Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Win32 Properties Box At Startup *edited as asked*

This is a discussion on Win32 Properties Box At Startup *edited as asked* within the Resolved HJT Threads forums, part of the Tech Support Forum category. Good Day, My mother had been using her USB drive on the laptop. Avast then detected an autorun.inf I searched


 
 
Thread Tools Search this Thread
Old 04-12-2009, 01:06 PM   #1
Registered Member
 
Join Date: Apr 2009
Posts: 32
OS: Laptop - Windows 7 (32-bit) & Desktop - Windows 7 (64-bit)



Good Day,

My mother had been using her USB drive on the laptop. Avast then detected an autorun.inf

I searched google for some tips on how to get rid of this, none of them seemed to work, so i then decided to just format the drive. I started to move the files on the USB to a folder, for back-up. Avast then detected that one of the files on the USB (which contained some pictures, that my mother had taken from a PC at her workplace) was infected. I ended up just deleting that particular file, however when deleted, it didn't show up in the recycle bin.

So, i restarted the laptop, and now .... on start-up a Win32 Properties box appears everytime.



DDS (Ver_09-03-16.01) - NTFSx86
Run by ZuriPhoenix at 14:53:39.13 on Sun 04/12/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1961 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\ZuriPhoenix\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\zuriph~1\appdata\roaming\mozilla\firefox\profiles\yog1abuh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\zuriphoenix\appdata\roaming\mozilla\firefox\profiles\yog1abuh.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npjustintvpublish.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-9 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-9 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-9 51792]

=============== Created Last 30 ================

2009-04-11 13:56 <DIR> --d----- c:\program files\Trend Micro
2009-04-11 12:07 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-11 12:07 <DIR> --dshr-- C:\RESTORE
2009-04-11 11:27 42,553 a------- c:\programdata\nvModes.dat
2009-04-11 11:27 42,553 a------- c:\progra~2\nvModes.dat
2009-04-10 04:11 <DIR> --d----- c:\users\zuriphoenix\Tracing
2009-04-10 04:11 <DIR> --d----- c:\programdata\Messenger Plus!
2009-04-10 04:11 <DIR> --d----- c:\progra~2\Messenger Plus!
2009-04-10 02:22 <DIR> --d----- c:\programdata\FLEXnet
2009-04-10 02:13 <DIR> --d----- c:\programdata\ALM
2009-04-10 02:13 <DIR> --d----- c:\progra~2\ALM
2009-04-10 02:08 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-04-10 01:59 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-04-10 01:44 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-04-10 01:28 <DIR> --d----- c:\users\ZuriPhoenix
2009-04-10 01:12 2,048 a------- c:\windows\system32\tzres.dll
2009-04-10 01:03 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-09 23:01 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-09 23:01 217,088 a------- c:\windows\system32\psisrndr.ax
2009-04-09 23:01 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-09 23:01 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-04-09 23:01 80,896 a------- c:\windows\system32\MSNP.ax
2009-04-09 23:01 57,856 a------- c:\windows\system32\MSDvbNP.ax
2009-04-09 22:58 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-09 22:58 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-09 22:58 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-04-09 21:46 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-04-09 21:46 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-04-09 21:46 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-04-09 21:46 827,392 a------- c:\windows\system32\wininet.dll
2009-04-09 21:43 147,456 a------- c:\windows\system32\Faultrep.dll
2009-04-09 20:56 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-04-09 20:54 <DIR> --d----- c:\program files\Microsoft
2009-04-09 20:53 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-09 20:46 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-09 18:53 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-04-09 18:27 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-09 18:27 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-09 18:27 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-09 18:27 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-06 17:58 81 a------- c:\windows\system32\LOG
2009-04-06 17:57 <DIR> --d----- c:\program files\Yahoo!
2009-04-06 17:56 <DIR> --d----- c:\programdata\Electronic Arts
2009-04-06 17:56 <DIR> --d----- c:\progra~2\Electronic Arts
2009-04-06 17:50 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF8106VR7_E480576-003_4A_I30D1_SQuanta_V85.26_F.30_T080424_WV3-1_L409_M3007_J250_7AMD_8F82_92.00_#090406_N14E44328;10DE054C_(KN876UA#ABA)_XMOBILE_CN10_Z.MRK
2009-04-06 16:20 <DIR> --d----- c:\programdata\NVIDIA
2009-04-06 16:15 <DIR> --d----- c:\programdata\WildTangent
2009-04-06 16:15 <DIR> --d----- c:\program files\HP Games
2009-04-06 16:15 <DIR> --d----- c:\progra~2\WildTangent
2009-04-06 16:10 7,168 a------- c:\windows\system32\drivers\HpqRemHid.sys
2009-04-06 16:10 <DIR> --d----- c:\program files\HPQ
2009-04-06 16:10 1,560,576 a------- c:\windows\system32\BttnCmns_64.dll
2009-04-06 16:10 1,560,576 a------- c:\windows\system32\BttnCmns.dll
2009-04-06 16:10 1,419,232 a------- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2009-04-06 16:10 987,136 a------- c:\windows\system32\BttnCmn.dll
2009-04-06 16:10 16,768 a------- c:\windows\system32\drivers\HpqKbFiltr.sys
2009-04-06 16:10 <DIR> --d----- c:\programdata\CyberLink
2009-04-06 16:09 82,432 a------- c:\windows\system32\msxml4r.dll
2009-04-06 16:09 44,544 a------- c:\windows\system32\msxml4a.dll
2009-04-06 16:08 89,088 -------- c:\windows\system32\atl71.dll
2009-04-06 16:05 258,104 a------- c:\windows\system32\hcwpnp32.dll
2009-04-06 16:05 <DIR> --d----- c:\windows\system32\Hauppauge
2009-04-06 16:05 <DIR> --d----- c:\program files\WinTV
2009-04-06 16:05 98,360 a------- c:\windows\system32\hcwi2c32.dll
2009-04-06 16:05 36,921 a------- c:\windows\system32\hcwutl32_priv.dll
2009-04-06 16:05 36,921 a------- c:\windows\system32\hcwutl32.dll
2009-04-06 16:05 870,480 a------- c:\windows\system32\oem15.inf
2009-04-06 16:05 3,141,632 a------- c:\windows\system32\bcmihvui.dll
2009-04-06 16:05 1,205,240 a------- c:\windows\system32\drivers\BCMWL6.SYS
2009-04-06 16:05 <DIR> --d----- c:\program files\Broadcom
2009-04-06 16:03 90,112 a------- c:\windows\system32\snymsico.dll
2009-04-06 16:03 42,496 a------- c:\windows\system32\drivers\rimsptsk.sys
2009-04-06 16:03 39,936 a------- c:\windows\system32\drivers\rimmptsk.sys
2009-04-06 16:03 37,376 a------- c:\windows\system32\drivers\rixdptsk.sys
2009-04-06 16:03 16,480 a------- c:\windows\system32\rixdicon.dll
2009-04-06 16:02 <DIR> --d----- c:\program files\NetWaiting
2009-04-06 16:02 <DIR> --d----- c:\program files\CONEXANT
2009-04-06 16:02 984,064 a------- c:\windows\system32\drivers\HSX_DPV.sys
2009-04-06 16:02 660,480 a------- c:\windows\system32\drivers\HSX_CNXT.sys
2009-04-06 16:02 208,896 a------- c:\windows\system32\drivers\HSXHWAZL.sys
2009-04-06 16:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-06 16:01 <DIR> --d----- c:\program files\Synaptics
2009-04-06 16:00 1,079,840 a------- c:\windows\system32\nvcpluir.dll
2009-04-06 16:00 768,544 a------- c:\windows\system32\nvcplui.exe
2009-04-06 16:00 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-04-06 16:00 313,888 a------- c:\windows\system32\nvexpbar.dll
2009-04-06 15:59 3,903 a------- c:\windows\system32\nvnrm.nvu
2009-04-06 15:59 1,732 a------- c:\windows\system32\drivers\nvphy.bin
2009-04-06 15:59 356,352 a------- c:\windows\system32\nvusmu.exe
2009-04-06 15:59 528 a------- c:\windows\system32\nvsmu.nvu
2009-04-06 15:59 356,352 a------- c:\windows\system32\nvusmb.exe
2009-04-06 15:59 1,864 a------- c:\windows\system32\nvsmb.nvu
2009-04-06 15:58 838,068 a------- c:\windows\system32\oem4.inf

