homepage - paul.lombardi.ws FF - component: c:\documents and settings\Dissonance\Application Data\Mozilla\Firefox\Profiles\8wmdym00.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components\mintray-9178506d-2005072516-trunk.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyrMus.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-07 15:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(936) c:\windows\system32\netprovcredman.dll . Completion time: 2009-06-07 15:23 ComboFix-quarantined-files.txt 2009-06-07 21:23 Pre-Run: 36,299,317,248 bytes free Post-Run: 36,395,888,640 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 233 --- E O F --- 2009-05-14 12:34 µTorrent 2007 Microsoft Office Suite Service Pack 1 (SP1) 32 Bit HP BiDi Channel Components Installer Acronis*Disk Director Suite Adobe Acrobat 9 Pro Extended - English, Français, Deutsch Adobe Acrobat 9.1.1 - CPSID_49013 Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Setup Adobe Stock Photos CS3 Adobe Type Manager 4.1 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 ALPS Touch Pad Driver Any Video Converter 2.6.3 AnyDVD Apple Mobile Device Support Apple Software Update AutoUpdate avast! Antivirus AVI & MPEG Splitter 1.48 AVI/MPEG/RM/WMV Joiner 4.11 Boilsoft Video Splitter 5.01 Bonjour Broadcom Gigabit Integrated Controller Broadcom TPM Driver Installer Brother HL-5250DN CCleaner (remove only) Conexant HDA D110 MDC V.92 Modem ConvertXtoDVD 2.2.3.258 Critical Update for Windows Media Player 11 (KB959772) CuteFTP 8 Professional CutePDF Writer 2.7 Dell Wireless WLAN Card Dell(TM) Client Configuration Utility DisplayLink Core Software DisplayLink Software DivX Easy Video Joiner 5.21 Easy Video Splitter 1.28 Finale 2009 FLAC 1.2.1b (remove only) Free 3GP Video Converter version 3.1 Garritan Instruments for Finale 2009 Genie Backup Manager Pro 8.0 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Icon Restore 1.0 Intel(R) Graphics Media Accelerator Driver Intel(R) PROSet/Wireless Software iTunes Java(TM) 6 Update 6 Java(TM) 6 Update 7 LiveUpdate 2.6 (Symantec Corporation) Maple 9.5 MathType 6 mCore mDriver mDrWiFi Medieval CUE Splitter mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft LifeCam Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office Live Meeting 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Visual C++ 2005 Redistributable mIWA mLogView mMHouse MobileMe Control Panel Monkey's Audio Mozilla Firefox (3.0.10) Mozilla Thunderbird (2.0.0.21) mPfMgr mPfWiz mProSafe mSCfg mSSO MSVC80_x86 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) mWlsSafe mWMI mZConfig Nero Suite Netflix Movie Viewer Octoshape add-in for Adobe Flash Player PDF Settings PlexTools Professional LE V3.13 PSPad editor QuickSet QuickTime RealPlayer Reasonable NoClone 2007 Enterprise Recuva (remove only) Sandboxie 3.32 Screen Saver Control Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB960003) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB959997) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Sibelius Scorch (Firefox, Opera, Netscape only) SigmaTel Audio Skype™ 3.8 SMPlayer 0.5.62 Sony Noise Reduction Plug-In 2.0h Sony Sound Forge 9.0 SplitCam Spybot - Search & Destroy SpywareBlaster 4.2 SpywareGuard v2.2 Sumatra PDF reader Symantec AntiVirus Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB957244) Update for Microsoft Office Excel 2007 Help (KB957242) Update for Microsoft Office Outlook 2007 (KB952142) Update for Microsoft Office PowerPoint 2007 Help (KB957247) Update for Microsoft Office Word 2007 Help (KB957252) Update for Microsoft Script Editor Help (KB957253) Update for Outlook 2007 Junk Email Filter (kb968503) Update for Windows XP (KB942763) Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951618-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VirtualCloneDrive VLC media player 0.9.9 Weather Watcher WebFldrs XP Windows Driver Package - Nokia Modem (05/22/2008 3.8) Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows PowerShell(TM) 1.0 Windows XP Service Pack 3 WinRAR archiver |
|
|
|
|
06-07-2009, 04:34 PM
|
#5 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,705
OS: XP SP3
|
Re: virus
Hello, Dissonance1. Please tell us how your system is behaving.
Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ It appears that you have two antivirus programs installed and running, avast! and Symantec. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Add or Remove Programs in your Control Panel. I suggest uninstalling Symantec. If you decide to uninstall Symantec, do the following: Please uninstall the following via the Add or Remove Programs section of your Control Panel if they still exist: LiveUpdate 2.6 (Symantec Corporation) Symantec AntiVirus Decline any prompt to restart your computer. Please download the Norton Removal Tool and Save it to your Desktop.
I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here, and here. I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs. ------------------------------------------------------ Go to Start > Run and copy/paste the following into the Run box and click OK: cmd /c rd /s /q "c:\program files\Enigma Software Group" A DOS window will open and close again, this is normal. ------------------------------------------------------ Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Please download ATF-Cleaner by Atribune and Save it to your Desktop.
For Technical Support, double-click the e-mail address located at the bottom of each menu. ------------------------------------------------------ Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan. Establish an internet connection & perform an online scan at Kaspersky Online Scanner Click Accept, when prompted to download and install the program files and database of malware definitions.
 **Note** To optimize scanning time and produce a more sensible report for review:
------------------------------------------------------ Please run gmer.exe again and attach the log to your next reply. ------------------------------------------------------ Please post the following in your next reply: Kaspersky report an attached gmer log report on system behavior |
|
|
|
|
06-07-2009, 10:20 PM
|
#6 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 32
OS: XP Pro
|
Re: virus
Here you go:
-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Sunday, June 7, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Monday, June 08, 2009 01:13:57 Records in database: 2324533 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 107049 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 02:00:52 No malware has been detected. The scan area is clean. The selected area was scanned. GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-07 22:10:56 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA8C956B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8C95574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA8C95A52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA8C9514C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA8C9564E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA8C9508C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA8C950F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA8C9576E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA8C9572E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA8C958AE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA8C9E82E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA8C9E678] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA8C9E7AC] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000ee7500f3b Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000ee7500f3b@001fc429cff8 0xFC 0x74 0x79 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ee7500f3b Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ee7500f3b@001fc429cff8 0xFC 0x74 0x79 0xB5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ee7500f3b Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ee7500f3b@001fc429cff8 0xFC 0x74 0x79 0xB5 ... ---- Files - GMER 1.0.15 ---- File C:\Temp\More\8\10-3.jpg 95323 bytes ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
06-08-2009, 03:30 AM
|
#7 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,705
OS: XP SP3
|
Re: virus
Hello again, Dissonance1. How is your system behaving?
Please run dds one more time and post the first log, DDS.txt, in your next reply. ------------------------------------------------------ |
|
|
|
|
06-08-2009, 09:20 AM
|
#8 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 32
OS: XP Pro
|
Re: virus
My computer is running fine. Do you think it's safe to reopen my online access to my bank accounts? Thanks for all your help.
