Tech Support Forum banner
Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
27 Posts
Discussion Starter · #1 ·
Here's the dds log for my desktop computer. I see where Norton looks to be enabled. I dont have it running, please let me know if I need to rerun the logs as a result of Norton. I dont have the boot disk for this computer.

This is the computer that I attempted to remove the malware myself.

Thank you for your help! Clint

DDS (Ver_09-11-24.02) - NTFSx86
Run by Owner at 14:57:53.82 on Fri 12/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.411 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 091211-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnybbsvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Virus 11.09\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TivoTransfer] "c:\program files\common files\tivo shared\transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [MoneyBackgoundBanking] "c:\program files\microsoft money plus\mnycorefiles\mnybbsvc.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Iomega Automatic Backup 1.0.1] c:\program files\iomega\iomega automatic backup\ibackup.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office97\office\FINDFAST.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: bestbuy.com\www
Trusted Zone: evite.com\www
Trusted Zone: southerncompany.com\customerservice
Trusted Zone: whataboutadog.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - hxxp://www.streamaudio.com/download/ccpm_0237.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/017faf73e6b069c35c03/netzip/RdxIE601.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136646024953
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.adoramapix.com/components/aurigma/ImageUploader4.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - hxxp://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37696.2488078704
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://extender.cobbk12.org/CSHELL/extender.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = :\windows\syste scecli

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-2 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-2 20560]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2007-6-10 331870]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2002-3-2 34712]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2007-9-25 867328]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2007-6-10 110160]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [2004-9-22 227200]
S3 DCamUSBAlaris;ALARIS QuickVideo weeCam USB;c:\windows\system32\drivers\DVC2USB.sys [2000-4-5 107464]
S3 PCDRDRV;Pcdr Helper Driver;c:\windows\system32\drivers\pcdrdrv.sys --> c:\windows\system32\drivers\PCDRDRV.sys [?]

=============== Created Last 30 ================

2009-12-11 19:57:27 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2009-12-11 16:37:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-04 01:25:26 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2009-12-04 01:18:49 0 d-sh--w- c:\documents and settings\owner\IETldCache
2009-12-03 12:04:53 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-03 12:04:26 0 d-----w- c:\windows\ie8updates
2009-12-03 12:02:18 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-03 12:02:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-03 12:02:17 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-03 12:02:17 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-03 12:02:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-03 12:02:15 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-03 11:59:53 0 dc-h--w- c:\windows\ie8
2009-12-03 00:40:19 1292 ----a-w- c:\windows\system32\ifmona.dat
2009-12-03 00:40:19 1162 ----a-w- c:\windows\system32\mswmdu.dat
2009-12-03 00:36:06 0 ----a-w- c:\windows\system32\wmill.dat
2009-12-02 23:55:27 8632 ----a-w- c:\windows\system32\vss_pdwt.dat
2009-12-02 23:55:27 313 ----a-w- c:\windows\system32\xenrolls.dat
2009-12-02 23:55:27 1397 ----a-w- c:\windows\system32\feclpent.dat
2009-12-02 23:55:27 0 ----a-w- c:\windows\system32\dcccp1w6.dat
2009-12-01 02:18:38 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-12-01 02:18:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 02:18:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 02:18:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 02:18:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-01 02:04:03 5254 ----a-w- c:\windows\system32\tmp.reg
2009-11-24 17:31:16 0 ----a-w- c:\windows\system32\18467.exe
2009-11-24 17:11:16 0 ----a-w- c:\windows\system32\41.exe

==================== Find3M ====================

2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-25 05:37:10 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2005-03-13 20:30:08 344378270 ----a-w- c:\program files\GTAINSTALLER.ZIP
2005-01-07 23:10:53 10196480 -c--a-w- c:\program files\TiVoDesktop2-0.exe
2001-07-22 02:45:40 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 14:59:21.59 ===============
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hi Clint. I'm glad you posted this for me, infections are still present.

Please go to this site and follow the instructions for downloading and running
Symantec Removal Tool.

After you've done that, download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
 

·
Registered
Joined
·
27 Posts
Discussion Starter · #3 ·
Here's the combofix log. Thank you, Clint


ComboFix 09-12-11.05 - Owner 12/13/2009 12:14:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.547 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091213-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Owner\My Documents\ZbThumbnail.info
c:\recycler\S-1-5-21-2020637620-2857422465-3585186845-1003
c:\recycler\S-1-5-21-2304659736-2826650621-2974146706-1003
c:\recycler\S-1-5-21-839522115-448539723-682003330-1003
c:\windows\desktop
c:\windows\desktop\FASTBeam.lnk
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\system\oeminfo.ini
c:\windows\system32\18467.exe
c:\windows\system32\41.exe
c:\windows\system32\ps2.bat
c:\windows\system32\tmp.reg
c:\windows\system32\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2009-11-13 to 2009-12-13 )))))))))))))))))))))))))))))))
.

