help please trojan.fakealert :(

littlebritches · 06-17-2009, 10:09 AM

Hi please could anyone shed anylight on the following hopefully I have done this correct apparently I have been informed by avast that I have a trojan.fakealert ???

littlebritches · 06-17-2009, 01:36 PM

Hi, Please could anyone tell me if I have included the corrct information for you to ba able to help me with this??

littlebritches · 06-18-2009, 12:13 AM

Please could someone help only it told me someone is trying to access my passwords and i am worried as I do a lot of online banking on there.

I also have bought norton will the get rid of the virus if i install it??
Thank you in advance

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\CSHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcrcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\2 little boys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUOCG9LW\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [eBayToolbar] c:\program files\ebay\ebay toolbar2\eBayTBDaemon.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.klickphotostore.co.uk/SnapfishUKActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-12 114768]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090331.003\IDSvix86.sys [2009-4-2 272432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-12 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-12 51792]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-28 266240]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-7 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-5 101936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]

=============== Created Last 30 ================

2009-06-17 16:02 72,704 a------- c:\windows\system32\admparse.dll
2009-06-17 16:01 385,024 a------- c:\windows\system32\html.iec
2009-06-17 16:01 169,472 a------- c:\windows\system32\iexpress.exe
2009-06-17 16:01 45,568 a------- c:\windows\system32\mshta.exe
2009-06-17 16:01 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-06-17 16:01 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-06-17 16:01 109,056 a------- c:\windows\system32\iesysprep.dll
2009-06-17 16:01 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-06-17 16:01 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-06-17 16:01 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-06-17 15:56 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-17 15:55 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-17 15:55 506,368 a------- c:\windows\system32\msxml.dll
2009-06-15 17:13 <DIR> --d----- c:\programdata\SITEguard
2009-06-15 17:13 <DIR> --d----- c:\progra~2\SITEguard
2009-06-15 17:11 <DIR> --d----- c:\program files\common files\iS3
2009-06-15 17:11 <DIR> --d----- c:\programdata\STOPzilla!
2009-06-15 17:11 <DIR> --d----- c:\progra~2\STOPzilla!
2009-06-15 16:36 <DIR> a-d----- c:\programdata\TEMP
2009-06-15 16:07 <DIR> --d----- c:\program files\common files\Uninstall
2009-06-15 16:07 <DIR> --d----- c:\program files\PAV
2009-06-15 07:47 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-15 07:47 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-15 07:47 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-15 07:47 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-15 07:47 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-11 06:45 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-11 06:45 636,928 a------- c:\windows\system32\localspl.dll
2009-06-11 06:45 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-05-29 18:05 376 a------- c:\windows\ODBC.INI
2009-05-29 18:05 28,040 a------- c:\windows\system32\mdimon.dll
2009-05-29 18:04 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-05-25 15:52 298,294,033 a------- c:\windows\MEMORY.DMP
2009-05-24 12:26 <DIR> --d----- c:\users\2littl~1\appdata\roaming\eBay
2009-05-23 00:13 <DIR> --d----- c:\programdata\eBay
2009-05-23 00:13 <DIR> --d----- c:\progra~2\eBay
2009-05-23 00:13 <DIR> --d----- c:\program files\eBay

==================== Find3M ====================

2009-06-15 17:02 28,599 a------- c:\programdata\nvModes.dat
2009-06-15 17:02 28,599 a------- c:\progra~2\nvModes.dat
2009-05-29 10:53 1,844 a------- c:\users\2littl~1\appdata\roaming\wklnhst.dat
2009-05-09 06:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 06:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-02-27 17:37 86,016 a------- c:\windows\inf\infstor.dat
2009-02-27 17:37 51,200 a------- c:\windows\inf\infpub.dat
2009-02-27 17:37 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-04 22:09 32 a------- c:\programdata\ezsid.dat
2009-02-04 22:09 32 a------- c:\progra~2\ezsid.dat
2008-08-04 15:52 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:59:16.11 ===============

Ried · 06-19-2009, 10:33 PM

Hello littlebritches,

I realize you installed Norton in an attempt to try to clean your system, but now you have 2 Anti Virus programs installed, and that's never a good idea. More than 1 Anti Virus can cause conflicts and confusion between the AV programs as well as system slow downs and other types of instability. Please choose and run only 1 and uninstall the other by clicking the round Windows Logo button in the lower left corner-> Control Panel-> Programs-> Uninstall a program

After you've completed the above, download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

06-17-2009, 01:36 PM	#2 (permalink)
littlebritches Registered User Join Date: Jun 2009 Posts: 5 OS: vista	Re: help please trojan.fakealert :( Hi, Please could anyone tell me if I have included the corrct information for you to ba able to help me with this??

