Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Need Help Removing Malicious Malware
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 07-09-2009, 02:23 PM   #1 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Need Help Removing Malicious Malware
First of all, I'd like to say that I really appreciate what you all are doing. I really thought that I had the computer know-how to get rid of this malware, but it has proven to be beyond my realm knowledge. Thanks a lot.

Anyway, I formerly used Bittorrent, which is where I believe this malicious malware may have came from. I have since uninstalled the program and sworn off of it for good.

As of right now, here are the symptoms that I am witnessing:
- Norton 360 is not able to connect to LiveUpdate
- My internet homepage comes up black and red and says that it is a restricted site. This happens when I visit some other sites as well.
- My Google searches are re-directing to other sites
- My computer takes several attempts to successfully boot up and boots slower than usual.

As directed, here is the text of my DDS file:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 15:05:22.31 on Thu 07/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.400 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\410.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uLocal Page = \blank.htm
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:5757
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: Taskman=c:\recycler\s-1-5-21-8812495336-8840065184-933292090-4638\rundll32.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.0.0.135\IPSBHO.DLL
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\tool2\too2.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Win32 Firewall] c:\docume~1\owner\locals~1\temp\410.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [<NO NAME>]
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Win32 Firewall] c:\docume~1\owner\locals~1\temp\410.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\winhelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.0.0.135\CoIEPlg.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\f1ey4yh5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\f1ey4yh5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-20 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-7-9 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-7-9 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-7-9 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090707.001\IDSXpx86.sys [2009-7-9 276344]
R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar (Dual-Input);c:\windows\system32\drivers\A88BarBB.sys [2004-9-7 10112]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-7-9 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-24 24652]
R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\windows\system32\drivers\A88AudBB.sys [2004-9-7 9216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-9 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090709.003\NAVENG.SYS [2009-7-9 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090709.003\NAVEX15.SYS [2009-7-9 876144]
S1 effd1c4c;effd1c4c;c:\windows\system32\drivers\effd1c4c.sys [2009-6-5 0]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\tool2\saskutil.sys --> c:\program files\tool2\SASKUTIL.sys [?]
S2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\mcshield.exe --> c:\program files\mcafee\virusscan\McShield.exe [?]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 SASENUM;SASENUM;\??\c:\program files\tool2\sasenum.sys --> c:\program files\tool2\SASENUM.SYS [?]

=============== Created Last 30 ================

2009-07-09 14:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-09 14:11 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-07-09 14:10 <DIR> --d----- c:\windows\system32\drivers\N360
2009-07-09 14:10 <DIR> --d----- c:\program files\Norton 360
2009-07-09 13:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-07-09 13:56 <DIR> --d----- c:\program files\NortonInstaller
2009-07-08 19:21 51,355 a------- c:\windows\system32\muzika.xm
2009-07-07 17:29 20,480 a------- c:\windows\system32\winhelper.dll
2009-07-07 17:27 831 a------- c:\windows\system32\critical_warning.html
2009-06-20 13:37 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-06-19 09:02 <DIR> --d----- c:\program files\iPod
2009-06-19 09:02 <DIR> --d----- c:\program files\iTunes
2009-06-18 11:05 <DIR> --d----- c:\program files\AIM Toolbar
2009-06-17 16:37 <DIR> --d----- c:\program files\TweetDeck
2009-06-13 02:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-06-12 15:29 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-12 15:28 14,048 -------- c:\windows\system32\spmsg2.dll
2009-06-12 15:22 <DIR> --d----- c:\windows\system32\xlive

==================== Find3M ====================

2009-07-09 14:11 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-09 14:11 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-09 14:11 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-09 14:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-08 23:42 172,032 ---sh--- c:\windows\keygen.exe
2009-06-08 18:05 79,360 a------- c:\windows\system32\drivers\MSIVXserv.sys
2009-06-05 21:12 61,440 a------- c:\windows\system32\drivers\gxzvppdq.sys
2009-06-05 18:49 0 a------- c:\windows\system32\drivers\effd1c4c.sys
2009-06-05 17:14 3,076 a------- c:\windows\system32\tmp.reg
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 22:35 388,608 a------- c:\windows\system32\CF29279.exe
2009-06-04 16:10 0 a------- C:\kltevup.exe
2009-06-04 16:10 0 a------- C:\mwhjm.exe
2009-06-04 16:10 14,336 a------- c:\windows\system32\svchost.exe
2009-06-04 16:10 0 a------- C:\ysjmlii.exe
2009-06-04 16:10 0 a------- C:\jufnp.exe
2009-06-03 15:36 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-31 11:08 154,624 a------- c:\windows\PEV.exe
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 13:26 73,728 a------- c:\windows\ALCFDRTM.EXE
2009-05-20 15:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
1998-12-08 22:53 186,368 a------- c:\program files\common files\IRAREG.DLL
1998-12-08 22:53 99,840 a------- c:\program files\common files\IRAABOUT.DLL
1998-12-08 22:53 70,144 a------- c:\program files\common files\IRAMDMTR.DLL
1998-12-08 22:53 48,640 a------- c:\program files\common files\IRALPTTR.DLL
1998-12-08 22:53 31,744 a------- c:\program files\common files\IRAWEBTR.DLL
1998-12-08 22:53 17,920 a------- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 15:05:38.07 ===============
Attached Files
File Type: zip Attach.zip (3.5 KB, 0 views)
File Type: zip ark.zip (1.3 KB, 3 views)
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-11-2009, 12:18 AM   #2 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Need Help Removing Malicious Malware
Hi ScottCastro427,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Please re-run DDS and post the resulting logs

Thanks
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-11-2009, 12:49 PM   #3 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Re: Need Help Removing Malicious Malware
Thanks very much for the response. I still very much need your help.

I have subscribed to the thread as instructed and am receiving instant notification via email.

Here is my new DDS log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 14:47:21.87 on Sat 07/11/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.302 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uLocal Page = \blank.htm
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:5757
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: Taskman=c:\recycler\s-1-5-21-8812495336-8840065184-933292090-4638\rundll32.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.0.0.135\IPSBHO.DLL
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\tool2\too2.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Win32 Firewall] c:\docume~1\owner\locals~1\temp\410.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [<NO NAME>]
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Win32 Firewall] c:\docume~1\owner\locals~1\temp\410.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\winhelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.0.0.135\CoIEPlg.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\f1ey4yh5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\f1ey4yh5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-20 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-7-9 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-7-9 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-7-9 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090709.001\IDSXpx86.sys [2009-7-10 276344]
R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar (Dual-Input);c:\windows\system32\drivers\A88BarBB.sys [2004-9-7 10112]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-7-9 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-24 24652]
R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\windows\system32\drivers\A88AudBB.sys [2004-9-7 9216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-9 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090710.067\NAVENG.SYS [2009-7-11 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090710.067\NAVEX15.SYS [2009-7-11 876144]
S1 effd1c4c;effd1c4c;c:\windows\system32\drivers\effd1c4c.sys [2009-6-5 0]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\tool2\saskutil.sys --> c:\program files\tool2\SASKUTIL.sys [?]
S2 McShield;McAfee Real-time Scanner;c:\program files\mcafee\virusscan\mcshield.exe --> c:\program files\mcafee\virusscan\McShield.exe [?]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 SASENUM;SASENUM;\??\c:\program files\tool2\sasenum.sys --> c:\program files\tool2\SASENUM.SYS [?]