2009-12-12 03:49 . 2009-12-12 03:49 -------- d-----w- c:\program files\WOT
2009-12-11 19:57 . 2009-12-11 19:57 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-12-11 16:37 . 2009-12-11 16:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-11 16:24 . 2009-12-11 16:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-12-04 01:35 . 2009-12-04 01:35 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-04 01:25 . 2009-12-04 01:25 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-12-04 01:18 . 2009-12-04 01:18 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-12-03 12:04 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-03 12:04 . 2009-12-12 04:04 -------- d-----w- c:\windows\ie8updates
2009-12-03 12:02 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-03 12:02 . 2009-10-29 07:45 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-03 12:02 . 2009-10-29 07:45 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-03 12:02 . 2009-10-29 07:45 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-03 12:02 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-03 12:02 . 2009-10-29 07:45 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-03 11:59 . 2009-12-03 12:02 -------- dc-h--w- c:\windows\ie8
2009-12-03 00:40 . 2009-12-13 16:58 1609 ----a-w- c:\windows\system32\ifmona.dat
2009-12-03 00:40 . 2009-12-13 16:58 1479 ----a-w- c:\windows\system32\mswmdu.dat
2009-12-03 00:36 . 2009-12-13 16:57 0 ----a-w- c:\windows\system32\wmill.dat
2009-12-03 00:08 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-03 00:08 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-03 00:08 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-03 00:08 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-03 00:08 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-03 00:08 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-03 00:08 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-03 00:08 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-03 00:08 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-03 00:08 . 2009-12-03 00:08 -------- d-----w- c:\program files\Alwil Software
2009-12-02 23:55 . 2009-12-13 17:28 602 ----a-w- c:\windows\system32\feclpent.dat
2009-12-02 23:55 . 2009-12-13 17:28 4707 ----a-w- c:\windows\system32\vss_pdwt.dat
2009-12-02 23:55 . 2009-12-13 17:28 0 ----a-w- c:\windows\system32\dcccp1w6.dat
2009-12-02 23:55 . 2009-12-13 16:55 313 ----a-w- c:\windows\system32\xenrolls.dat
2009-12-01 02:18 . 2009-12-01 02:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-12-01 02:18 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 02:18 . 2009-12-01 02:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 02:18 . 2009-12-01 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-01 02:18 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 20:24 . 2004-12-16 00:51 -------- d-----w- c:\program files\Symantec
2009-12-12 20:22 . 2002-04-10 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-12 20:20 . 2004-12-16 00:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-11 16:37 . 2004-07-10 20:27 -------- d-----w- c:\program files\Java
2009-12-11 16:22 . 2008-01-09 02:11 -------- d-----w- c:\documents and settings\Owner\Application Data\ZoomBrowser EX
2009-12-11 01:35 . 2008-01-07 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-12-06 15:44 . 2002-03-02 03:19 -------- d-----w- c:\program files\QuickTime
2009-12-05 01:09 . 2001-10-19 17:38 -------- d-----w- c:\program files\Microsoft Money
2009-12-01 23:31 . 2006-04-18 00:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-01 23:29 . 2006-04-18 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-07 19:23 . 2008-08-29 00:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-11-03 01:42 . 2009-10-03 02:25 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2004-08-20 23:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 15:35 . 2009-10-25 15:35 -------- d-----w- c:\program files\CCleaner
2009-10-25 15:21 . 2001-10-19 17:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-20 23:56 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-20 23:56 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-20 23:56 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-22 19:23 . 2002-04-20 00:18 253344 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-03-13 20:30 . 2005-03-13 20:28 344378270 ----a-w- c:\program files\GTAINSTALLER.ZIP
2005-01-07 23:10 . 2005-01-07 23:08 10196480 -c--a-w- c:\program files\TiVoDesktop2-0.exe
2001-07-22 02:45 . 2001-07-22 02:45 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-20 23:56 551936 --sh--w- c:\windows\SYSTEM32\oleaut32.dll
2008-04-14 00:12 . 2004-08-20 23:56 11776 --sh--w- c:\windows\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2001-09-05 08:00 . 2001-07-06 21:56 61440 c:\hp\KBD\bak\KBD.EXE

2007-05-11 07:06 . 2007-05-11 07:06 40048 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

2005-01-08 22:13 . 2004-09-29 12:15 344064 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2004-07-10 19:00 . 2002-09-11 01:26 368706 c:\program files\BroadJump\Client Foundation\bak\CFD.exe