==================== Find3M ====================

2009-04-10 02:00 86,016 a------- c:\windows\inf\infstrng.dat
2009-04-10 02:00 86,016 a------- c:\windows\inf\infstor.dat
2009-04-10 02:00 51,200 a------- c:\windows\inf\infpub.dat
2009-04-10 01:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-06 16:04 3,481,600 a------- c:\windows\system32\bcmihvsrv.dll
2009-04-06 16:04 87,328 a------- c:\windows\system32\bcmwlcoi.dll
2009-02-08 23:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:53:57.84 ===============
Attached Files
File Type: zip Attach.zip (4.3 KB, 15 views)
ZuriPhoenix is offline  
Sponsored Links
Advertisement
 
Old 04-16-2009, 11:57 AM   #2
Registered Member
 
Join Date: Apr 2009
Posts: 32
OS: Laptop - Windows 7 (32-bit) & Desktop - Windows 7 (64-bit)


Smile

BUMP, please
ZuriPhoenix is offline  
Old 04-16-2009, 03:54 PM   #3
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello ZuriPhoenix,

Quote:
My mother had been using her USB drive on the laptop. Avast then detected an autorun.inf..

...one of the files on the USB (which contained some pictures, that my mother had taken from a PC at her workplace) was infected
Please locate your mother's USB stick so we can clean it properly or she may continue to infect other computers.

She should also notify her employer immediately of the situation and if there is an IT department, they should take care of it. If it is a small business with only that computer, let me know.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

1. Download Flash_Disinfector.exe and save it to your desktop.


2. Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

=====================================

Disable your AntiVirus and AntiSpyware applications as they may otherwise interfere with our tools

=====================================

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

=====================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Sponsored Links
Advertisement
 
Old 04-16-2009, 05:41 PM   #4
Registered Member
 
Join Date: Apr 2009
Posts: 32
OS: Laptop - Windows 7 (32-bit) & Desktop - Windows 7 (64-bit)