=============== Created Last 30 ================

2009-07-09 14:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-09 14:11 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-07-09 14:10 <DIR> --d----- c:\windows\system32\drivers\N360
2009-07-09 14:10 <DIR> --d----- c:\program files\Norton 360
2009-07-09 13:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-07-09 13:56 <DIR> --d----- c:\program files\NortonInstaller
2009-07-08 19:21 51,355 a------- c:\windows\system32\muzika.xm
2009-07-07 17:29 20,480 a------- c:\windows\system32\winhelper.dll
2009-07-07 17:27 831 a------- c:\windows\system32\critical_warning.html
2009-06-20 13:37 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-06-19 09:02 <DIR> --d----- c:\program files\iPod
2009-06-19 09:02 <DIR> --d----- c:\program files\iTunes
2009-06-18 11:05 <DIR> --d----- c:\program files\AIM Toolbar
2009-06-17 16:37 <DIR> --d----- c:\program files\TweetDeck
2009-06-13 02:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-06-12 15:29 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-12 15:28 14,048 -------- c:\windows\system32\spmsg2.dll
2009-06-12 15:22 <DIR> --d----- c:\windows\system32\xlive

==================== Find3M ====================

2009-07-09 14:11 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-09 14:11 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-09 14:11 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-09 14:11 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-08 23:42 172,032 ---sh--- c:\windows\keygen.exe
2009-06-08 18:05 79,360 a------- c:\windows\system32\drivers\MSIVXserv.sys
2009-06-05 21:12 61,440 a------- c:\windows\system32\drivers\gxzvppdq.sys
2009-06-05 18:49 0 a------- c:\windows\system32\drivers\effd1c4c.sys
2009-06-05 17:14 3,076 a------- c:\windows\system32\tmp.reg
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 22:35 388,608 a------- c:\windows\system32\CF29279.exe
2009-06-04 16:10 0 a------- C:\kltevup.exe
2009-06-04 16:10 0 a------- C:\mwhjm.exe
2009-06-04 16:10 14,336 a------- c:\windows\system32\svchost.exe
2009-06-04 16:10 0 a------- C:\ysjmlii.exe
2009-06-04 16:10 0 a------- C:\jufnp.exe
2009-06-03 15:36 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-31 11:08 154,624 a------- c:\windows\PEV.exe
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 13:26 73,728 a------- c:\windows\ALCFDRTM.EXE
2009-05-20 15:30 64,160 a------- c:\windows\system32\drivers\Lbd.sys
1998-12-08 22:53 186,368 a------- c:\program files\common files\IRAREG.DLL
1998-12-08 22:53 99,840 a------- c:\program files\common files\IRAABOUT.DLL
1998-12-08 22:53 70,144 a------- c:\program files\common files\IRAMDMTR.DLL
1998-12-08 22:53 48,640 a------- c:\program files\common files\IRALPTTR.DLL
1998-12-08 22:53 31,744 a------- c:\program files\common files\IRAWEBTR.DLL
1998-12-08 22:53 17,920 a------- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 14:48:03.07 ===============
Attached Files
File Type: zip Attachnew.zip (3.3 KB, 2 views)
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-11-2009, 05:19 PM   #4 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Need Help Removing Malicious Malware
Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------
  1. Download Combofix from >>Here<<
    Save it to your desktop.

    --------------------------------------------------------------------

    * IMPORTANT !!! Place combo-fix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  3. Double click on combo-fix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you (Located in C:\ComboFix.txt). Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-11-2009, 06:22 PM   #5 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Re: Need Help Removing Malicious Malware
I have two quick questions. Again, thank you so much for your help.

1. I have read the walkthroughs, and I have gone into services.msc to stop my Norton 360 processes from running, but ComboFix still says it is detecting it. What should I do?

2. Whenever I start ComboFix, it seems to kick me offline, so I am unable to download the Microsoft Recovery Console as you had instructed. Any suggestions?

Thanks again!
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-11-2009, 10:48 PM   #6 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Need Help Removing Malicious Malware
Quote:

1. I have read the walkthroughs, and I have gone into services.msc to stop my Norton 360 processes from running, but ComboFix still says it is detecting it. What should I do?

2. Whenever I start ComboFix, it seems to kick me offline, so I am unable to download the Microsoft Recovery Console as you had instructed. Any suggestions?

Thanks again!
1. If you've disabled Norton 360 as the guide in the link instructs, then you can ignore the message from ComboFix. However, don't run ComboFix yet. Please read my next point for number 2.

2. You can download the Recovery Console before-hand.

i) Download ComboFix to your desktop (don't run it)
ii) Visit the following link: here

Download the file & save it as its originally named, next to Combo-Fix.exe.





Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'Yes' to run the full ComboFix scan.


  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-11-2009, 11:10 PM   #7 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Re: Need Help Removing Malicious Malware
Thanks a lot for the instructions. Here is the log from ComboFix:

ComboFix 09-07-09.08 - Owner 07/12/2009 0:55.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.652 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Application Data\bcrypt.html
c:\documents and settings\All Users\Application Data\91532026.ini
c:\documents and settings\Owner\Application Data\bcrypt.html
c:\documents and settings\Owner\Application Data\wiaserva.log
c:\documents and settings\Owner\Application Data\wiaservg.log
C:\jufnp.exe
C:\kltevup.exe
C:\mwhjm.exe
c:\program files\Adware Professional\noadware4_052009.na
c:\recycler\S-1-5-21-7807054857-3628313155-394563582-9062\Desktop.ini
c:\recycler\S-1-5-21-7807054857-3628313155-394563582-9062\rundll32.exe
C:\setup.exe
C:\test.txt
c:\windows\Installer\1fb2b.msi
c:\windows\Installer\276b764.msi
c:\windows\ro122730.dat
c:\windows\system32\_id.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\Drivers\gxzvppdq.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gxvxccount
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mdm.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
C:\ysjmlii.exe
D:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI


((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-12 04:50 . 2009-07-12 04:53 -------- d-----w- C:\32788R22FWJFW
2009-07-12 02:16 . 2009-03-12 23:24 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVENG.SYS
2009-07-12 02:16 . 2009-03-12 23:24 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVEX15.SYS
2009-07-12 02:16 . 2009-03-12 23:24 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\ERASER.SYS
2009-07-12 02:16 . 2009-03-12 23:24 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\EECTRL.SYS
2009-07-12 02:16 . 2009-03-12 23:24 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVENG32.DLL
2009-07-12 02:16 . 2009-03-12 23:24 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVEX32A.DLL
2009-07-12 02:16 . 2009-03-12 23:24 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\ECMSVR32.DLL
2009-07-12 02:16 . 2009-03-12 23:24 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\CCERASER.DLL
2009-07-11 22:48 . 2009-07-12 04:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-10 22:15 . 2009-06-22 22:51 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\Scxpx86.dll
2009-07-10 22:15 . 2009-03-12 23:24 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSviA64.sys
2009-07-10 22:15 . 2009-03-12 23:24 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSvix86.sys
2009-07-10 22:15 . 2009-03-12 23:24 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys
2009-07-10 22:15 . 2009-03-12 23:24 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSxpx86.dll
2009-07-09 18:28 . 2009-06-22 22:51 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\Scxpx86.dll
2009-07-09 18:28 . 2009-03-12 23:24 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSviA64.sys
2009-07-09 18:28 . 2009-03-12 23:24 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSvix86.sys
2009-07-09 18:28 . 2009-03-12 23:24 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSXpx86.sys
2009-07-09 18:28 . 2009-03-12 23:24 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSxpx86.dll
2009-07-09 18:14 . 2009-03-12 23:24 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-07-09 18:11 . 2009-07-09 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-09 18:11 . 2009-03-12 23:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-09 18:11 . 2009-03-12 23:24 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-07-09 18:11 . 2009-03-12 23:24 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-09 18:11 . 2009-03-12 23:24 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-07-09 18:11 . 2009-03-12 23:24 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-09 18:11 . 2009-03-12 23:24 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-09 18:11 . 2009-03-12 23:24 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-07-09 18:11 . 2009-03-12 23:24 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-09 18:10 . 2009-07-09 18:11 -------- d-----w- c:\windows\system32\drivers\N360
2009-07-09 18:10 . 2009-07-09 18:11 -------- d-----w- c:\program files\Norton 360
2009-07-09 18:10 . 2009-07-09 18:10 -------- d-----w- c:\program files\Windows Sidebar
2009-07-09 17:57 . 2009-07-09 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-09 17:56 . 2009-07-09 18:13 -------- d-----w- c:\program files\NortonInstaller
2009-07-04 05:54 . 2009-07-04 05:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-06-22 22:51 . 2009-06-22 22:51 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-06-21 05:42 . 2009-06-21 05:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2009-06-20 17:37 . 2009-06-20 17:37 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-06-19 13:02 . 2009-06-19 13:02 -------- d-----w- c:\program files\iPod
2009-06-19 13:02 . 2009-06-19 13:02 -------- d-----w- c:\program files\iTunes
2009-06-19 13:00 . 2009-06-19 13:01 -------- d-----w- c:\program files\QuickTime
2009-06-19 02:28 . 2009-06-19 02:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-18 15:05 . 2009-06-18 15:05 -------- d-----w- c:\program files\AIM Toolbar
2009-06-17 20:37 . 2009-06-17 20:38 -------- d-----w- c:\program files\TweetDeck
2009-06-17 00:30 . 2009-06-17 00:30 15739760 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airins...staller1x0.exe
2009-06-13 06:56 . 2009-06-13 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-06-13 06:40 . 2009-06-13 06:48 144728 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-12 20:07 . 2009-06-12 20:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Fallout3
2009-06-12 19:33 . 2009-06-12 19:33 -------- d-----w- c:\program files\MSBuild
2009-06-12 19:29 . 2009-06-13 06:47 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-12 19:28 . 2009-06-12 19:28 -------- d-----w- c:\program files\Reference Assemblies
2009-06-12 19:28 . 2006-06-29 17:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-06-12 19:22 . 2009-06-12 19:22 -------- d-----w- c:\windows\system32\xlive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 18:21 . 2004-09-07 19:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-09 18:11 . 2009-06-09 05:08 -------- d-----w- c:\program files\Symantec
2009-07-09 18:11 . 2009-06-09 05:08 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-09 18:11 . 2009-06-09 05:08 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-09 18:11 . 2009-06-09 05:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-09 18:11 . 2009-06-09 05:08 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-09 17:57 . 2009-06-09 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-06 19:33 . 2009-06-17 19:33 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-06 19:33 . 2009-06-17 19:33 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-06 19:33 . 2009-06-17 19:33 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-01 19:34 . 2009-06-17 19:33 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-01 19:34 . 2009-06-17 19:33 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-01 19:34 . 2009-06-17 19:33 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-01 19:34 . 2009-06-17 19:33 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-01 19:34 . 2009-06-03 19:36 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-01 19:34 . 2009-06-03 19:34 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-01 19:34 . 2009-06-03 19:34 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-01 19:34 . 2009-06-17 19:33 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-01 19:34 . 2009-06-17 19:33 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-01 19:34 . 2009-06-17 19:33 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-01 19:34 . 2009-06-17 19:33 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-01 19:33 . 2009-06-17 19:33 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-01 19:33 . 2009-06-17 19:33 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-01 19:33 . 2009-06-17 19:33 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-20 18:12 . 2009-05-15 05:14 60104 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 18:08 . 2004-09-07 19:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-20 17:37 . 2009-06-09 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-19 13:02 . 2009-01-24 21:00 -------- d-----w- c:\program files\Common Files\Apple
2009-06-19 12:58 . 2009-01-24 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-19 12:49 . 2009-01-24 21:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-06-18 15:07 . 2009-01-24 21:18 -------- d-----w- c:\program files\AIM6
2009-06-18 15:04 . 2004-09-07 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-18 15:04 . 2004-09-07 19:38 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-06-18 15:03 . 2009-06-18 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-12 19:21 . 2004-09-07 19:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-09 05:17 . 2009-06-09 05:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2009-06-09 05:03 . 2009-06-09 05:03 -------- d-----w- c:\program files\Bigtool
2009-06-09 03:42 . 2009-06-09 03:42 172032 --sh--w- c:\windows\keygen.exe
2009-06-09 00:09 . 2009-05-20 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 00:09 . 2009-06-06 02:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 00:05 . 2009-06-06 02:34 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-08 20:46 . 2009-06-08 20:46 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-08 20:38 . 2009-06-08 20:29 -------- d-----w- c:\program files\UT3
2009-06-07 02:58 . 2009-06-07 02:27 -------- d-----w- c:\program files\COD4
2009-06-06 02:33 . 2009-06-06 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-06 02:30 . 2009-06-06 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-06 01:13 . 2009-06-06 01:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-05 23:03 . 2009-06-05 23:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-05 22:56 . 2009-06-05 22:23 -------- d-----w- c:\program files\TOOL
2009-06-05 22:49 . 2009-06-05 19:48 0 ----a-w- c:\windows\system32\drivers\effd1c4c.sys
2009-06-05 22:43 . 2009-06-05 22:42 -------- d-----w- c:\program files\Process Explorer
2009-06-05 22:23 . 2009-06-05 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 21:33 . 2009-01-05 04:41 -------- d-----w- c:\program files\Google
2009-06-05 21:32 . 2009-06-05 02:56 -------- d-----w- c:\program files\RegistryFix7
2009-06-05 19:47 . 2009-05-21 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-05 19:29 . 2009-06-05 19:29 60104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 15:42 . 2009-05-12 03:40 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2009-01-24 21:00 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 02:48 . 2009-06-05 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\91532026
2009-06-05 02:48 . 2009-06-05 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\11522034
2009-06-05 01:05 . 2009-04-07 21:31 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-06-04 20:10 . 2004-09-07 18:54 14336 ----a-w- c:\windows\system32\svchost.exe
2009-06-04 15:03 . 2009-04-07 21:31 -------- d-----w- c:\program files\DNA
2009-06-03 19:36 . 2009-06-03 19:36 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-03 19:36 . 2009-05-20 19:37 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-03 02:28 . 2009-06-03 02:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2009-05-27 00:04 . 2009-05-27 00:04 -------- d-----w- c:\program files\DivX
2009-05-27 00:04 . 2009-05-27 00:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-26 17:20 . 2009-06-05 22:23 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2009-06-05 22:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-24 05:37 . 2009-05-24 05:37 2 ---h--w- c:\windows\sto453148.dat
2009-05-22 17:26 . 2009-05-22 17:26 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2009-05-20 19:33 . 2009-05-20 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-20 19:30 . 2009-05-20 19:33 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-20 19:30 . 2009-05-20 19:30 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-20 19:23 . 2009-05-20 19:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-20 19:23 . 2009-05-20 19:23 -------- d-----w- c:\program files\Lavasoft
2009-05-20 07:19 . 2009-05-20 07:19 2 ---h--w- c:\windows\sto452738.dat
2009-05-19 05:36 . 2009-06-18 15:03 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-18 15:03 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-18 15:03 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-18 15:03 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-18 15:03 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-18 15:03 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-18 15:03 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-18 15:03 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-19 00:56 . 2009-05-19 00:56 32 --s-a-w- c:\windows\system32\1344205544.dat
2009-05-06 18:11 . 2009-05-06 18:11 69120 ----a-w- c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2009-04-14 07:27 . 2009-01-03 04:32 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-27 339968]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-11 135168]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-10 158208]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2005-05-12 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-05-12 2805248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-9-7 1742384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2009-5-11 1056864]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 45568]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/20/2009 3:33 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [7/9/2009 2:11 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [7/9/2009 2:11 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [7/9/2009 2:11 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090709.001\IDSXpx86.sys [7/10/2009 6:15 PM 276344]
R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar (Dual-Input);c:\windows\system32\drivers\A88BarBB.sys [9/7/2004 2:55 PM 10112]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/24/2009 5:19 PM 24652]
R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\windows\system32\drivers\A88AudBB.sys [9/7/2004 2:55 PM 9216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/9/2009 5:58 AM 101936]
S1 effd1c4c;effd1c4c;c:\windows\system32\drivers\effd1c4c.sys [6/5/2009 3:48 PM 0]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\tool2\SASKUTIL.sys --> c:\program files\tool2\SASKUTIL.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [7/9/2009 2:11 PM 115560]
S3 SASENUM;SASENUM;\??\c:\program files\tool2\SASENUM.SYS --> c:\program files\tool2\SASENUM.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCANDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C143BBC-A119-64E8-EF17-494E3C285646}]
c:\windows\system32\winregpi.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:34]