2007-04-01 02:58 . 2004-04-13 19:07 69632 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe

2007-04-01 02:58 . 2004-04-18 01:41 196608 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

2003-01-13 18:05 . 2003-01-13 18:05 69632 c:\program files\Common Files\Roxio Shared\System\bak\EngUtil.exe

2005-08-04 10:12 . 2005-08-04 10:12 1123328 c:\program files\Common Files\TiVo Shared\Transfer\bak\TivoTransfer.exe
2007-09-25 15:33 . 2007-09-25 15:33 1195008 c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

2007-01-01 21:22 . 2007-01-01 21:22 3739648 c:\program files\Google\Google Talk\bak\googletalk.exe

2001-07-09 19:06 . 2001-08-14 03:23 45056 c:\program files\HPSelect\frontend\bak\ct.exe

2002-10-15 15:32 . 2002-10-15 15:32 3014656 c:\program files\Iomega\Iomega Automatic Backup\bak\ibackup.exe
2002-10-15 15:32 . 2002-10-15 15:32 3014656 c:\program files\Iomega\Iomega Automatic Backup\iBackup.exe

2007-08-15 10:37 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2004-06-03 08:50 . 2004-06-03 08:50 204800 c:\program files\Microsoft IntelliPoint\bak\point32.exe

2000-08-16 00:25 . 2000-08-16 00:25 28739 c:\program files\Microsoft Works\bak\WkDetect.exe

2007-06-15 23:15 . 2007-06-15 23:15 366400 c:\program files\Picasa\Google\Picasa3\bak\PicasaMediaDetector.exe

2004-08-22 14:43 . 2004-08-22 14:43 77824 c:\program files\QuickTime\bak\qttask.exe
2009-11-11 04:08 . 2009-11-11 04:08 417792 c:\program files\QuickTime\QTTask.exe

2003-01-09 13:21 . 2003-01-09 13:21 253952 c:\program files\Roxio\Easy CD Creator 6\AudioCentral\bak\RxMon.exe

2003-01-13 14:19 . 2003-01-13 14:19 757760 c:\program files\Roxio\Easy CD Creator 6\DragToDisc\bak\DrgToDsc.exe

2003-05-08 16:00 . 2003-05-08 16:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe

2005-08-04 10:14 . 2005-08-04 10:14 1860608 c:\program files\TiVo\Desktop\bak\TiVoServer.exe
2007-09-25 15:35 . 2007-09-25 15:35 1495040 c:\program files\TiVo\Desktop\TiVoServer.exe

2004-12-23 00:26 . 1997-11-23 09:16 20992 c:\program files\Ulead Systems\Ulead PhotoImpact 4.2\SSaver\bak\Ussshreg.exe

2006-11-03 23:20 . 2006-11-03 23:20 866584 c:\program files\Windows Defender\bak\MSASCui.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\xenrolls]
@="{50393AB7-3A29-9C93-CA3D-1C12543DB6DE}"
[HKEY_CLASSES_ROOT\CLSID\{50393AB7-3A29-9C93-CA3D-1C12543DB6DE}]
2004-07-17 18:39 131072 ----a-w- c:\windows\SYSTEM32\xenrolls.ocx

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-09-25 1195008]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2007-09-25 384000]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2007-09-25 1495040]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"MoneyBackgoundBanking"="c:\program files\Microsoft Money Plus\MNYCoreFiles\mnybbsvc.exe" [2008-02-19 53264]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-11 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Automatic Backup 1.0.1"="c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-24 113664]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office97\Office\FINDFAST.EXE [1997-7-11 122880]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ccpm_0237.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\drivers\aswSP.sys [12/2/2009 7:08 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\drivers\aswFsBlk.sys [12/2/2009 7:08 PM 20560]
R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [6/10/2007 3:48 PM 331870]
R2 mrtRate;mrtRate;c:\windows\SYSTEM32\drivers\MrtRate.sys [3/2/2002 2:13 PM 34712]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [9/25/2007 10:33 AM 867328]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\SYSTEM32\drivers\vna.sys [6/10/2007 3:48 PM 110160]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\SYSTEM32\drivers\cccp106.sys [9/22/2004 7:30 PM 227200]
S3 DCamUSBAlaris;ALARIS QuickVideo weeCam USB;c:\windows\SYSTEM32\drivers\DVC2USB.sys [4/5/2000 3:43 PM 107464]
S3 PCDRDRV;Pcdr Helper Driver;c:\windows\system32\drivers\PCDRDRV.sys --> c:\windows\system32\drivers\PCDRDRV.sys [?]
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: bestbuy.com\www
Trusted Zone: evite.com\www
Trusted Zone: southerncompany.com\customerservice
Trusted Zone: whataboutadog.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://extender.cobbk12.org/CSHELL/extender.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 12:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2009-12-13 12:50:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-13 17:49

