Malware in Vista and flashdrive

[eightonly]

Hi There,

I've probably got a worm of some sort in my system. On connection to the internet using my 3G modem, IE 8 automatically runs the site to theNewspedia.com site. I am currently using Norman security suite. And i observed if i were to block the connections (Norman firewall) by Fujitsu Hotkey Utility, my internet connection would not work.

On my flashdrive, there is a super hidden folder called 'DOBRERIBE' which contains 'ziza.exe' and 'Desktop.ini'. I managed to view it only on Norman virus scan. I have scanned my system including the flashdrive with Norman but it only managed to detect a trojan in my flashdrive 'desktop.ini' which reappears even after being quarantined. There is only a 'autorun.inf' file on the main flashdisk folder which wasn't there when i reformatted my flashdisk 2 days ago.

Lastly, on MSN messanger, random links are also sent to my contacts without my knowledge when i'm logged in. I hope this info is sufficient. Thanks


DDS (Ver_09-10-24.03) - NTFSx86
Run by Herrick at 16:05:28.77 on Sun 25/10/2009
Internet Explorer: 8.0.6001.18813

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://hk.fujitsu.com/pc
mDefault_Page_URL = hxxp://hk.fujitsu.com/pc
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-3807239867-0983039503-525678881-9384\nissan.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [BitTorrent DNA] "c:\users\herrick\program files\dna\btdna.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [TvOutSwitch] c:\program files\fujitsu\dispswitch\DispSwitchLauncher.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\updnavi\updatenv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [NPCTray] c:\program files\norman\npc\bin\npc_tray.exe /LOAD
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\norman\npc\bin\nlf.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {7E88E132-6FA3-49BD-9C22-E76B217B92EF} = 202.136.43.240 202.136.43.241
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-18 17:33:56 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-18 17:31:21 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-12 02:50:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-12 02:46:29 0 d-----w- c:\users\herrick\Office Genuine Advantage
2009-10-12 02:42:52 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-12 02:36:40 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-12 02:36:31 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-12 02:36:31 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-12 02:36:30 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-12 02:36:30 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-12 02:36:30 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-12 02:36:30 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-12 02:36:30 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-12 02:36:30 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-12 02:36:30 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-12 02:36:30 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-12 02:34:04 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-10-12 02:34:03 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-12 02:34:02 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-12 02:34:02 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-12 02:34:01 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-12 02:34:01 43520 ----a-w- c:\windows\system32\msdxm.tlb
2009-10-12 02:34:01 18432 ----a-w- c:\windows\system32\amcompat.tlb
2009-10-12 02:33:59 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-12 02:32:55 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-28 14:53:24 0 d-----w- c:\program files\iPhone Configuration Utility

==================== Find3M ====================

2009-10-09 1144 23392 ----a-w- c:\windows\system32\drivers\nvcv32mf.sys
2009-10-07 12:22:39 76944 ----a-w- c:\windows\system32\drivers\tdi_rd.sys
2009-10-07 12:20:36 82072 ----a-w- c:\windows\system32\drivers\ndis_rd.sys
2009-10-07 12:20:28 44872 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2009-10-07 12:07:04 214344 ----a-w- c:\windows\system32\nscrnsav.scr
2009-09-28 14:56:07 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-28 14:56:07 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-28 14:56:07 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-08-03 07:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 07:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 07:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-11-30 08:08:40 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-09 14:31:28 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-09 14:31:28 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-09 14:31:28 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-05-21 1920 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-05-21 1920 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-05-21 1920 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 1615.09 ===============

==== Installed Programs ======================

2007 Microsoft Office system
3 MobileBroadband
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
AuthenTec Fingerprint Sensor Minimum Install
BitTorrent
Bluetooth Stack for Windows by Toshiba
CyberLink PowerDirector
DNA
Dodo Wireless Broadband
EndNote X1
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu L1010 - Black Screen Saver
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
GoonzuEng
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inst5657
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iPhone Configuration Utility
ISI ResearchSoft - Export Helper
Java(TM) 6 Update 15
Java(TM) 6 Update 6
LifeBook Application Panel
MapleStory
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft DirectX SDK (March 2009)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Project Standard 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
Norman Security Suite
NVIDIA Drivers
O2Micro Flash Memory Card Windows Driver
OGA Notifier 2.0.0048.0
OmniPass 5.01.04
Power Saving Utility
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator LJ
SecondLife (remove only)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Skype™ 4.0
SPSS 13.0 for Windows Integrated Student Version
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update Navi
VLC media player 0.9.8a
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile® Device Handbook
WinRAR archiver
Xvid 1.1.3 final uninstall