2009-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-01-03 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-07 12:00]

2009-01-03 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-07 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = \blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:5757
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f1ey4yh5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f1ey4yh5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 00:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4286104048-3284989162-384345834-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-07-12 1:00
ComboFix-quarantined-files.txt 2009-07-12 05:00

Pre-Run: 201,918,423,040 bytes free
Post-Run: 201,884,471,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

345 --- E O F --- 2009-06-05 01:08
Attached Files
File Type: zip log.zip (7.0 KB, 1 views)
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 10:24 AM   #8 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Need Help Removing Malicious Malware
Hello,

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Viewpoint Media Player <<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

--------------------------------------------------------------

*** Make sure Norton 360 is disabled before running the below instructions ***

--------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/393336-need-help-removing-malicious-malware.html#post2231381

Collect::
c:\windows\keygen.exe
Folder::
c:\documents and settings\All Users\Application Data\Trymedia
Rootkit::
C:\WINDOWS\system32\drivers\gxvxcvwwrtlotkdaijxuwnsvwkwuilhqsxoej.sys
C:\WINDOWS\system32\gxvxcmrdludlkhdhcidgiekiqsdhtayrskxiw.dll
C:\WINDOWS\system32\gxvxctxdjoobnmettltlcyvvbutoqqenqemoy.dll                                                                                       
DirLook::
c:\documents and settings\All Users\Application Data\91532026
c:\documents and settings\All Users\Application Data\11522034
Save this as CFScript




Referring to the picture above, drag CFScript into Combo-Fix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis. Please submit "[4]-Submit_Date_Time.zip" by following the prompts.

--------------------------------------------------------------

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please attach the contents of that log in your next reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

**** Re-enable your Norton 360 protection ****

--------------------------------------------------------------

Please reply back with the following logs:

C:\ComboFix.txt
Panda Active scan log
Update on how your system is behaving?
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by forhockey; 07-12-2009 at 10:36 AM.
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 04:14 PM   #9 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Re: Need Help Removing Malicious Malware
Hey there,

Thanks so much for the new instructions. I am actually going to be away from my PC until Wed. night, but I'll folllow these directions as soon as I return.

Thanks again
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 08:03 PM   #10 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Need Help Removing Malicious Malware
Hi ScottCastro427,

Not a problem. Is there anyway you can leave this computer off the network until you get back? This way nothing new will come in.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-15-2009, 08:13 PM   #11 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Re: Need Help Removing Malicious Malware
Hey there,

Back home at the PC. Followed your directions; however, ComboFix keeps rebooting my PC after the scan. When the PC boots back up, CF tries to produce a log, but cannot, probably because some of my launch programs (AIM) boot up. The error said something along the lines of "failure to produce RunReg00. There may be a disk error."

Let me know what you think

Thanks again!
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-17-2009, 04:19 PM   #12 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Need Help Removing Malicious Malware
Hello,

Lets try running ComboFix in safemode. Please follow these new set of instructions.

--------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/393336-need-help-removing-malicious-malware.html#post2231381

Folder::
c:\documents and settings\All Users\Application Data\Trymedia
File::
c:\windows\keygen.exe
Rootkit::
C:\WINDOWS\system32\drivers\gxvxcvwwrtlotkdaijxuwnsvwkwuilhqsxoej.sys
C:\WINDOWS\system32\gxvxcmrdludlkhdhcidgiekiqsdhtayrskxiw.dll                                                                                         C:\WINDOWS\system32\gxvxctxdjoobnmettltlcyvvbutoqqenqemoy.dll 
DirLook::
c:\documents and settings\All Users\Application Data\91532026
c:\documents and settings\All Users\Application Data\11522034
Save this as CFScript

--------------------------------------------------------------

Restart your computer in Safe Mode

Enter Safe Mode
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account
  6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

--------------------------------------------------------------




Referring to the picture above, drag CFScript into ComboFix.exe

--------------------------------------------------------------

When your computer restarts make sure you enter safe mode again.

--------------------------------------------------------------

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------

Restart your computer in Normal Mode and post the ComboFix log.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-19-2009, 09:50 PM   #13 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Re: Need Help Removing Malicious Malware
Hey there,

Just wanted to give you an update.

I tried to boot my computer into safe mode. For some reason, the f8 method didn't work. I pressed F8 repeatedly at startup and never got to the menu to select safe mode or safe mode with networking.

I tried to do safeboot through msconfig. While that worked to boot my computer into safe mode, not all of my desktop icons appeared. Most notably, the icons for ComboFix and CFScript were not present. I then tried to save these files in a different folder, My Documents, and see if i could find them there in safe mode. Turns out, when I am booting into safe mode, none of my files seem to be in My Documents folder. Strange.

Otherwise, my computer has been running a lot better than before. The symptoms that I continue to see are as follows:

- Norton 360 keeps popping up telling me there are two viruses that it cannot remove, recommending me to rescan. When I tried to, it fails to do so.

- Computer is still slower than it used to be, but definitely not as bad as before

Otherwise, things seem to be looking great. Let me know what you would recommend.

Thanks again for all the help!
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2009, 03:21 PM   #14 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Need Help Removing Malicious Malware
Quote:
I tried to do safeboot through msconfig. While that worked to boot my computer into safe mode, not all of my desktop icons appeared. Most notably, the icons for ComboFix and CFScript were not present. I then tried to save these files in a different folder, My Documents, and see if i could find them there in safe mode. Turns out, when I am booting into safe mode, none of my files seem to be in My Documents folder. Strange.
You're probably logging under a different account. You must log into safemode with the "Owner" account that you use in Normal mode. Then you'll be able to see your original desktop and documents. Please run ComboFix once with my previous instructions.

Quote:
Norton 360 keeps popping up telling me there are two viruses that it cannot remove, recommending me to rescan. When I tried to, it fails to do so.
Can you jot down the exact location of where Norton detects these viruses?
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2009, 04:25 PM   #15 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Re: Need Help Removing Malicious Malware
Hey there,

Got ComboFix to run in Safe Mode with your instructions. I also have the locations of those threats that Norton 360 detected.

Here are the Norton 360 threats:

globalroot\systemroot\system32\gxvxcmrdludlkhdhcidgiekiqsdhtayrskxiw.dll
(it says there are two of these)

globalroot\systemroot\system32\gxvxctxdjoobnmettltlcyvvbutoqqenqemoy.dll
(it says there are 4 of these)

The ComboFix log is as follows:

ComboFix 09-07-20.01 - Owner 07/20/2009 17:40.6.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.809 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\keygen.exe"
.