Pre-Run: 4,967,923,712 bytes free
Post-Run: 5,390,217,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows Whistler Personal" /fastdetect /NoExecute=OptIn

- - End Of File - - 34A90F6962A1774636A910A7F238C2F5
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Clint,

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

I still see an entry related to the AWF infection you had. As such, it is necessary to run the following tool:

Right click on this link http://www.mvps.org/winhelp2002/DelDomains.inf and choose Save As.
  • Save it to your desktop.
  • Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards.
  • NOTE: This script will delete all sites added to the Trusted Sites. I see you do have legit sites in the zone as well, so if you want them back you will have to do so manually again. Given the AV and firewall I see on the system though, there should be no need to place any site in a Trusted Zone.

================================


Open Notepad and copy/paste the contents in the quote box below, into Notepad.

@echo off
if exist %%g echo.%%~g>>"%temp%\log.txt"
for %%g in (
"c:\hp\KBD\bak"
"c:\program files\Adobe\Reader 8.0\Reader\bak"
"c:\program files\ATI Technologies\ATI Control Panel\bak"
"c:\program files\BroadJump\Client Foundation\bak"
"c:\program files\Common Files\InstallShield\UpdateService\bak"
"c:\program files\Common Files\InstallShield\UpdateService\bak"
"c:\program files\Common Files\Roxio Shared\System\bak"
"c:\program files\Common Files\TiVo Shared\Transfer\bak"
"c:\program files\Google\Google Talk\bak"
"c:\program files\HPSelect\frontend\bak"
"c:\program files\Iomega\Iomega Automatic Backup\bak"
"c:\program files\Java\jre1.6.0_02\bin\bak"
"c:\program files\Microsoft IntelliPoint\bak"
"c:\program files\Microsoft Works\bak"
"c:\program files\Picasa\Google\Picasa3\bak"
"c:\program files\QuickTime\bak"
"c:\program files\Roxio\Easy CD Creator 6\AudioCentral\bak"
"c:\program files\Roxio\Easy CD Creator 6\DragToDisc\bak"
"c:\program files\ScanSoft\OmniPageSE2.0\bak"
"c:\program files\TiVo\Desktop\bak"
"c:\program files\Ulead Systems\Ulead PhotoImpact 4.2\SSaver\bak"
"c:\program files\Windows Defender\bak"
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:


Double click on fix.bat & allow it to run. Post back and tell me what it says.

==========================

As we did for your desktop, we need to run an online scan on this machine as well to search for any other remnants that may be lurking about. It will take some time, so please be patient and allow it to run it's full course:

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
 

·
Registered
Joined
·
27 Posts
Discussion Starter · #5 ·
fix.bat returned a onliner that said "successful". kaspersky is below. thank you!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 16, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 16, 2009 03:34:45
Records in database: 3376997
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 176477
Threats found: 8
Infected objects found: 11
Suspicious objects found: 0
Scan duration: 10:06:47


File name / Threat / Threats count
C:\Documents and Settings\Owner\.housecall\Quarantine\ScreensaversInst.dll.bac_a01948 Infected: not-a-virus:AdWare.Win32.Comet.c 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0192139.EXE.bac_a02948 Infected: not-a-virus:AdWare.Win32.MyWay.z 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\A0192140.ocx.bac_a02948 Infected: not-a-virus:AdWare.Win32.Coupons.h 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\AGASetup0609.exe.bac_a02764 Infected: not-a-virus:AdWare.Win32.Gator.3102 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\cpbrkpie.ocx.bac_a00940 Infected: not-a-virus:AdWare.Win32.Coupons.h 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\ScreensaversInst.dll.bac_a01948 Infected: not-a-virus:AdWare.Win32.Comet.c 1
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\sexybabes.EXE.bac_a00940 Infected: not-a-virus:AdWare.Win32.MyWay.z 1
C:\Program Files\VNC\vnc-4_1_1-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 1
C:\Program Files\VNC\vnc-4_1_1-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP2283\A0296471.exe Infected: Trojan.Win32.FraudPack.abel 1
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP2283\A0296472.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 1

Selected area has been scanned.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Very good. Empty the Trend Micro housecall quarantine folder. The remaining findings shall be taken care of during the uninstall of ComboFix.

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT - Web of Trust. This is a free browser add on that warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and IE.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.


- Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

- Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


Please take some time to read the following articles. I think you'll find them quite enlightening:



-----------------------------------------------------


**Kindly respond one more time and let me know if we may consider this thread resolved.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top