ComboFix 09-04-17.01 - ZuriPhoenix 04/16/2009 20:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.2030 [GMT -4:00]
Running from: c:\users\ZuriPhoenix\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-17 00:18 . 2009-04-17 00:18 -------- d-sha-r C:\autorun.inf
2009-04-16 20:55 . 2009-04-16 21:01 -------- d-----w c:\users\user\AppData\Local\Microsoft Games
2009-04-15 02:20 . 2009-04-15 02:20 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-14 06:31 . 2009-04-14 06:33 -------- d-----w c:\users\ZuriPhoenix\AppData\Roaming\Webcammax
2009-04-14 06:30 . 2008-03-11 13:14 941784 ----a-w c:\windows\system32\drivers\CAMTHWDM.sys
2009-04-14 06:25 . 2009-04-17 00:16 -------- d-----w c:\users\ZuriPhoenix\AppData\Roaming\uTorrent
2009-04-14 04:48 . 2009-04-14 04:48 -------- d-----w c:\users\All Users\Temp
2009-04-14 04:48 . 2009-04-14 04:48 -------- d-----w c:\programdata\Temp
2009-04-12 21:22 . 2009-04-12 21:22 -------- d-----w C:\TC
2009-04-11 16:07 . 2009-04-11 16:07 -------- d-sh--r C:\RESTORE
2009-04-11 16:07 . 2009-04-11 16:07 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-11 15:28 . 2009-04-12 01:52 -------- d-----w c:\users\user\AppData\Local\Adobe
2009-04-11 15:27 . 2009-04-17 00:24 42553 ----a-w c:\users\All Users\nvModes.dat
2009-04-11 15:27 . 2009-04-17 00:24 42553 ----a-w c:\programdata\nvModes.dat
2009-04-10 08:11 . 2009-04-17 00:24 -------- d-----w c:\users\ZuriPhoenix\Tracing
2009-04-10 08:11 . 2009-04-10 08:11 -------- d-----w c:\users\All Users\Messenger Plus!
2009-04-10 08:11 . 2009-04-10 08:11 -------- d-----w c:\programdata\Messenger Plus!
2009-04-10 06:24 . 2009-04-10 06:24 -------- d-----w c:\users\ZuriPhoenix\AppData\Local\Mozilla
2009-04-10 06:22 . 2009-04-12 22:27 -------- d-----w c:\users\All Users\FLEXnet
2009-04-10 06:22 . 2009-04-12 22:27 -------- d-----w c:\programdata\FLEXnet
2009-04-10 06:13 . 2009-04-10 06:13 -------- d-----w c:\users\All Users\ALM
2009-04-10 06:13 . 2009-04-10 06:13 -------- d-----w c:\programdata\ALM
2009-04-10 05:59 . 2008-04-07 09:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-10 05:34 . 2009-04-12 20:50 -------- d-----w c:\users\ZuriPhoenix\AppData\Local\Adobe
2009-04-10 05:31 . 2009-04-10 05:31 -------- d-----w c:\users\ZuriPhoenix\AppData\Roaming\Hewlett-Packard
2009-04-10 05:30 . 2009-04-10 06:14 79264 ----a-w c:\users\ZuriPhoenix\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-10 05:30 . 2009-04-12 18:45 -------- d-----w c:\users\ZuriPhoenix\AppData\Local\QuickPlay
2009-04-10 05:29 . 2009-04-10 05:29 -------- d-----r c:\users\ZuriPhoenix\Searches
2009-04-10 05:29 . 2009-04-10 05:29 -------- d-----r c:\users\ZuriPhoenix\Contacts
2009-04-10 05:13 . 2008-05-27 05:17 34816 ----a-w c:\windows\system32\msscb.dll
2009-04-10 05:12 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-10 03:01 . 2008-12-05 04:32 428544 ----a-w c:\windows\system32\EncDec.dll
2009-04-10 03:01 . 2008-12-05 04:31 217088 ----a-w c:\windows\system32\psisrndr.ax
2009-04-10 03:01 . 2008-12-05 04:32 293376 ----a-w c:\windows\system32\psisdecd.dll
2009-04-10 03:01 . 2008-12-05 04:31 80896 ----a-w c:\windows\system32\MSNP.ax
2009-04-10 03:01 . 2008-12-05 04:31 177664 ----a-w c:\windows\system32\mpg2splt.ax
2009-04-10 03:01 . 2008-04-23 04:41 57856 ----a-w c:\windows\system32\MSDvbNP.ax
2009-04-10 02:58 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-04-10 02:58 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-04-10 02:58 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-04-10 01:57 . 2009-04-10 02:37 -------- d-----w c:\users\Public\Adobe CS4 Master Collection - Shadeyman
2009-04-10 01:46 . 2008-06-19 03:31 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-10 01:46 . 2008-10-22 03:57 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll
2009-04-10 01:46 . 2009-01-15 06:11 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-10 01:46 . 2009-01-15 03:36 1383424 ----a-w c:\windows\system32\mshtml.tlb
2009-04-10 01:43 . 2008-09-18 04:56 125952 ----a-w c:\windows\system32\wersvc.dll
2009-04-10 01:17 . 2009-04-10 01:17 -------- d-----w c:\users\user\AppData\Roaming\GTek
2009-04-10 00:54 . 2009-04-16 23:28 -------- d-----w c:\users\user\Tracing
2009-04-09 23:09 . 2009-04-09 23:09 -------- d-----w c:\users\user\AppData\Local\Mozilla
2009-04-09 22:53 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-04-09 22:27 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-04-09 22:27 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-04-09 22:27 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-04-09 22:27 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-04-09 22:27 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-04-09 22:27 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll
2009-04-09 22:27 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll
2009-04-09 22:27 . 2008-10-16 21:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-04-09 22:27 . 2008-10-16 20:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-04-09 19:22 . 2009-04-09 19:22 27240 ----a-w c:\users\user\AppData\Roaming\nvModes.dat
2009-04-06 22:03 . 2009-04-07 01:57 -------- d-----w c:\users\user\AppData\Roaming\CyberLink
2009-04-06 21:59 . 2009-04-07 01:56 -------- d-----w c:\users\user\AppData\Local\QuickPlay
2009-04-06 21:59 . 2009-04-06 21:59 -------- d-----w c:\users\user\AppData\Roaming\Symantec
2009-04-06 21:59 . 2009-04-11 15:28 79264 ----a-w c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-06 21:59 . 2009-04-06 21:59 -------- d-----r c:\users\user\Searches
2009-04-06 21:58 . 2009-04-06 21:58 -------- d-----r c:\users\user\Contacts
2009-04-06 21:58 . 2009-04-06 21:59 -------- d-----w c:\users\user\AppData\Local\VirtualStore
2009-04-06 21:58 . 2009-04-06 21:58 81 ----a-w c:\windows\system32\LOG
2009-04-06 21:57 . 2009-04-06 22:00 -------- d-----w c:\users\user\AppData\Roaming\Hewlett-Packard
2009-04-06 21:56 . 2009-04-06 21:56 -------- d-----w c:\users\All Users\Electronic Arts
2009-04-06 21:56 . 2009-04-06 21:56 -------- d-----w c:\programdata\Electronic Arts
2009-04-06 21:56 . 2009-04-06 21:56 -------- d-----w c:\users\user\AppData\Local\Downloaded Installations
2009-04-06 21:50 . 2009-04-06 21:50 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF8106VR7_E480576-003_4A_I30D1_SQuanta_V85.26_F.30_T080424_WV3-1_L409_M3007_J250_7AMD_8F82_92.00_#090406_N14E44328;10DE054C_(KN876UA#ABA)_XMOBILE_CN10_Z.MRK
2009-04-06 20:20 . 2009-04-10 05:30 -------- d-----w c:\users\All Users\NVIDIA
2009-04-06 20:20 . 2009-04-10 05:30 -------- d-----w c:\programdata\NVIDIA
2009-04-06 20:15 . 2009-04-06 20:18 -------- d-----w c:\users\All Users\WildTangent
2009-04-06 20:15 . 2009-04-06 20:18 -------- d-----w c:\programdata\WildTangent
2009-04-06 20:10 . 2007-07-11 17:30 7168 ----a-w c:\windows\system32\drivers\HpqRemHid.sys
2009-04-06 20:10 . 2007-06-19 00:12 16768 ----a-w c:\windows\system32\drivers\HpqKbFiltr.sys
2009-04-06 20:10 . 2007-06-08 21:46 1560576 ----a-w c:\windows\system32\BttnCmns_64.dll
2009-04-06 20:10 . 2006-11-02 14:09 1419232 ----a-w c:\windows\system32\drivers\wdfcoinstaller01005.dll
2009-04-06 20:10 . 2006-06-30 13:46 1560576 ----a-w c:\windows\system32\BttnCmns.dll
2009-04-06 20:10 . 2005-10-31 22:30 987136 ----a-w c:\windows\system32\BttnCmn.dll
2009-04-06 20:10 . 2009-04-14 04:39 -------- d-----w c:\users\All Users\CyberLink
2009-04-06 20:10 . 2009-04-14 04:39 -------- d-----w c:\programdata\CyberLink
2009-04-06 20:09 . 2007-12-20 02:28 82432 ----a-w c:\windows\system32\msxml4r.dll
2009-04-06 20:09 . 2007-12-20 02:28 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-06 20:08 . 2007-12-20 02:28 89088 ------w c:\windows\system32\atl71.dll
2009-04-06 20:05 . 2009-04-06 20:05 -------- d-----w c:\windows\system32\Hauppauge