((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-20 19:10 . 2009-07-20 21:23 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-07-20 19:10 . 2009-07-20 19:10 -------- d-----w- c:\program files\BitTorrent
2009-07-20 15:59 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.006\NAVENG.SYS
2009-07-20 15:59 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.006\NAVEX15.SYS
2009-07-20 15:59 . 2009-03-12 23:24 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.006\NAVENG32.DLL
2009-07-20 15:59 . 2009-03-12 23:24 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.006\NAVEX32A.DLL
2009-07-20 15:59 . 2009-03-12 23:24 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.006\ERASER.SYS
2009-07-20 15:59 . 2009-03-12 23:24 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.006\EECTRL.SYS
2009-07-20 15:59 . 2009-03-12 23:24 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.006\ECMSVR32.DLL
2009-07-20 15:59 . 2009-03-12 23:24 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.006\CCERASER.DLL
2009-07-17 18:37 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys
2009-07-17 18:37 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys
2009-07-17 18:37 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\Scxpx86.dll
2009-07-17 18:37 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSxpx86.dll
2009-07-17 18:37 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSviA64.sys
2009-07-16 03:58 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-16 03:57 . 2009-07-16 03:57 -------- d-----w- c:\program files\Panda Security
2009-07-15 01:30 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSXpx86.sys
2009-07-15 01:30 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvix86.sys
2009-07-15 01:30 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\Scxpx86.dll
2009-07-15 01:30 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSxpx86.dll
2009-07-15 01:30 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSviA64.sys
2009-07-13 07:12 . 2009-07-20 21:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-13 07:03 . 2009-07-13 07:03 -------- d-----w- c:\program files\MSXML 6.0
2009-07-13 07:02 . 2004-08-04 04:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-07-12 02:16 . 2009-03-12 23:24 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVENG.SYS
2009-07-12 02:16 . 2009-03-12 23:24 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVEX15.SYS
2009-07-12 02:16 . 2009-03-12 23:24 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\ERASER.SYS
2009-07-12 02:16 . 2009-03-12 23:24 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\EECTRL.SYS
2009-07-12 02:16 . 2009-03-12 23:24 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVENG32.DLL
2009-07-12 02:16 . 2009-03-12 23:24 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVEX32A.DLL
2009-07-12 02:16 . 2009-03-12 23:24 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\ECMSVR32.DLL
2009-07-12 02:16 . 2009-03-12 23:24 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\CCERASER.DLL
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-09 18:14 . 2009-03-12 23:24 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-07-09 18:11 . 2009-07-09 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-09 18:11 . 2009-03-12 23:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-09 18:11 . 2009-03-12 23:24 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-09 18:11 . 2009-03-12 23:24 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-09 18:11 . 2009-03-12 23:24 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-09 18:10 . 2009-07-09 18:11 -------- d-----w- c:\windows\system32\drivers\N360
2009-07-09 18:10 . 2009-07-09 18:11 -------- d-----w- c:\program files\Norton 360
2009-07-09 18:10 . 2009-07-09 18:10 -------- d-----w- c:\program files\Windows Sidebar
2009-07-09 17:57 . 2009-07-09 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-09 17:56 . 2009-07-09 18:13 -------- d-----w- c:\program files\NortonInstaller
2009-07-04 05:54 . 2009-07-04 05:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-06-21 05:42 . 2009-06-21 05:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 16:13 . 2004-09-07 21:15 -------- d-----w- c:\program files\DIGStream
2009-07-16 01:31 . 2004-09-07 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-13 07:03 . 2009-07-13 07:03 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-13 07:02 . 2009-07-13 07:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-12 05:44 . 2009-06-09 05:03 -------- d-----w- c:\program files\Bigtool
2009-07-09 18:21 . 2004-09-07 19:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-09 18:11 . 2009-06-09 05:08 -------- d-----w- c:\program files\Symantec
2009-07-09 18:11 . 2009-06-09 05:08 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-09 18:11 . 2009-06-09 05:08 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-09 18:11 . 2009-06-09 05:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-09 18:11 . 2009-06-09 05:08 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-09 17:57 . 2009-06-09 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-06 19:33 . 2009-06-17 19:33 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-06 19:33 . 2009-06-17 19:33 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-06 19:33 . 2009-06-17 19:33 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-01 19:34 . 2009-06-17 19:33 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-01 19:34 . 2009-06-17 19:33 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-01 19:34 . 2009-06-17 19:33 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-01 19:34 . 2009-06-17 19:33 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-01 19:34 . 2009-06-03 19:36 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-01 19:34 . 2009-06-03 19:34 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-01 19:34 . 2009-06-03 19:34 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-01 19:34 . 2009-06-17 19:33 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-01 19:34 . 2009-06-17 19:33 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-01 19:34 . 2009-06-17 19:33 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-01 19:34 . 2009-06-17 19:33 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-01 19:33 . 2009-06-17 19:33 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-01 19:33 . 2009-06-17 19:33 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-01 19:33 . 2009-06-17 19:33 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-20 18:12 . 2009-05-15 05:14 60104 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 18:08 . 2004-09-07 19:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-20 17:37 . 2009-06-09 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-19 13:02 . 2009-06-19 13:02 -------- d-----w- c:\program files\iTunes
2009-06-19 13:02 . 2009-06-19 13:02 -------- d-----w- c:\program files\iPod
2009-06-19 13:02 . 2009-01-24 21:00 -------- d-----w- c:\program files\Common Files\Apple
2009-06-19 13:01 . 2009-06-19 13:00 -------- d-----w- c:\program files\QuickTime
2009-06-19 12:58 . 2009-01-24 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-19 12:49 . 2009-01-24 21:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-06-19 02:28 . 2009-06-19 02:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-18 15:07 . 2009-01-24 21:18 -------- d-----w- c:\program files\AIM6
2009-06-18 15:05 . 2009-06-18 15:05 -------- d-----w- c:\program files\AIM Toolbar
2009-06-18 15:04 . 2004-09-07 19:38 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-06-18 15:03 . 2009-06-18 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-17 20:38 . 2009-06-17 20:37 -------- d-----w- c:\program files\TweetDeck
2009-06-17 00:30 . 2009-06-17 00:30 15739760 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airins...staller1x0.exe
2009-06-16 14:55 . 2004-09-07 18:54 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-09-07 18:53 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 06:48 . 2009-06-13 06:40 144728 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-12 19:33 . 2009-06-12 19:33 -------- d-----w- c:\program files\MSBuild
2009-06-12 19:28 . 2009-06-12 19:28 -------- d-----w- c:\program files\Reference Assemblies
2009-06-12 19:21 . 2004-09-07 19:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-09 05:17 . 2009-06-09 05:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2009-06-09 00:09 . 2009-05-20 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 00:09 . 2009-06-06 02:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 00:05 . 2009-06-06 02:34 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-08 20:46 . 2009-06-08 20:46 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-08 20:38 . 2009-06-08 20:29 -------- d-----w- c:\program files\UT3
2009-06-07 02:58 . 2009-06-07 02:27 -------- d-----w- c:\program files\COD4
2009-06-06 02:33 . 2009-06-06 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-06 02:30 . 2009-06-06 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-06 01:13 . 2009-06-06 01:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-05 23:03 . 2009-06-05 23:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-05 22:56 . 2009-06-05 22:23 -------- d-----w- c:\program files\TOOL
2009-06-05 22:49 . 2009-06-05 19:48 0 ----a-w- c:\windows\system32\drivers\effd1c4c.sys
2009-06-05 22:43 . 2009-06-05 22:42 -------- d-----w- c:\program files\Process Explorer
2009-06-05 22:23 . 2009-06-05 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 21:33 . 2009-01-05 04:41 -------- d-----w- c:\program files\Google
2009-06-05 21:32 . 2009-06-05 02:56 -------- d-----w- c:\program files\RegistryFix7
2009-06-05 19:47 . 2009-05-21 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-05 19:29 . 2009-06-05 19:29 60104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 15:42 . 2009-05-12 03:40 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2009-01-24 21:00 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 02:48 . 2009-06-05 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\91532026
2009-06-05 02:48 . 2009-06-05 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\11522034
2009-06-05 01:05 . 2009-04-07 21:31 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-06-04 20:10 . 2004-09-07 18:54 14336 ----a-w- c:\windows\system32\svchost.exe
2009-06-04 15:03 . 2009-04-07 21:31 -------- d-----w- c:\program files\DNA
2009-06-03 19:36 . 2009-06-03 19:36 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-03 19:36 . 2009-05-20 19:37 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-03 19:27 . 2004-09-07 18:53 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 02:28 . 2009-06-03 02:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2009-05-27 00:04 . 2009-05-27 00:04 -------- d-----w- c:\program files\DivX
2009-05-27 00:04 . 2009-05-27 00:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-26 17:20 . 2009-06-05 22:23 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2009-06-05 22:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-24 05:37 . 2009-05-24 05:37 2 ---h--w- c:\windows\sto453148.dat
2009-05-22 17:26 . 2009-05-22 17:26 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2009-05-20 19:30 . 2009-05-20 19:33 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-20 19:30 . 2009-05-20 19:30 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-20 07:19 . 2009-05-20 07:19 2 ---h--w- c:\windows\sto452738.dat
2009-05-19 05:36 . 2009-06-18 15:03 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-18 15:03 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-18 15:03 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-18 15:03 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-18 15:03 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-18 15:03 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-18 15:03 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-18 15:03 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-19 00:56 . 2009-05-19 00:56 32 --s-a-w- c:\windows\system32\1344205544.dat
2009-06-12 00:20 . 2009-01-24 20:42 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\11522034 ----