==== End Of File ===========================

[chemist]

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

If you click 'Start' and have no 'Run' function, please right-click Start > Properties > Start menu tab > Customize button > scroll down to and tick 'Run command' box > OK > Apply > OK.

------------------------------------------------------

Download Flash_Disinfector.exe and Save it to your Desktop.

• Close any open browsers.
• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up all those drives.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

[eightonly]

How weird can it get, i've seen chemist's reply on my school's computer but i can't see it here. Anyways i know what i need to do and will follow

[eightonly]

Hi Chemist,
Before posting this, I restarted my PC as i had trouble opening my dodo wireless broadband as there was an error msg. But it worked after restart. Kindly find the log below.

ComboFix 09-10-27.04 - Herrick 29/10/2009 0:27.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3025.1711 [GMT 8:00]
Running from: c:\users\Herrick\Desktop\ComboFix.exe
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1655954304-213763947-1980406797-500
c:\$recycle.bin\S-1-5-21-3351453224-3351600916-4110529511-500
c:\$recycle.bin\S-1-5-21-3811073733-2967257487-1808712343-500
c:\recycler\S-1-5-21-0022790270-4702398150-533309425-2319
c:\recycler\S-1-5-21-1152819977-2261800926-416383516-5118
c:\recycler\S-1-5-21-3807239867-0983039503-525678881-9384
c:\recycler\S-1-5-21-6085779288-0403128937-304693658-4627
c:\recycler\S-1-5-21-6903276641-0466316003-378567057-4405
c:\recycler\S-1-5-21-7782452035-9544931319-959253936-6313
c:\recycler\S-1-5-21-8224141150-6868204011-792472820-0560
c:\recycler\S-1-5-21-8802877284-2465844114-636325891-8600
c:\recycler\S-1-5-21-9964314036-5242292500-207447444-9891