2009-04-06 20:05 . 2007-05-01 22:26 258104 ----a-w c:\windows\system32\hcwpnp32.dll
2009-04-06 20:05 . 2006-10-11 01:47 36921 ----a-w c:\windows\system32\hcwutl32.dll
2009-04-06 20:05 . 2006-10-11 00:47 36921 ----a-w c:\windows\system32\hcwutl32_priv.dll
2009-04-06 20:05 . 2006-10-10 17:15 98360 ----a-w c:\windows\system32\hcwi2c32.dll
2009-04-06 20:05 . 2009-04-06 20:05 870480 ----a-w c:\windows\system32\oem15.inf
2009-04-06 20:05 . 2009-04-06 20:04 3141632 ----a-w c:\windows\system32\bcmihvui.dll
2009-04-06 20:05 . 2009-04-06 20:04 1205240 ----a-w c:\windows\system32\drivers\BCMWL6.SYS
2009-04-06 20:03 . 2007-03-22 05:02 37376 ----a-w c:\windows\system32\drivers\rixdptsk.sys
2009-04-06 20:03 . 2007-02-24 21:42 39936 ----a-w c:\windows\system32\drivers\rimmptsk.sys
2009-04-06 20:03 . 2007-01-23 23:40 42496 ----a-w c:\windows\system32\drivers\rimsptsk.sys
2009-04-06 20:03 . 2005-05-07 19:06 16480 ----a-w c:\windows\system32\rixdicon.dll
2009-04-06 20:03 . 2004-09-04 10:00 90112 ----a-w c:\windows\system32\snymsico.dll
2009-04-06 20:02 . 2007-06-20 11:29 984064 ----a-w c:\windows\system32\drivers\HSX_DPV.sys
2009-04-06 20:02 . 2007-06-20 11:28 208896 ----a-w c:\windows\system32\drivers\HSXHWAZL.sys
2009-04-06 20:02 . 2007-06-20 11:28 660480 ----a-w c:\windows\system32\drivers\HSX_CNXT.sys
2009-04-06 20:01 . 2009-04-06 20:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-06 20:00 . 2008-12-04 06:42 768544 ----a-w c:\windows\system32\nvcplui.exe
2009-04-06 20:00 . 2008-12-04 06:42 420384 ----a-w c:\windows\system32\nvcpl.cpl
2009-04-06 20:00 . 2008-12-04 06:42 313888 ----a-w c:\windows\system32\nvexpbar.dll
2009-04-06 20:00 . 2008-12-04 06:42 1079840 ----a-w c:\windows\system32\nvcpluir.dll
2009-04-06 19:59 . 2006-12-01 05:37 3903 ----a-w c:\windows\system32\nvnrm.nvu
2009-04-06 19:59 . 2007-01-04 01:20 1732 ----a-w c:\windows\system32\drivers\nvphy.bin
2009-04-06 19:59 . 2007-02-14 07:55 356352 ----a-w c:\windows\system32\nvusmu.exe
2009-04-06 19:59 . 2006-12-15 06:48 528 ----a-w c:\windows\system32\nvsmu.nvu
2009-04-06 19:59 . 2006-11-08 22:48 356352 ----a-w c:\windows\system32\nvusmb.exe
2009-04-06 19:59 . 2006-10-19 23:36 1864 ----a-w c:\windows\system32\nvsmb.nvu
2009-04-06 19:58 . 2009-04-06 19:57 838068 ----a-w c:\windows\system32\oem4.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 02:20 . 2008-04-25 02:26 -------- d-----w c:\program files\Java
2009-04-14 06:30 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-04-14 06:30 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-14 06:30 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-11 17:56 . 2009-04-11 17:56 -------- d-----w c:\program files\Trend Micro
2009-04-10 06:08 . 2009-04-10 06:08 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-04-10 06:05 . 2008-04-25 02:04 -------- d-----w c:\program files\Common Files\Adobe
2009-04-10 05:50 . 2009-04-10 05:50 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-10 05:44 . 2009-04-10 05:44 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-10 05:24 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-10 05:23 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-04-10 05:20 . 2008-04-25 01:58 -------- d-----w c:\programdata\Microsoft Help
2009-04-10 05:03 . 2009-04-10 05:03 -------- d-----w c:\program files\MSXML 4.0
2009-04-10 01:22 . 2008-04-25 01:08 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-10 01:20 . 2008-04-25 01:08 -------- d-----w c:\programdata\Symantec
2009-04-10 00:56 . 2009-04-10 00:56 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-10 00:54 . 2009-04-10 00:54 -------- d-----w c:\program files\Microsoft
2009-04-10 00:54 . 2009-04-10 00:53 -------- d-----w c:\program files\Windows Live
2009-04-10 00:53 . 2009-04-10 00:53 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-10 00:46 . 2009-04-10 00:46 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-09 22:53 . 2009-04-09 22:53 -------- d-----w c:\program files\Alwil Software
2009-04-06 22:01 . 2008-04-25 02:16 -------- d-----w c:\programdata\Hewlett-Packard
2009-04-06 21:57 . 2009-04-06 21:57 -------- d-----w c:\program files\Yahoo!
2009-04-06 21:56 . 2008-04-25 01:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 21:56 . 2009-04-06 21:52 -------- d-----w c:\program files\Electronic Arts
2009-04-06 21:50 . 2009-04-06 20:10 -------- d-----w c:\program files\HPQ
2009-04-06 21:50 . 2009-04-06 21:50 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-06 20:18 . 2009-04-06 20:15 -------- d-----w c:\program files\HP Games
2009-04-06 20:15 . 2008-04-25 02:05 -------- d-----w c:\program files\CyberLink
2009-04-06 20:11 . 2008-04-25 01:01 -------- d-----w c:\program files\Hewlett-Packard
2009-04-06 20:08 . 2008-04-25 02:03 -------- d-----w c:\program files\HP
2009-04-06 20:05 . 2009-04-06 20:05 -------- d-----w c:\program files\WinTV
2009-04-06 20:05 . 2009-04-06 20:05 -------- d-----w c:\program files\Broadcom
2009-04-06 20:04 . 2007-10-08 20:27 87328 ----a-w c:\windows\System32\bcmwlcoi.dll
2009-04-06 20:04 . 2007-10-08 20:21 3481600 ----a-w c:\windows\System32\bcmihvsrv.dll
2009-04-06 20:04 . 2009-04-06 20:02 -------- d-----w c:\program files\CONEXANT
2009-04-06 20:02 . 2009-04-06 20:02 -------- d-----w c:\program files\NetWaiting
2009-04-06 20:01 . 2009-04-06 20:01 -------- d-----w c:\program files\Synaptics
2009-02-09 03:10 . 2009-04-10 01:43 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{95FD1396-40DA-4DD2-8C16-0DE73B59F2D7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3B2FA866-4202-4DC0-992B-A9BFAAE96D7D}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4ABA226C-6923-44AC-94F0-0DB97D786FC4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{488C171A-F058-4729-9BD8-D304680A1CA1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{668E7617-18FE-4F3A-BC36-FF63DC2A4F87}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{99C7A66D-D16F-46E5-9AD2-EEB2F28C60DB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0ECC5AB-7509-46A6-BA7E-9779F7C1DC83}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E494C045-02AD-4BDD-82CC-CF666E9105E4}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B428A244-7BFB-43FC-AB39-6BE24DCAABD5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D3F43D71-BF0F-44ED-B946-59020355C43E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A71E194E-2C2F-4647-BCEC-F8C9A9E4930D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1A42E11F-89A0-4A94-BE0F-1D3F9239D560}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{D7F06075-0713-48B7-B1FD-745229FBEF54}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{F7ADBFE2-AB3B-4BC9-AFC9-EEE6268F9CA9}"= UDP:5353:Adobe CSI CS4
"{4CC98D02-773A-4035-B6CF-323118E90DBA}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{015EF6B4-97CE-4B80-8B78-B2B992A50E28}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{126bd57d-26ad-11de-8a54-001e6829af3f}]
\shell\AutoRun\command - RESTORE\k-1-3542-4232123213-7676767-8888886\Ogard.exe
\shell\open\command - RESTORE\k-1-3542-4232123213-7676767-8888886\Ogard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb38ca3b-2783-11de-a5f5-001e6829af3f}]
\shell\AutoRun\command - f:\restore\k-1-3542-4232123213-7676767-8888886\Ogard.exe
\shell\open\command - f:\restore\k-1-3542-4232123213-7676767-8888886\Ogard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ZuriPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\yog1abuh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\ZuriPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\yog1abuh.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-04-16 20:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 31980 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2009-04-17 20:33
ComboFix-quarantined-files.txt 2009-04-17 00:33