2009-06-05 01:21 . 2009-06-05 02:02 56 ----a-w- c:\documents and settings\All Users\Application Data\11522034\pc11522034cnf
2009-06-05 01:21 . 2009-06-05 02:23 0 ----a-w- c:\documents and settings\All Users\Application Data\11522034\pc11522034ins
2009-06-05 01:08 . 2009-06-05 01:08 64784 ----a-w- c:\documents and settings\All Users\Application Data\11522034\11522034.glu

---- Directory of c:\documents and settings\All Users\Application Data\91532026 ----



((((((((((((((((((((((((((((( SnapShot_2009-07-16_01.46.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-09-07 19:36 . 2009-07-20 19:17 2248192 c:\windows\Installer\f825f.msi
- 2004-09-07 19:36 . 2009-07-11 21:37 2248192 c:\windows\Installer\f825f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-27 339968]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-11 135168]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-10 158208]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2005-05-12 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-05-12 2805248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-9-7 1742384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2009-5-11 1056864]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 45568]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/20/2009 3:33 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [7/9/2009 2:11 PM 310320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/15/2009 11:58 PM 28544]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [7/9/2009 2:11 PM 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [7/9/2009 2:11 PM 482352]
S1 effd1c4c;effd1c4c;c:\windows\system32\drivers\effd1c4c.sys [6/5/2009 3:48 PM 0]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys [7/17/2009 2:37 PM 276344]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\tool2\SASKUTIL.sys --> c:\program files\tool2\SASKUTIL.sys [?]
S2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar (Dual-Input);c:\windows\system32\drivers\A88BarBB.sys [9/7/2004 2:55 PM 10112]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [7/9/2009 2:11 PM 115560]
S3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\windows\system32\drivers\A88AudBB.sys [9/7/2004 2:55 PM 9216]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/9/2009 5:58 AM 101936]
S3 SASENUM;SASENUM;\??\c:\program files\tool2\SASENUM.SYS --> c:\program files\tool2\SASENUM.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C143BBC-A119-64E8-EF17-494E3C285646}]
c:\windows\system32\winregpi.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:34]

2009-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-01-03 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-07 12:00]

2009-01-03 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-07 12:00]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\tool2\too2.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = \blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:5757
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f1ey4yh5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f1ey4yh5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 17:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4286104048-3284989162-384345834-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-07-20 17:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-20 21:54
ComboFix2.txt 2009-07-12 05:00

Pre-Run: 204,514,643,968 bytes free
Post-Run: 204,568,420,352 bytes free

319 --- E O F --- 2009-07-15 07:02
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2009, 08:30 PM   #16 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Re: Need Help Removing Malicious Malware
Also, here is my log from the Panda ActiveScan:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-07-16 12:13:57
PROTECTIONS: 1
MALWARE: 14
SUSPECTS: 13
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton 360 3.0.0.135 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.pointroll[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[2].txt
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No D:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@rn11[2].txt
00335522 Adware/Beginto Adware No 0 Yes No D:\WINDOWS\system32\SmartShopper\uninstallSE.exe
00484705 Application/IEDefender HackTools No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP138\A0034158.exe
00484705 Application/IEDefender HackTools No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\IEDFix.C.exe.vir
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP136\A0027720.sys
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxzvppdq.sys.vir
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP134\A0021719.sys
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP137\A0031720.sys
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP138\A0034156.sys
00921467 Generic Malware Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\404Fix.exe.vir
00921467 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP138\A0034154.exe
01588463 Generic Malware Virus/Trojan No 0 Yes No D:\Documents and Settings\Owner\Local Settings\Temp\comver.dll
02085003 Generic Worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP137\A0033729.exe
02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP142\A0034767.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP142\A0034885.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP138\A0034175.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\Documents and Settings\Owner\Local Settings\temp\Perflib_Perfdata__755.dat
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-7807054857-3628313155-394563582-9062\rundll32.exe.vir
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EC4CB99F-E069-439A-9C27-2FEFF753D9C8}\RP138\A0034150.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location F!
;===================================================================================================================================================================================
No C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations\{8A989D9B-5EE7-41B5-80C5-94C8775B626D}\PCmover.msi[unk_0095][copypwd.dll1]
No C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations\{96C0B114-95E8-4A49-A0D9-656B38F1CF15}\PCmover.msi[unk_0089][copypwd.dll1]
No C:\Program Files\Laplink\PCmover\copypwd.dll F!
No D:\Documents and Settings\Owner\Local Settings\Temp\qms5.tmp F!
No D:\Documents and Settings\Owner\Local Settings\Temp\qms6.tmp F!
No D:\Documents and Settings\Owner\Local Settings\Temp\qms7.tmp F!
No D:\Documents and Settings\Owner\Local Settings\Temp\qms8.tmp F!
No D:\Documents and Settings\Owner\Local Settings\Temp\qms9.tmp F!
No D:\Documents and Settings\Owner\Local Settings\Temp\qmsA.tmp F!
No D:\Documents and Settings\Owner\Local Settings\Temp\qmsB.tmp F!
No D:\Documents and Settings\Owner\Local Settings\Temp\qmsC.tmp F!
No D:\Documents and Settings\Owner\My Documents\My Music\mirakagi.zip[FairUse4Wm.exe] F!
No D:\Documents and Settings\Owner\My Documents\My Music\mirakagi.zip[mirakagi.exe] F!
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description F!
;===================================================================================================================================================================================
191613 HIGH MS08-020 F!
187733 HIGH MS08-008 F!
182046 HIGH MS07-067 F!
179553 HIGH MS07-061 F!
170904 HIGH MS07-043 F!
157260 HIGH MS07-020 F!
157259 HIGH MS07-019 F!
156477 HIGH MS07-017 F!
150249 HIGH MS07-013 F!
150248 HIGH MS07-012 F!
150247 HIGH MS07-011 F!
150243 HIGH MS07-008 F!
150242 HIGH MS07-007 F!
150241 MEDIUM MS07-006 F!
141033 MEDIUM MS06-075 F!
137571 HIGH MS06-070 F!
133379 HIGH MS06-057 F!
129977 MEDIUM MS06-053 F!
129976 MEDIUM MS06-052 F!
126092 MEDIUM MS06-050 F!
126087 HIGH MS06-046 F!
126086 MEDIUM MS06-045 F!
126082 HIGH MS06-041 F!
123421 HIGH MS06-036 F!
120818 HIGH MS06-025 F!
120815 HIGH MS06-022 F!
117384 MEDIUM MS06-018 F!
114666 HIGH MS06-015 F!
108744 MEDIUM MS06-008 F!
108742 MEDIUM MS06-006 F!
104567 HIGH MS06-002 F!
96574 HIGH MS05-053 F!
93454 MEDIUM MS05-049 F!
;===================================================================================================================================================================================
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2009, 08:36 PM   #17 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Need Help Removing Malicious Malware
Hi ScottCastro427,