DDS (Ver_09-05-14.01) - NTFSx86 Run by Dissonance at 9:12:12.62 on Mon 06/08/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1365 [GMT -6:00] AV: avast! antivirus 4.8.1335 [VPS 090607-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Weather Watcher\ww.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Screen Saver Control\ScreenSaverControl.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Thunderbird\thunderbird.exe C:\Program Files\Trillian\trillian.exe C:\Paul\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [WeatherWatcher] "c:\program files\weather watcher\ww.exe" uRun: [Screen Saver Control] c:\program files\screen saver control\ScreenSaverControl.exe -quiet mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [GBMPro8Agent] c:\program files\genie-soft\gbmpro8\GBMAgent.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [VirtualCloneDrive] "c:\program files\virtualclonedrive\VCDDaemon.exe" /s mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\disson~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {2B121CDA-A8C6-4E78-85AB-6A422485C098} - hxxps://www.certmanserv.com/AUTHORize/Controls/AUTHORize_ItemEditorControl.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\disson~1\applic~1\mozilla\firefox\profiles\8wmdym00.default\ FF - prefs.js: browser.startup.homepage - FF - component: c:\documents and settings\dissonance\application data\mozilla\firefox\profiles\8wmdym00.default\extensions\{31513e58-f253-47ad-86db-d5f21e905429}\components\mintray-9178506d-2005072516-trunk.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMyrMus.dll ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-7 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-7 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-7 138680] R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2007-12-14 417792] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-7 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-7 352920] R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [2007-3-9 25704] R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2007-3-9 23400] R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\system32\drivers\hpusbfd.sys [2008-12-14 7552] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2008-11-15 102912] S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2007-11-30 20992] S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-6-6 30560] =============== Created Last 30 ================ 2009-06-07 22:19 30,314,364 a------- c:\temp\0110-Forbidden-Fashion.zip 2009-06-07 16:57 410,984 a------- c:\windows\system32\deploytk.dll 2009-06-07 16:57 73,728 a------- c:\windows\system32\javacpl.cpl 2009-06-07 16:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2009-06-07 15:17 <DIR> a-dshr-- C:\cmdcons 2009-06-07 15:15 161,792 a------- c:\windows\SWREG.exe 2009-06-07 15:15 154,624 a------- c:\windows\PEV.exe 2009-06-07 15:15 98,816 a------- c:\windows\sed.exe 2009-06-07 13:06 <DIR> --d----- c:\windows\system32\appmgmt 2009-06-06 19:55 567,136 a------- c:\windows\system32\LcProxy.ax 2009-06-06 19:55 186,208 a------- c:\windows\system32\LCCoin20.dll 2009-06-06 19:55 30,560 a------- c:\windows\system32\drivers\nx6000.sys 2009-06-06 19:55 <DIR> --d----- c:\program files\Microsoft LifeCam 2009-06-06 19:52 3,727,720 a------- c:\windows\system32\d3dx9_35.dll 2009-06-06 18:36 <DIR> --d----- c:\docume~1\disson~1\applic~1\SumatraPDF 2009-06-06 17:48 <DIR> --d----- c:\program files\Acro Software 2009-06-05 10:50 3,987 a------- c:\windows\wininit.ini 2009-06-01 12:02 <DIR> --d----- c:\documents and settings\dissonance\Tracing 2009-05-10 12:46 <DIR> --d----- c:\temp\Animated ==================== Find3M ==================== 2009-03-21 08:06 56,880 a------- c:\windows\system32\scvideo.dll 2009-03-17 10:38 364,544 -------- c:\windows\system32\MACDll.dll 2009-03-13 20:30 81,736 -------- c:\windows\system32\lmdimon8.dll 2009-03-12 09:30 142,504 -------- c:\windows\system32\ElbyVCD.dll 2008-06-01 23:09 47,360 -------- c:\docume~1\disson~1\applic~1\pcouffin.sys ============= FINISH: 9:12:46.78 =============== |
|
|
|
|
06-08-2009, 11:40 AM
|
#9 (permalink) |
|
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
Join Date: Oct 2007
Location: Georgia
Posts: 10,705
OS: XP SP3
|
Re: virus
Hello again, Dissonance1. Yes, you are safe to do so.
------------------------------------------------------ Congratulations. Well done! Your logs appear clean. You should be good to go. Please disable avast! before uninstalling ComboFix and then re-enable it after doing so. Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK: combofix /u This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore point. Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already. You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix. ------------------------------------------------------ MICROSOFT UPDATES It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. SPYWARE PREVENTION This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
Please respond to this thread one more time so we can mark this thread as resolved. |
|
|
|
| Thread Tools | |
|
|