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 16:36 . 2009-10-28 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-28 16:27 . 2008-01-21 02:23 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-10-28 16:27 . 2008-01-21 02:23 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-18 17:33 . 2009-10-18 17:33 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-18 17:32 . 2009-10-18 17:32 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-18 17:31 . 2009-10-18 17:31 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-12 02:50 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-12 02:46 . 2009-10-12 02:46 -------- d-----w- c:\users\Herrick\Office Genuine Advantage
2009-10-12 02:42 . 2009-10-01 02:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-12 02:36 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-12 02:36 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-12 02:36 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-12 02:36 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-12 02:36 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-12 02:36 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-12 02:36 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-12 02:36 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-12 02:36 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-12 02:36 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-12 02:36 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-12 02:34 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-10-12 02:34 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-12 02:34 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-12 02:34 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-12 02:33 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-12 02:32 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 16:18 . 2009-02-14 03:38 -------- d-----w- c:\users\Herrick\AppData\Roaming\DNA
2009-10-28 16:18 . 2008-11-29 11:14 -------- d-----w- c:\program files\Norman
2009-10-28 16:16 . 2009-02-03 19:04 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-28 03:28 . 2009-02-24 12:54 -------- d-----w- c:\users\Herrick\AppData\Roaming\EndNote
2009-10-25 06:43 . 2009-05-09 11:16 -------- d-----w- c:\program files\Garena
2009-10-25 06:43 . 2008-04-29 00:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-18 17:33 . 2008-11-29 20:05 -------- d-----w- c:\program files\Windows Live
2009-10-18 17:28 . 2009-01-30 20:38 -------- d-----w- c:\program files\Microsoft
2009-10-18 16:30 . 2009-07-21 16:24 -------- d-----w- c:\program files\SecondLife
2009-10-12 04:12 . 2008-11-30 08:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-12 02:46 . 2008-04-29 00:57 -------- d-----w- c:\programdata\Microsoft Help
2009-10-09 11:06 . 2009-02-21 19:29 23392 ----a-w- c:\windows\system32\drivers\nvcv32mf.sys
2009-10-07 12:22 . 2008-11-29 11:15 76944 ----a-w- c:\windows\system32\drivers\tdi_rd.sys
2009-10-07 12:20 . 2008-11-29 11:15 82072 ----a-w- c:\windows\system32\drivers\ndis_rd.sys
2009-10-07 12:20 . 2008-11-29 11:15 44872 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2009-10-07 12:07 . 2008-11-29 11:15 214344 ----a-w- c:\windows\system32\nscrnsav.scr
2009-10-06 17:54 . 2008-11-29 10:29 102288 ----a-w- c:\users\Herrick\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-28 14:59 . 2009-09-28 14:53 -------- d-----w- c:\program files\Common Files\Apple
2009-09-28 14:59 . 2009-09-28 14:58 -------- d-----w- c:\program files\QuickTime
2009-09-28 14:58 . 2009-01-30 20:33 -------- d-----w- c:\programdata\Apple Computer
2009-09-28 14:53 . 2009-09-28 14:53 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-21 01:10 . 2009-09-21 01:10 -------- d--h--w- c:\programdata\CanonBJ
2009-09-01 05:31 . 2008-04-29 00:54 -------- d-----w- c:\program files\Java
2009-08-03 07:07 . 2009-08-03 07:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 07:07 . 2009-08-03 07:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 07:07 . 2009-08-03 07:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BitTorrent DNA"="c:\users\Herrick\Program Files\DNA\btdna.exe" [2009-10-24 323392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-02-01 88616]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2008-04-02 102400]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2008-02-01 136488]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2008-04-24 268840]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2007-02-06 68400]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2008-01-03 2568192]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\updnavi\updatenv.exe" [2007-08-02 167936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-02 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-02 92704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-23 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-23 145944]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-10-07 189824]
"NPCTray"="c:\program files\Norman\npc\bin\npc_tray.exe" [2009-10-07 128328]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-13 6183456]

c:\users\Herrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 ALE_NF;Norman Firewall ALE driver;c:\windows\System32\drivers\ale_nf.sys [29/11/2008 7:15 PM 44872]
R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [27/02/2009 11:31 PM 25032]
R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [29/11/2008 7:43 PM 56136]
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [16/10/2009 12:50 AM 24168]
R2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\Npf\Bin\npfsvc32.exe [29/11/2008 7:15 PM 599424]
R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [29/11/2008 7:15 PM 124232]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [29/11/2008 7:15 PM 128328]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [1/02/2008 2:35 PM 62760]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [3/08/2007 6:20 AM 11264]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\System32\drivers\fuj02e3.sys [29/04/2008 8:50 AM 5632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [13/08/2008 11:53 AM 113664]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [1/05/2008 8:35 AM 3660800]
R3 NPC;Norman Parental Control;c:\program files\Norman\Npc\Bin\npcsvc32.exe [29/11/2008 7:15 PM 419200]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [16/10/2009 12:50 AM 320840]
R3 NUAA;Norman User Activity Agent;c:\program files\Norman\Npc\Bin\nuaa.exe [29/11/2008 7:15 PM 124232]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [5/02/2008 8:23 AM 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [21/01/2008 4:56 PM 41560]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [13/05/2009 1:44 AM 132424]
S3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [3/12/2008 12:11 AM 3872]
S3 NvcMFlt;NvcMFlt;c:\windows\System32\drivers\nvcv32mf.sys [22/02/2009 3:29 AM 23392]
S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [22/02/2009 3:29 AM 197960]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\bin\NVCSCHED.EXE" --> c:\program files\Norman\Npm\bin\NVCSCHED.EXE [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [13/08/2008 11:52 AM 43552]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\System32\drivers\smscirda.sys [2/11/2006 6:25 PM 30720]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\User_Feed_Synchronization-{11F3F7A2-D28D-46C0-AA40-2D14D2DA27A5}.job
- c:\windows\system32\msfeedssync.exe [2009-10-12 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Norman\npc\bin\nlf.dll
TCP: {7E88E132-6FA3-49BD-9C22-E76B217B92EF} = 202.136.43.240 202.136.43.241
.
- - - - ORPHANS REMOVED - - - -