Quote:
2009-07-20 19:10 . 2009-07-20 21:23 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-07-20 19:10 . 2009-07-20 19:10 -------- d-----w- c:\program files\BitTorrent
P2P Software

I see you have P2P software ( BitTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Hence, right now is not the best time to be installing P2P software when I'm trying to clean your machine of malware.

--------------------------------------------------------------

Lets try running ComboFix from Normal mode this time, but first do the following:

1. Disable your Norton AV
2. Completely shutdown Norton via right-clicking the system tray icon at the bottom right and select exit.

--------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/393336-need-help-removing-malicious-malware.html#post2231381

Collect::
c:\windows\system32\drivers\effd1c4c.sys
c:\windows\system32\winregpi.exe
Folder::
c:\program files\tool2
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C143BBC-A119-64E8-EF17-494E3C285646}]
Rootkit::
C:\WINDOWS\system32\drivers\gxvxcvwwrtlotkdaijxuwnsvwkwuilhqsxoej.sys
C:\WINDOWS\system32\gxvxcmrdludlkhdhcidgiekiqsdhtayrskxiw.dll                                                                                         
C:\WINDOWS\system32\gxvxctxdjoobnmettltlcyvvbutoqqenqemoy.dll 
Driver::
SASKUTIL
SASENUM
effd1c4c
DDS::
uLocal Page = \blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:5757
uInternet Settings,ProxyOverride = local

Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box like the image below. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


Follow the prompts, and post the resulting log, C:\ComboFix.txt
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2009, 09:08 PM   #18 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Re: Need Help Removing Malicious Malware
My bad about the p2p. It is now uninstalled. I will run Combofix asap
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2009, 09:32 PM   #19 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 15
OS: Windows XP Service Pack 2


Re: Need Help Removing Malicious Malware
ComboFix worked in normal mode this time. Here is the resulting log:

ComboFix 09-07-20.04 - Owner 07/20/2009 23:16.7.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.472 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

file zipped: c:\windows\system32\drivers\effd1c4c.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\effd1c4c.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SASENUM
-------\Legacy_SASKUTIL
-------\Service_effd1c4c
-------\Service_SASENUM
-------\Service_SASKUTIL