Pre-Run: 164,242,472,960 bytes free
Post-Run: 164,251,938,816 bytes free

275 --- E O F --- 2009-04-13 18:25




P.S. - I have now run into a problem on my PC Do i post that problem in this thread, create a new thread now, or create a new thread when this one is finished ?!?
Thank You !
ZuriPhoenix is offline  
Old 04-16-2009, 07:37 PM   #5
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Do you mean your system is likely now infected as well? If so, yes--begin a new thread as it becomes too confusing to work 2 machines in one thread.

Entitle your new thread PC 2. Run gmer and dds.scr same as you did for this machine. Post those logs in that new thread and PM me with the link once you've done that.

I'll review the logs in this thread as soon as possible. I have several people ahead of you.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-16-2009, 08:08 PM   #6
Registered Member
 
Join Date: Apr 2009
Posts: 32
OS: Laptop - Windows 7 (32-bit) & Desktop - Windows 7 (64-bit)



Thank You.
However there seems to be a problem. My PC is Windows Vista Ultimate - 64 bit
dds.scr says that it is not supported, and gmer is not giving me the option to check/uncheck the boxes in the right panel.
ZuriPhoenix is offline  
Old 04-16-2009, 08:21 PM   #7
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Not many tools support 64 bit systems.

Try System Recovery to go back to a point before this happened.

If that doesn't clear it for you, download OTListIt2 to your desktop.

Double click the icon to start the tool.
  • Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created, OTListIt.Txt and Extras.txt, on the Desktop. I only need the contents of the OTListIt.txt. Post that in a new thread.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-16-2009, 09:43 PM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello ZuriPhoenix,



Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------


Please insert the usb stick in whatever is typically the F: drive.


---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

Folder::
f:\restore\k-1-3542-4232123213-7676767-8888886
C:\RESTORE\k-1-3542-4232123213-7676767-8888886

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{126bd57d-26ad-11de-8a54-001e6829af3f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb38ca3b-2783-11de-a5f5-001e6829af3f}]

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt


--------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit https://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
Update on system behavior
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-17-2009, 03:13 AM   #9
Registered Member
 
Join Date: Apr 2009
Posts: 32
OS: Laptop - Windows 7 (32-bit) & Desktop - Windows 7 (64-bit)