AddRemove-InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 00:37
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-27671746-2676547691-2390619321-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0]
@Class="Shell"

[HKEY_USERS\S-1-5-21-27671746-2676547691-2390619321-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*0\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3580)
c:\program files\Norman\nvc\bin\Niphk.dll
c:\program files\Softex\OmniPass\SCUREDLL.dll
.
Completion time: 2009-10-28 0:39
ComboFix-quarantined-files.txt 2009-10-28 16:38

Pre-Run: 43,928,461,312 bytes free
Post-Run: 45,005,352,960 bytes free

- - End Of File - - 42DB834B8EBD07E6A23BFDDC47421BCC

[chemist]

Hello again, eightonly. Please tell us how your system is behaving.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs and Features):

Java(TM) 6 Update 6

These are all outdated, and security risks by having them installed still.

Leave this one as it has the latest definitions:

Java(TM) 6 Update 15

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

When updating in the future, make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.

• Right-click ATF-Cleaner.exe and choose Run as Administrator to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
• NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista, you must open the Web browser via a right-click using the Run as Administrator command.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at any Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected.
• It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

Kaspersky report
report on system behavior

[eightonly]

Hi Chemist,

So far so good, Norman Firewall has not detected any connections out of the blue and even when i connect to the net, Newspedia site doesnt run anymore.

However, i did run the flash disinfector and the autorun.inf is still in my thumbdrive. On opening the file using notepad, i noticed the commands are still the same as before i ran the flash disinfector. Does that mean the autorun is still being executed when i plug in my flashdisk? Also, performing a scan on the flashdisk reveals that the trojan and hidden folder 'DOBRERIBE' which contains 'ziza.exe' is still there. However i do notice that on right clicking on the flash drive folder in mycomputer, the option "autorun" is not there anymore. Will the remaining file infect my pc again?

As for my MSN messenger, i have not been able to verify if it is still sending links to my contacts. If there is any i reckon i should update you?

[chemist]

Hello again, eightonly.

Quote:

Does that mean the autorun is still being executed when i plug in my flashdisk?

Quote:

However i do notice that on right clicking on the flash drive folder in mycomputer, the option "autorun" is not there anymore. Will the remaining file infect my pc again?

No, ComboFix and Flash_Disinfector disable autoruns, so you don't have to worry that it will be executed.

Let's unhide that superhidden folder on your flashdrive. Insert your flashdrive.

Go Start > Programs > Accessories and right-click 'Command Prompt' and choose 'Run as Administrator'.

Type the following into the command line and press Enter:

attrib X:\DOBRERIBE -s -h

where X is the letter of your flashdrive. Spaces are important.

Type exit and press Enter.

Can you see the folder now? Let me know.

Please finish the rest of the instructions and post the Kaspersky report.

------------------------------------------------------

[eightonly]

Hi Chemist,

Attached is the report. Seems like my system is clean! Anyways i've set the DOBRERIBE folder to visible and deleted that folder and the autorun.inf too.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 29, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 29, 2009 04:24:46
Records in database: 3098721
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 198134
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:43:31

No threats found. Scanned area is clean.

Selected area has been scanned.

[chemist]

Hello again, eightonly. The autorun.inf folder you deleted was put there by Flash_Disinfector, to prevent those types of infections from being able to launch. Run Flash_Disinfector again on that flashdrive and leave the folder there.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable Norman before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

• How Did I Get Infected In The First Place? by TonyKlein
• How to Prevent Malware by miekiemoes

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an add-on available for both Firefox and IE.
  
• SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  
• MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.

[eightonly]

Hi Chemist,

I managed to unhide the folder and so i delete the folder and the autorun.inf.

Below is the kaspersky report.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 29, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 29, 2009 04:24:46
Records in database: 3098721
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 198134
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:43:31

No threats found. Scanned area is clean.

Selected area has been scanned.

[eightonly]

Hi Chemist,

Thanks for your help. I couldnt see my last post initially so i reposted. No idea why though.

I've uninstalled combofix and i'll run flash_disinfector again. Thanks and Cheers.

[chemist]

You're very welcome, eightonly! Glad to have helped.