((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-21 03:23 . 2009-03-12 23:24 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-07-21 01:19 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.065\NAVENG.SYS
2009-07-21 01:19 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.065\NAVEX15.SYS
2009-07-21 01:19 . 2009-03-12 23:24 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.065\ERASER.SYS
2009-07-21 01:19 . 2009-03-12 23:24 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.065\EECTRL.SYS
2009-07-21 01:19 . 2009-03-12 23:24 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.065\NAVENG32.DLL
2009-07-21 01:19 . 2009-03-12 23:24 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.065\NAVEX32A.DLL
2009-07-21 01:19 . 2009-03-12 23:24 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.065\ECMSVR32.DLL
2009-07-21 01:19 . 2009-03-12 23:24 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090720.065\CCERASER.DLL
2009-07-17 18:37 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys
2009-07-17 18:37 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys
2009-07-17 18:37 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\Scxpx86.dll
2009-07-17 18:37 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSxpx86.dll
2009-07-17 18:37 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSviA64.sys
2009-07-16 03:58 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-16 03:57 . 2009-07-16 03:57 -------- d-----w- c:\program files\Panda Security
2009-07-15 01:30 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSXpx86.sys
2009-07-15 01:30 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvix86.sys
2009-07-15 01:30 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\Scxpx86.dll
2009-07-15 01:30 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSxpx86.dll
2009-07-15 01:30 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSviA64.sys
2009-07-13 07:12 . 2009-07-21 03:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-13 07:03 . 2009-07-13 07:03 -------- d-----w- c:\program files\MSXML 6.0
2009-07-13 07:02 . 2004-08-04 04:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-07-12 02:16 . 2009-03-12 23:24 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVENG.SYS
2009-07-12 02:16 . 2009-03-12 23:24 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVEX15.SYS
2009-07-12 02:16 . 2009-03-12 23:24 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\ERASER.SYS
2009-07-12 02:16 . 2009-03-12 23:24 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\EECTRL.SYS
2009-07-12 02:16 . 2009-03-12 23:24 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVENG32.DLL
2009-07-12 02:16 . 2009-03-12 23:24 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVEX32A.DLL
2009-07-12 02:16 . 2009-03-12 23:24 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\ECMSVR32.DLL
2009-07-12 02:16 . 2009-03-12 23:24 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\CCERASER.DLL
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-09 18:14 . 2009-03-12 23:24 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-07-09 18:11 . 2009-07-09 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-09 18:11 . 2009-03-12 23:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-09 18:11 . 2009-03-12 23:24 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-07-09 18:11 . 2009-03-12 23:24 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-07-09 18:11 . 2009-03-12 23:24 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-07-09 18:10 . 2009-07-09 18:11 -------- d-----w- c:\windows\system32\drivers\N360
2009-07-09 18:10 . 2009-07-09 18:11 -------- d-----w- c:\program files\Norton 360
2009-07-09 18:10 . 2009-07-09 18:10 -------- d-----w- c:\program files\Windows Sidebar
2009-07-09 17:57 . 2009-07-09 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-09 17:56 . 2009-07-09 18:13 -------- d-----w- c:\program files\NortonInstaller
2009-07-04 05:54 . 2009-07-04 05:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-06-21 05:42 . 2009-06-21 05:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 16:13 . 2004-09-07 21:15 -------- d-----w- c:\program files\DIGStream
2009-07-16 01:31 . 2004-09-07 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-13 07:03 . 2009-07-13 07:03 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-13 07:02 . 2009-07-13 07:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-12 05:44 . 2009-06-09 05:03 -------- d-----w- c:\program files\Bigtool
2009-07-09 18:21 . 2004-09-07 19:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-09 18:11 . 2009-06-09 05:08 -------- d-----w- c:\program files\Symantec
2009-07-09 18:11 . 2009-06-09 05:08 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-09 18:11 . 2009-06-09 05:08 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-09 18:11 . 2009-06-09 05:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-09 18:11 . 2009-06-09 05:08 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-09 17:57 . 2009-06-09 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-06 19:33 . 2009-06-17 19:33 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-06 19:33 . 2009-06-17 19:33 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-06 19:33 . 2009-06-17 19:33 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-01 19:34 . 2009-06-17 19:33 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-01 19:34 . 2009-06-17 19:33 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-01 19:34 . 2009-06-17 19:33 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-01 19:34 . 2009-06-17 19:33 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-01 19:34 . 2009-06-03 19:36 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-01 19:34 . 2009-06-03 19:34 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-01 19:34 . 2009-06-03 19:34 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-01 19:34 . 2009-06-17 19:33 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-01 19:34 . 2009-06-17 19:33 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-01 19:34 . 2009-06-17 19:33 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-01 19:34 . 2009-06-17 19:33 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-01 19:33 . 2009-06-17 19:33 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-01 19:33 . 2009-06-17 19:33 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-01 19:33 . 2009-06-17 19:33 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-20 18:12 . 2009-05-15 05:14 60104 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 18:08 . 2004-09-07 19:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-20 17:37 . 2009-06-09 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-19 13:02 . 2009-06-19 13:02 -------- d-----w- c:\program files\iTunes
2009-06-19 13:02 . 2009-06-19 13:02 -------- d-----w- c:\program files\iPod
2009-06-19 13:02 . 2009-01-24 21:00 -------- d-----w- c:\program files\Common Files\Apple
2009-06-19 13:01 . 2009-06-19 13:00 -------- d-----w- c:\program files\QuickTime
2009-06-19 12:58 . 2009-01-24 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-19 12:49 . 2009-01-24 21:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-06-19 02:28 . 2009-06-19 02:28 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-18 15:07 . 2009-01-24 21:18 -------- d-----w- c:\program files\AIM6
2009-06-18 15:05 . 2009-06-18 15:05 -------- d-----w- c:\program files\AIM Toolbar
2009-06-18 15:04 . 2004-09-07 19:38 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-06-18 15:03 . 2009-06-18 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-17 20:38 . 2009-06-17 20:37 -------- d-----w- c:\program files\TweetDeck
2009-06-17 00:30 . 2009-06-17 00:30 15739760 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airins...staller1x0.exe
2009-06-16 14:55 . 2004-09-07 18:54 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-09-07 18:53 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 06:48 . 2009-06-13 06:40 144728 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-12 19:33 . 2009-06-12 19:33 -------- d-----w- c:\program files\MSBuild
2009-06-12 19:28 . 2009-06-12 19:28 -------- d-----w- c:\program files\Reference Assemblies
2009-06-12 19:21 . 2004-09-07 19:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-09 05:17 . 2009-06-09 05:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2009-06-09 00:09 . 2009-05-20 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 00:09 . 2009-06-06 02:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-09 00:05 . 2009-06-06 02:34 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-08 20:46 . 2009-06-08 20:46 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-08 20:38 . 2009-06-08 20:29 -------- d-----w- c:\program files\UT3
2009-06-07 02:58 . 2009-06-07 02:27 -------- d-----w- c:\program files\COD4
2009-06-06 02:33 . 2009-06-06 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-06 02:30 . 2009-06-06 02:30 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-06-06 01:13 . 2009-06-06 01:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-05 23:03 . 2009-06-05 23:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-05 22:56 . 2009-06-05 22:23 -------- d-----w- c:\program files\TOOL
2009-06-05 22:43 . 2009-06-05 22:42 -------- d-----w- c:\program files\Process Explorer
2009-06-05 22:23 . 2009-06-05 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-05 21:33 . 2009-01-05 04:41 -------- d-----w- c:\program files\Google
2009-06-05 21:32 . 2009-06-05 02:56 -------- d-----w- c:\program files\RegistryFix7
2009-06-05 19:47 . 2009-05-21 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-05 19:29 . 2009-06-05 19:29 60104 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 15:42 . 2009-05-12 03:40 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2009-01-24 21:00 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 02:48 . 2009-06-05 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\91532026
2009-06-05 02:48 . 2009-06-05 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\11522034
2009-06-05 01:05 . 2009-04-07 21:31 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-06-04 20:10 . 2004-09-07 18:54 14336 ----a-w- c:\windows\system32\svchost.exe
2009-06-04 15:03 . 2009-04-07 21:31 -------- d-----w- c:\program files\DNA
2009-06-03 19:36 . 2009-06-03 19:36 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-03 19:36 . 2009-05-20 19:37 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-03 19:27 . 2004-09-07 18:53 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 02:28 . 2009-06-03 02:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2009-05-27 00:04 . 2009-05-27 00:04 -------- d-----w- c:\program files\DivX
2009-05-27 00:04 . 2009-05-27 00:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-26 17:20 . 2009-06-05 22:23 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2009-06-05 22:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-24 05:37 . 2009-05-24 05:37 2 ---h--w- c:\windows\sto453148.dat
2009-05-22 17:26 . 2009-05-22 17:26 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2009-05-20 19:30 . 2009-05-20 19:33 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-20 19:30 . 2009-05-20 19:30 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-20 07:19 . 2009-05-20 07:19 2 ---h--w- c:\windows\sto452738.dat
2009-05-19 05:36 . 2009-06-18 15:03 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-18 15:03 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-18 15:03 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-18 15:03 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-18 15:03 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-18 15:03 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-18 15:03 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-18 15:03 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-19 00:56 . 2009-05-19 00:56 32 --s-a-w- c:\windows\system32\1344205544.dat
2009-05-09 05:14 . 2009-05-09 05:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-06-12 00:20 . 2009-01-24 20:42 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-16_01.46.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-21 03:25 . 2009-07-21 03:25 16384 c:\windows\temp\Perflib_Perfdata_2b0.dat
+ 2004-09-07 19:36 . 2009-07-20 19:17 2248192 c:\windows\Installer\f825f.msi
- 2004-09-07 19:36 . 2009-07-11 21:37 2248192 c:\windows\Installer\f825f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-27 339968]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-11 135168]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2005-05-12 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-05-12 2805248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-9-7 1742384]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2009-5-11 1056864]
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 45568]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/20/2009 3:33 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/15/2009 11:58 PM 28544]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [7/9/2009 2:11 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [7/9/2009 2:11 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [7/9/2009 2:11 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys [7/17/2009 2:37 PM 276344]
R2 CX88XBAR;AVerMedia AVerTV MPEG Crossbar (Dual-Input);c:\windows\system32\drivers\A88BarBB.sys [9/7/2004 2:55 PM 10112]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R3 CXAVSAUD;AVerMedia AVerTV AvStream Audio Capture;c:\windows\system32\drivers\A88AudBB.sys [9/7/2004 2:55 PM 9216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/9/2009 5:58 AM 101936]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [7/9/2009 2:11 PM 115560]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCANDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:34]

2009-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-01-03 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-07 12:00]

2009-01-03 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-09-07 12:00]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f1ey4yh5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f1ey4yh5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 23:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4286104048-3284989162-384345834-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-21 23:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-21 03:30
ComboFix2.txt 2009-07-20 21:54
ComboFix3.txt 2009-07-12 05:00

Pre-Run: 203,448,471,552 bytes free
Post-Run: 203,468,468,224 bytes free

324 --- E O F --- 2009-07-15 07:02
ScottCastro427 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-20-2009, 10:39 PM   #20 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate


Re: Need Help Removing Malicious Malware
Hello,

Starting to look really good :)

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) - JRE 6 Update 14 -"
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u14 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

-------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.





  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Please reply back with:

Kaspersky online scan results
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by forhockey; 07-20-2009 at 10:48 PM.
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:50 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85