ComboFix 09-04-17.01 - ZuriPhoenix 04/17/2009 0:58.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1944 [GMT -4:00]
Running from: c:\users\ZuriPhoenix\Desktop\ComboFix.exe
Command switches used :: c:\users\ZuriPhoenix\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\restore\k-1-3542-4232123213-7676767-8888886
c:\restore\k-1-3542-4232123213-7676767-8888886\Desktop.ini
c:\restore\k-1-3542-4232123213-7676767-8888886\Wins32.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-17 03:50 . 2009-04-17 03:50 501248 ----a-w c:\users\Public\OTListIt2.exe
2009-04-17 03:02 . 2009-04-17 03:02 278161 ----a-w c:\users\Public\gmer.zip
2009-04-17 03:00 . 2009-04-17 03:00 360021 ----a-w c:\users\Public\dds.pif
2009-04-17 01:49 . 2007-07-20 04:57 267112 ----a-w c:\windows\system32\xactengine2_9.dll
2009-04-17 01:49 . 2007-07-19 22:14 444776 ----a-w c:\windows\system32\d3dx10_35.dll
2009-04-17 01:49 . 2007-07-19 22:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll
2009-04-17 01:49 . 2007-07-19 22:14 1358192 ----a-w c:\windows\system32\D3DCompiler_35.dll
2009-04-17 01:49 . 2007-10-22 07:37 17928 ----a-w c:\windows\system32\X3DAudio1_2.dll
2009-04-17 01:49 . 2007-06-21 00:46 266088 ----a-w c:\windows\system32\xactengine2_8.dll
2009-04-17 01:49 . 2007-05-16 20:45 443752 ----a-w c:\windows\system32\d3dx10_34.dll
2009-04-17 01:49 . 2007-05-16 20:45 3497832 ----a-w c:\windows\system32\d3dx9_34.dll
2009-04-17 01:49 . 2007-05-16 20:45 1124720 ----a-w c:\windows\system32\D3DCompiler_34.dll
2009-04-17 00:18 . 2009-04-17 00:18 -------- d-sha-r C:\autorun.inf
2009-04-16 20:55 . 2009-04-16 21:01 -------- d-----w c:\users\user\AppData\Local\Microsoft Games
2009-04-15 02:20 . 2009-04-15 02:20 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-14 06:31 . 2009-04-14 06:33 -------- d-----w c:\users\ZuriPhoenix\AppData\Roaming\Webcammax
2009-04-14 06:30 . 2008-03-11 13:14 941784 ----a-w c:\windows\system32\drivers\CAMTHWDM.sys
2009-04-14 06:25 . 2009-04-17 00:16 -------- d-----w c:\users\ZuriPhoenix\AppData\Roaming\uTorrent
2009-04-14 04:48 . 2009-04-14 04:48 -------- d-----w c:\users\All Users\Temp
2009-04-14 04:48 . 2009-04-14 04:48 -------- d-----w c:\programdata\Temp
2009-04-12 21:22 . 2009-04-12 21:22 -------- d-----w C:\TC
2009-04-11 16:07 . 2009-04-17 04:58 -------- d-sh--r C:\RESTORE
2009-04-11 16:07 . 2009-04-11 16:07 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-11 15:28 . 2009-04-12 01:52 -------- d-----w c:\users\user\AppData\Local\Adobe
2009-04-11 15:27 . 2009-04-17 00:24 42553 ----a-w c:\users\All Users\nvModes.dat
2009-04-11 15:27 . 2009-04-17 00:24 42553 ----a-w c:\programdata\nvModes.dat
2009-04-10 08:11 . 2009-04-17 00:54 -------- d-----w c:\users\ZuriPhoenix\Tracing
2009-04-10 08:11 . 2009-04-10 08:11 -------- d-----w c:\users\All Users\Messenger Plus!
2009-04-10 08:11 . 2009-04-10 08:11 -------- d-----w c:\programdata\Messenger Plus!
2009-04-10 06:24 . 2009-04-10 06:24 -------- d-----w c:\users\ZuriPhoenix\AppData\Local\Mozilla
2009-04-10 06:22 . 2009-04-12 22:27 -------- d-----w c:\users\All Users\FLEXnet
2009-04-10 06:22 . 2009-04-12 22:27 -------- d-----w c:\programdata\FLEXnet
2009-04-10 06:13 . 2009-04-10 06:13 -------- d-----w c:\users\All Users\ALM
2009-04-10 06:13 . 2009-04-10 06:13 -------- d-----w c:\programdata\ALM
2009-04-10 05:59 . 2008-04-07 09:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-10 05:34 . 2009-04-17 03:34 -------- d-----w c:\users\ZuriPhoenix\AppData\Local\Adobe
2009-04-10 05:31 . 2009-04-10 05:31 -------- d-----w c:\users\ZuriPhoenix\AppData\Roaming\Hewlett-Packard
2009-04-10 05:30 . 2009-04-10 06:14 79264 ----a-w c:\users\ZuriPhoenix\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-10 05:30 . 2009-04-12 18:45 -------- d-----w c:\users\ZuriPhoenix\AppData\Local\QuickPlay
2009-04-10 05:29 . 2009-04-10 05:29 -------- d-----r c:\users\ZuriPhoenix\Searches
2009-04-10 05:29 . 2009-04-10 05:29 -------- d-----r c:\users\ZuriPhoenix\Contacts
2009-04-10 05:13 . 2008-05-27 05:17 34816 ----a-w c:\windows\system32\msscb.dll
2009-04-10 05:12 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-04-10 03:01 . 2008-12-05 04:32 428544 ----a-w c:\windows\system32\EncDec.dll
2009-04-10 03:01 . 2008-12-05 04:31 217088 ----a-w c:\windows\system32\psisrndr.ax
2009-04-10 03:01 . 2008-12-05 04:32 293376 ----a-w c:\windows\system32\psisdecd.dll
2009-04-10 03:01 . 2008-12-05 04:31 80896 ----a-w c:\windows\system32\MSNP.ax
2009-04-10 03:01 . 2008-12-05 04:31 177664 ----a-w c:\windows\system32\mpg2splt.ax
2009-04-10 03:01 . 2008-04-23 04:41 57856 ----a-w c:\windows\system32\MSDvbNP.ax
2009-04-10 02:58 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-04-10 02:58 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-04-10 02:58 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-04-10 01:57 . 2009-04-10 02:37 -------- d-----w c:\users\Public\Adobe CS4 Master Collection - Shadeyman
2009-04-10 01:46 . 2008-06-19 03:31 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-04-10 01:46 . 2008-10-22 03:57 241152 ----a-w c:\windows\system32\PortableDeviceApi.dll
2009-04-10 01:46 . 2009-01-15 06:11 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-10 01:46 . 2009-01-15 03:36 1383424 ----a-w c:\windows\system32\mshtml.tlb
2009-04-10 01:43 . 2008-09-18 04:56 125952 ----a-w c:\windows\system32\wersvc.dll
2009-04-10 01:17 . 2009-04-10 01:17 -------- d-----w c:\users\user\AppData\Roaming\GTek
2009-04-10 00:54 . 2009-04-16 23:28 -------- d-----w c:\users\user\Tracing
2009-04-09 23:09 . 2009-04-09 23:09 -------- d-----w c:\users\user\AppData\Local\Mozilla
2009-04-09 22:53 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-04-09 22:27 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-04-09 22:27 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-04-09 22:27 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-04-09 22:27 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-04-09 22:27 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-04-09 22:27 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll
2009-04-09 22:27 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll
2009-04-09 22:27 . 2008-10-16 21:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-04-09 22:27 . 2008-10-16 20:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-04-09 19:22 . 2009-04-09 19:22 27240 ----a-w c:\users\user\AppData\Roaming\nvModes.dat
2009-04-06 22:03 . 2009-04-07 01:57 -------- d-----w c:\users\user\AppData\Roaming\CyberLink
2009-04-06 21:59 . 2009-04-07 01:56 -------- d-----w c:\users\user\AppData\Local\QuickPlay
2009-04-06 21:59 . 2009-04-06 21:59 -------- d-----w c:\users\user\AppData\Roaming\Symantec
2009-04-06 21:59 . 2009-04-11 15:28 79264 ----a-w c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-06 21:59 . 2009-04-06 21:59 -------- d-----r c:\users\user\Searches
2009-04-06 21:58 . 2009-04-06 21:58 -------- d-----r c:\users\user\Contacts
2009-04-06 21:58 . 2009-04-06 21:59 -------- d-----w c:\users\user\AppData\Local\VirtualStore
2009-04-06 21:58 . 2009-04-06 21:58 81 ----a-w c:\windows\system32\LOG
2009-04-06 21:57 . 2009-04-06 22:00 -------- d-----w c:\users\user\AppData\Roaming\Hewlett-Packard
2009-04-06 21:56 . 2009-04-06 21:56 -------- d-----w c:\users\All Users\Electronic Arts
2009-04-06 21:56 . 2009-04-06 21:56 -------- d-----w c:\programdata\Electronic Arts
2009-04-06 21:56 . 2009-04-06 21:56 -------- d-----w c:\users\user\AppData\Local\Downloaded Installations
2009-04-06 21:50 . 2009-04-06 21:50 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF8106VR7_E480576-003_4A_I30D1_SQuanta_V85.26_F.30_T080424_WV3-1_L409_M3007_J250_7AMD_8F82_92.00_#090406_N14E44328;10DE054C_(KN876UA#ABA)_XMOBILE_CN10_Z.MRK
2009-04-06 20:20 . 2009-04-10 05:30 -------- d-----w c:\users\All Users\NVIDIA
2009-04-06 20:20 . 2009-04-10 05:30 -------- d-----w c:\programdata\NVIDIA
2009-04-06 20:15 . 2009-04-06 20:18 -------- d-----w c:\users\All Users\WildTangent
2009-04-06 20:15 . 2009-04-06 20:18 -------- d-----w c:\programdata\WildTangent
2009-04-06 20:10 . 2007-07-11 17:30 7168 ----a-w c:\windows\system32\drivers\HpqRemHid.sys
2009-04-06 20:10 . 2007-06-19 00:12 16768 ----a-w c:\windows\system32\drivers\HpqKbFiltr.sys
2009-04-06 20:10 . 2007-06-08 21:46 1560576 ----a-w c:\windows\system32\BttnCmns_64.dll
2009-04-06 20:10 . 2006-11-02 14:09 1419232 ----a-w c:\windows\system32\drivers\wdfcoinstaller01005.dll
2009-04-06 20:10 . 2006-06-30 13:46 1560576 ----a-w c:\windows\system32\BttnCmns.dll
2009-04-06 20:10 . 2005-10-31 22:30 987136 ----a-w c:\windows\system32\BttnCmn.dll
2009-04-06 20:10 . 2009-04-14 04:39 -------- d-----w c:\users\All Users\CyberLink
2009-04-06 20:10 . 2009-04-14 04:39 -------- d-----w c:\programdata\CyberLink
2009-04-06 20:09 . 2007-12-20 02:28 82432 ----a-w c:\windows\system32\msxml4r.dll
2009-04-06 20:09 . 2007-12-20 02:28 44544 ----a-w c:\windows\system32\msxml4a.dll
2009-04-06 20:08 . 2007-12-20 02:28 89088 ------w c:\windows\system32\atl71.dll
2009-04-06 20:05 . 2009-04-06 20:05 -------- d-----w c:\windows\system32\Hauppauge
2009-04-06 20:05 . 2007-05-01 22:26 258104 ----a-w c:\windows\system32\hcwpnp32.dll
2009-04-06 20:05 . 2006-10-11 01:47 36921 ----a-w c:\windows\system32\hcwutl32.dll
2009-04-06 20:05 . 2006-10-11 00:47 36921 ----a-w c:\windows\system32\hcwutl32_priv.dll