06-18-2009, 12:13 AM	#3 (permalink)
littlebritches Registered User Join Date: Jun 2009 Posts: 5 OS: vista	Re: help please trojan.fakealert :( Please could someone help only it told me someone is trying to access my passwords and i am worried as I do a lot of online banking on there. I also have bought norton will the get rid of the virus if i install it?? Thank you in advance AV: Norton Internet Security On-access scanning enabled (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} SP: Norton Internet Security enabled (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} FW: Norton Internet Security enabled {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Windows\system32\WLANExt.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\spoolsv.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\CSHelper.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxcrcoms.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lexmark 2400 Series\lxcrmon.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Registry Mechanic\RMTray.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Users\2 little boys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZUOCG9LW\dds[1].scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0" mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe" mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe" mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16 mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [eBayToolbar] c:\program files\ebay\ebay toolbar2\eBayTBDaemon.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: HideFastUserSwitching = 0 (0x0) IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.klickphotostore.co.uk/SnapfishUKActivia.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-12 114768] R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090331.003\IDSvix86.sys [2009-4-2 272432] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-12 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-12 51792] R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-28 266240] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-7 149352] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-5 101936] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888] =============== Created Last 30 ================ 2009-06-17 16:02 72,704 a------- c:\windows\system32\admparse.dll 2009-06-17 16:01 385,024 a------- c:\windows\system32\html.iec 2009-06-17 16:01 169,472 a------- c:\windows\system32\iexpress.exe 2009-06-17 16:01 45,568 a------- c:\windows\system32\mshta.exe 2009-06-17 16:01 132,608 a------- c:\windows\system32\ieUnatt.exe 2009-06-17 16:01 109,568 a------- c:\windows\system32\PDMSetup.exe 2009-06-17 16:01 109,056 a------- c:\windows\system32\iesysprep.dll 2009-06-17 16:01 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe 2009-06-17 16:01 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe 2009-06-17 16:01 103,936 a------- c:\windows\system32\SetDepNx.exe 2009-06-17 15:56 <DIR> --d----- c:\program files\common files\PC Tools 2009-06-17 15:55 <DIR> --d----- c:\program files\Spyware Doctor 2009-06-17 15:55 506,368 a------- c:\windows\system32\msxml.dll 2009-06-15 17:13 <DIR> --d----- c:\programdata\SITEguard 2009-06-15 17:13 <DIR> --d----- c:\progra~2\SITEguard 2009-06-15 17:11 <DIR> --d----- c:\program files\common files\iS3 2009-06-15 17:11 <DIR> --d----- c:\programdata\STOPzilla! 2009-06-15 17:11 <DIR> --d----- c:\progra~2\STOPzilla! 2009-06-15 16:36 <DIR> a-d----- c:\programdata\TEMP 2009-06-15 16:07 <DIR> --d----- c:\program files\common files\Uninstall 2009-06-15 16:07 <DIR> --d----- c:\program files\PAV 2009-06-15 07:47 428,544 a------- c:\windows\system32\EncDec.dll 2009-06-15 07:47 293,376 a------- c:\windows\system32\psisdecd.dll 2009-06-15 07:47 217,088 a------- c:\windows\system32\psisrndr.ax 2009-06-15 07:47 177,664 a------- c:\windows\system32\mpg2splt.ax 2009-06-15 07:47 80,896 a------- c:\windows\system32\MSNP.ax 2009-06-11 06:45 2,033,152 a------- c:\windows\system32\win32k.sys 2009-06-11 06:45 636,928 a------- c:\windows\system32\localspl.dll 2009-06-11 06:45 784,896 a------- c:\windows\system32\rpcrt4.dll 2009-05-29 18:05 376 a------- c:\windows\ODBC.INI 2009-05-29 18:05 28,040 a------- c:\windows\system32\mdimon.dll 2009-05-29 18:04 <DIR> --d----- c:\program files\Microsoft ActiveSync 2009-05-25 15:52 298,294,033 a------- c:\windows\MEMORY.DMP 2009-05-24 12:26 <DIR> --d----- c:\users\2littl~1\appdata\roaming\eBay 2009-05-23 00:13 <DIR> --d----- c:\programdata\eBay 2009-05-23 00:13 <DIR> --d----- c:\progra~2\eBay 2009-05-23 00:13 <DIR> --d----- c:\program files\eBay ==================== Find3M ==================== 2009-06-15 17:02 28,599 a------- c:\programdata\nvModes.dat 2009-06-15 17:02 28,599 a------- c:\progra~2\nvModes.dat 2009-05-29 10:53 1,844 a------- c:\users\2littl~1\appdata\roaming\wklnhst.dat 2009-05-09 06:50 915,456 a------- c:\windows\system32\wininet.dll 2009-05-09 06:34 71,680 a------- c:\windows\system32\iesetup.dll 2009-02-27 17:37 86,016 a------- c:\windows\inf\infstor.dat 2009-02-27 17:37 51,200 a------- c:\windows\inf\infpub.dat 2009-02-27 17:37 86,016 a------- c:\windows\inf\infstrng.dat 2009-02-04 22:09 32 a------- c:\programdata\ezsid.dat 2009-02-04 22:09 32 a------- c:\progra~2\ezsid.dat 2008-08-04 15:52 665,600 a------- c:\windows\inf\drvindex.dat 2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini 2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 16:59:16.11 ===============

06-19-2009, 10:33 PM	#4 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,552 OS: WinXP and Vista	Re: help please trojan.fakealert :( Hello littlebritches, I realize you installed Norton in an attempt to try to clean your system, but now you have 2 Anti Virus programs installed, and that's never a good idea. More than 1 Anti Virus can cause conflicts and confusion between the AV programs as well as system slow downs and other types of instability. Please choose and run only 1 and uninstall the other by clicking the round Windows Logo button in the lower left corner-> Control Panel-> Programs-> Uninstall a program After you've completed the above, download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Link 3 Note: It is important that it is saved directly to your desktop -------------------------------------------------------------------- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt for further review. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."