2009-04-06 20:05 . 2006-10-10 17:15 98360 ----a-w c:\windows\system32\hcwi2c32.dll
2009-04-06 20:05 . 2009-04-06 20:05 870480 ----a-w c:\windows\system32\oem15.inf
2009-04-06 20:05 . 2009-04-06 20:04 3141632 ----a-w c:\windows\system32\bcmihvui.dll
2009-04-06 20:05 . 2009-04-06 20:04 1205240 ----a-w c:\windows\system32\drivers\BCMWL6.SYS
2009-04-06 20:03 . 2007-03-22 05:02 37376 ----a-w c:\windows\system32\drivers\rixdptsk.sys
2009-04-06 20:03 . 2007-02-24 21:42 39936 ----a-w c:\windows\system32\drivers\rimmptsk.sys
2009-04-06 20:03 . 2007-01-23 23:40 42496 ----a-w c:\windows\system32\drivers\rimsptsk.sys
2009-04-06 20:03 . 2005-05-07 19:06 16480 ----a-w c:\windows\system32\rixdicon.dll
2009-04-06 20:03 . 2004-09-04 10:00 90112 ----a-w c:\windows\system32\snymsico.dll
2009-04-06 20:02 . 2007-06-20 11:29 984064 ----a-w c:\windows\system32\drivers\HSX_DPV.sys
2009-04-06 20:02 . 2007-06-20 11:28 208896 ----a-w c:\windows\system32\drivers\HSXHWAZL.sys
2009-04-06 20:02 . 2007-06-20 11:28 660480 ----a-w c:\windows\system32\drivers\HSX_CNXT.sys
2009-04-06 20:01 . 2009-04-06 20:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-04-06 20:00 . 2008-12-04 06:42 768544 ----a-w c:\windows\system32\nvcplui.exe
2009-04-06 20:00 . 2008-12-04 06:42 420384 ----a-w c:\windows\system32\nvcpl.cpl
2009-04-06 20:00 . 2008-12-04 06:42 313888 ----a-w c:\windows\system32\nvexpbar.dll
2009-04-06 20:00 . 2008-12-04 06:42 1079840 ----a-w c:\windows\system32\nvcpluir.dll
2009-04-06 19:59 . 2006-12-01 05:37 3903 ----a-w c:\windows\system32\nvnrm.nvu
2009-04-06 19:59 . 2007-01-04 01:20 1732 ----a-w c:\windows\system32\drivers\nvphy.bin
2009-04-06 19:59 . 2007-02-14 07:55 356352 ----a-w c:\windows\system32\nvusmu.exe
2009-04-06 19:59 . 2006-12-15 06:48 528 ----a-w c:\windows\system32\nvsmu.nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 01:50 . 2009-04-17 01:50 -------- d-----w c:\programdata\Media Center Programs
2009-04-17 01:50 . 2009-04-06 21:52 -------- d-----w c:\program files\Electronic Arts
2009-04-15 02:20 . 2008-04-25 02:26 -------- d-----w c:\program files\Java
2009-04-14 06:30 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstrng.dat
2009-04-14 06:30 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-14 06:30 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-11 17:56 . 2009-04-11 17:56 -------- d-----w c:\program files\Trend Micro
2009-04-10 06:08 . 2009-04-10 06:08 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-04-10 06:05 . 2008-04-25 02:04 -------- d-----w c:\program files\Common Files\Adobe
2009-04-10 05:50 . 2009-04-10 05:50 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-10 05:44 . 2009-04-10 05:44 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-10 05:24 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-10 05:23 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat
2009-04-10 05:20 . 2008-04-25 01:58 -------- d-----w c:\programdata\Microsoft Help
2009-04-10 05:03 . 2009-04-10 05:03 -------- d-----w c:\program files\MSXML 4.0
2009-04-10 01:22 . 2008-04-25 01:08 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-10 01:20 . 2008-04-25 01:08 -------- d-----w c:\programdata\Symantec
2009-04-10 00:56 . 2009-04-10 00:56 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-10 00:54 . 2009-04-10 00:54 -------- d-----w c:\program files\Microsoft
2009-04-10 00:54 . 2009-04-10 00:53 -------- d-----w c:\program files\Windows Live
2009-04-10 00:53 . 2009-04-10 00:53 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-10 00:46 . 2009-04-10 00:46 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-09 22:53 . 2009-04-09 22:53 -------- d-----w c:\program files\Alwil Software
2009-04-06 22:01 . 2008-04-25 02:16 -------- d-----w c:\programdata\Hewlett-Packard
2009-04-06 21:57 . 2009-04-06 21:57 -------- d-----w c:\program files\Yahoo!
2009-04-06 21:56 . 2008-04-25 01:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 21:50 . 2009-04-06 20:10 -------- d-----w c:\program files\HPQ
2009-04-06 21:50 . 2009-04-06 21:50 -------- d-----w c:\program files\Common Files\LightScribe
2009-04-06 20:18 . 2009-04-06 20:15 -------- d-----w c:\program files\HP Games
2009-04-06 20:15 . 2008-04-25 02:05 -------- d-----w c:\program files\CyberLink
2009-04-06 20:11 . 2008-04-25 01:01 -------- d-----w c:\program files\Hewlett-Packard
2009-04-06 20:08 . 2008-04-25 02:03 -------- d-----w c:\program files\HP
2009-04-06 20:05 . 2009-04-06 20:05 -------- d-----w c:\program files\WinTV
2009-04-06 20:05 . 2009-04-06 20:05 -------- d-----w c:\program files\Broadcom
2009-04-06 20:04 . 2007-10-08 20:27 87328 ----a-w c:\windows\System32\bcmwlcoi.dll
2009-04-06 20:04 . 2007-10-08 20:21 3481600 ----a-w c:\windows\System32\bcmihvsrv.dll
2009-04-06 20:04 . 2009-04-06 20:02 -------- d-----w c:\program files\CONEXANT
2009-04-06 20:02 . 2009-04-06 20:02 -------- d-----w c:\program files\NetWaiting
2009-04-06 20:01 . 2009-04-06 20:01 -------- d-----w c:\program files\Synaptics
2009-02-09 03:10 . 2009-04-10 01:43 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( [email protected]_00.31.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-17 01:50 . 2008-05-30 18:17 65032 c:\windows\System32\XAPOFX1_0.dll
+ 2009-04-17 01:50 . 2008-05-30 18:17 25608 c:\windows\System32\X3DAudio1_4.dll
+ 2009-04-17 01:50 . 2008-03-05 20:00 25608 c:\windows\System32\X3DAudio1_3.dll
+ 2009-04-06 21:47 . 2009-04-17 04:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-06 21:47 . 2009-04-17 00:26 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-06 21:47 . 2009-04-17 04:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-06 21:47 . 2009-04-17 00:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-06 21:47 . 2009-04-17 00:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-06 21:47 . 2009-04-17 04:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-17 01:50 . 2008-05-30 18:19 507400 c:\windows\System32\XAudio2_1.dll
+ 2009-04-17 01:50 . 2008-03-05 20:03 479752 c:\windows\System32\XAudio2_0.dll
+ 2009-04-17 01:50 . 2008-05-30 18:18 238088 c:\windows\System32\xactengine3_1.dll
+ 2009-04-17 01:50 . 2008-03-05 20:03 238088 c:\windows\System32\xactengine3_0.dll
+ 2009-04-17 01:50 . 2007-10-22 07:39 267272 c:\windows\System32\xactengine2_10.dll
- 2006-11-02 10:33 . 2009-04-17 00:22 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-17 04:57 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-17 00:22 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-04-17 04:57 101350 c:\windows\System32\perfc009.dat
+ 2009-04-17 01:50 . 2008-05-30 18:11 467984 c:\windows\System32\d3dx10_38.dll
+ 2009-04-17 01:50 . 2008-02-06 03:07 462864 c:\windows\System32\d3dx10_37.dll
+ 2009-04-17 01:50 . 2007-10-02 13:56 444776 c:\windows\System32\d3dx10_36.dll
+ 2006-11-02 12:47 . 2009-04-17 00:31 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-17 00:25 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-17 01:50 . 2008-05-30 18:11 3850760 c:\windows\System32\D3DX9_38.dll
+ 2009-04-17 01:50 . 2008-03-05 19:56 3786760 c:\windows\System32\D3DX9_37.dll
+ 2009-04-17 01:50 . 2007-10-12 19:14 3734536 c:\windows\System32\d3dx9_36.dll
+ 2009-04-17 01:50 . 2008-05-30 18:11 1491992 c:\windows\System32\D3DCompiler_38.dll
+ 2009-04-17 01:50 . 2008-03-05 19:56 1420824 c:\windows\System32\D3DCompiler_37.dll
+ 2009-04-17 01:50 . 2007-10-12 19:14 1374232 c:\windows\System32\D3DCompiler_36.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{95FD1396-40DA-4DD2-8C16-0DE73B59F2D7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3B2FA866-4202-4DC0-992B-A9BFAAE96D7D}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4ABA226C-6923-44AC-94F0-0DB97D786FC4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{488C171A-F058-4729-9BD8-D304680A1CA1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{668E7617-18FE-4F3A-BC36-FF63DC2A4F87}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{99C7A66D-D16F-46E5-9AD2-EEB2F28C60DB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0ECC5AB-7509-46A6-BA7E-9779F7C1DC83}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E494C045-02AD-4BDD-82CC-CF666E9105E4}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B428A244-7BFB-43FC-AB39-6BE24DCAABD5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D3F43D71-BF0F-44ED-B946-59020355C43E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A71E194E-2C2F-4647-BCEC-F8C9A9E4930D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1A42E11F-89A0-4A94-BE0F-1D3F9239D560}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{D7F06075-0713-48B7-B1FD-745229FBEF54}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{F7ADBFE2-AB3B-4BC9-AFC9-EEE6268F9CA9}"= UDP:5353:Adobe CSI CS4
"{4CC98D02-773A-4035-B6CF-323118E90DBA}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{015EF6B4-97CE-4B80-8B78-B2B992A50E28}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ZuriPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\yog1abuh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\ZuriPhoenix\AppData\Roaming\Mozilla\Firefox\Profiles\yog1abuh.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-04-17 01:01
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-17 1:03
ComboFix-quarantined-files.txt 2009-04-17 05:03
ComboFix2.txt 2009-04-17 00:33

Pre-Run: 159,675,793,408 bytes free
Post-Run: 159,669,968,896 bytes free

312 --- E O F --- 2009-04-13 18:25
ZuriPhoenix is offline  
Old 04-17-2009, 03:14 AM   #10
Registered Member
 
Join Date: Apr 2009
Posts: 32
OS: Laptop - Windows 7 (32-bit) & Desktop - Windows 7 (64-bit)



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, April 17, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, April 17, 2009 05:10:49
Records in database: 2052482
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 256337
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:26:35

No malware has been detected. The scan area is clean.

The selected area was scanned.
ZuriPhoenix is offline  
Old 04-17-2009, 05:53 AM   #11
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



The logs are coming up clean. How is the system behaving?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-17-2009, 09:34 AM   #12
Registered Member
 
Join Date: Apr 2009
Posts: 32
OS: Laptop - Windows 7 (32-bit) & Desktop - Windows 7 (64-bit)



Its back to normal i believe. I just asked my mother, and she said the win32 box no longer pops-up when she logs into her user account.

Thank You Very Much !!
ZuriPhoenix is offline  
Old 04-17-2009, 09:54 AM   #13
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome.

Remind her to have that computer at work checked.


Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.



To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


Scan here https://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 04-17-2009, 10:24 AM   #14
Registered Member
 
Join Date: Apr 2009
Posts: 32
OS: Laptop - Windows 7 (32-bit) & Desktop - Windows 7 (64-bit)



Ok, combofix is uninstalled, and i installed spyware blaster.
I will definitely read the articles.
ZuriPhoenix is offline  
Old 04-17-2009, 10:40 AM   #15
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Great.

Now you can enjoy the weekend.

Take care.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:05 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts