Tech Support banner

Status
Not open for further replies.
1 - 14 of 14 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter #1
Okay so ever since yesterday I saw this Red circle with an X on my taskbar on the right close to my clock. When I pass my mouse around the Red Circle it says "Your computer is infected" and it looks like this.
:upset:

I tried clicking on the bubble and it takes me to my command script and an alert pops up saying "The NTVDM CPU has encountered an illegal instruction."

Would somebody please help me get rid of this weird Red Circle! please please!!:sigh: and Thank you.

here is my HighJack This Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:54, on 10/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Digital Media Reader\bak\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.ciscering.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://video.wbla.com/cab/IDMFlash.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222497502203
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9934 bytes
 

·
Registered
Joined
·
3,217 Posts
Re: Red circle with an X saying my computer is infected!

Hi there irv08

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Please copy and paste any requested logs into replies rather than add as attachments, this makes it easier for analysis.

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

  • Please download RSIT by random/random and save it to your desktop.
  • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
  • Please attach info.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\rsit\info.txt
  3. Click Upload.
 

·
Registered
Joined
·
7 Posts
Discussion Starter #3
Re: Red circle with an X saying my computer is infected!

Okay, yes I understand that the fix is only for my computer
Thank you soo much for helping! I truly I appreciate it!:grin:




Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-16 15:10:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 153 GB (82%) free of 186 GB
Total RAM: 382 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:27, on 10/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Digital Media Reader\bak\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.ciscering.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://video.wbla.com/cab/IDMFlash.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222497502203
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9733 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A83E3B29-F2B2-44E5-808D-692D98FFA176}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2007-09-25 24592]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-09-25 24592]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe [2007-09-25 24592]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2007-09-25 24592]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-09-25 24592]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2007-09-25 24592]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2007-09-25 24592]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2007-09-25 24592]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-09-25 24592]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-25 24592]
"AIMPro"=C:\Program Files\AIM\AIM Pro\aimpro.exe []
"brastk"=C:\WINDOWS\brastk.exe [2008-10-14 9728]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-03-15 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-25 24592]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2004-11-22 307200]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605815c7-2899-11da-8157-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


======List of files/folders created in the last 1 months======

2008-10-16 15:10:07 ----D---- C:\rsit
2008-10-14 14:53:30 ----A---- C:\WINDOWS\resetlog.txt
2008-10-14 14:32:58 ----D---- C:\Program Files\Spyware Doctor
2008-10-14 14:32:58 ----D---- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-10-14 14:14:02 ----D---- C:\Program Files\Trend Micro
2008-10-14 12:50:14 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-14 12:50:03 ----A---- C:\rapport.txt
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\swsc.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-10-14 12:49:39 ----A---- C:\WINDOWS\system32\swreg.exe
2008-10-14 12:49:39 ----A---- C:\WINDOWS\system32\Process.exe
2008-10-14 10:02:22 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-14 00:50:19 ----D---- C:\Program Files\Panda Security
2008-10-14 00:44:55 ----A---- C:\WINDOWS\system32\wini10252.exe
2008-10-14 00:44:13 ----A---- C:\WINDOWS\brastk.exe
2008-09-28 15:14:35 ----D---- C:\WINDOWS\BDOSCAN8
2008-09-27 10:21:45 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-27 10:21:45 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-23 17:46:32 ----A---- C:\WINDOWS\system32\unicows.dll

======List of files/folders modified in the last 1 months======

2008-10-16 15:10:14 ----D---- C:\WINDOWS\Prefetch
2008-10-16 14:11:18 ----D---- C:\WINDOWS\Temp
2008-10-16 14:11:13 ----A---- C:\WINDOWS\win.ini
2008-10-16 01:46:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-15 23:33:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-15 23:33:10 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-15 23:29:47 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-10-15 20:48:24 ----SHD---- C:\WINDOWS\Installer
2008-10-15 20:48:23 ----D---- C:\WINDOWS\WinSxS
2008-10-15 20:48:19 ----D---- C:\Config.Msi
2008-10-15 20:48:18 ----D---- C:\Program Files\MSN Messenger
2008-10-15 20:48:17 ----D---- C:\WINDOWS\system32
2008-10-15 18:07:11 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-10-15 17:53:02 ----D---- C:\WINDOWS
2008-10-15 17:50:50 ----HD---- C:\WINDOWS\inf
2008-10-15 17:50:45 ----A---- C:\WINDOWS\system.ini
2008-10-15 17:50:44 ----RSD---- C:\WINDOWS\Fonts
2008-10-15 11:53:27 ----D---- C:\WINDOWS\network diagnostic
2008-10-14 20:21:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-14 14:33:29 ----D---- C:\WINDOWS\system32\drivers
2008-10-14 14:32:58 ----RD---- C:\Program Files
2008-10-14 14:15:59 ----D---- C:\Program Files\AIM
2008-10-14 14:15:52 ----D---- C:\Documents and Settings\Owner\Application Data\Aim
2008-10-14 14:05:33 ----RASH---- C:\boot.ini
2008-10-14 14:00:40 ----D---- C:\WINDOWS\Minidump
2008-10-14 14:00:40 ----D---- C:\WINDOWS\Debug
2008-10-14 10:03:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-14 09:36:08 ----D---- C:\Program Files\Common Files
2008-10-14 02:30:03 ----D---- C:\Program Files\Norton AntiVirus
2008-10-14 01:36:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-03 11:38:13 ----D---- C:\Program Files\Internet Explorer
2008-09-23 22:24:01 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-09-17 16:16:06 ----HD---- C:\Documents and Settings\Owner\Application Data\Move Networks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-07-22 231168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070822.009\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070822.009\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-14 70144]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20081014.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 245376]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-04 59136]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver; C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-31 106496]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-11-13 317128]
R2 ccPxySvc;Symantec Proxy Service; C:\Program Files\Norton Internet Security\ccPxySvc.exe [2002-11-14 34496]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 NISUM;Norton Internet Security Accounts Manager; C:\Program Files\Norton Internet Security\NISUM.EXE [2002-11-14 140992]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-08-06 172032]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-02 99352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-31 501048]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
 

Attachments

·
Registered
Joined
·
3,217 Posts
Re: Red circle with an X saying my computer is infected!

Hi there irv08

I see a couple of items in there that need attention.

First can I just ask about your anti-virus. Your log is reporting the following:

AV: Norton AntiVirus (disabled) (outdated)
FW: Norton Internet Security (disabled)


Is there any reason for it showing disabled/outdated ie: are you unable to update it? have the subsciptions ran out? If this is the case we can replace it with a free antivirus to protect your system

We will continue the fix with combofix.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

C:\ComboFix.txt
New HijackThis log.
 

·
Registered
Joined
·
7 Posts
Discussion Starter #5
Re: Red circle with an X saying my computer is infected!

Hello

Yes I haven't been able to update my Norton Antivirus since my subscriptions ran out.

I downloaded Big Fix
However, the first window about checking if my computer's Recovery Console is installed didn't come out. It just went staright to scanning.

And I really don't know how to install my Recovery Console.

Here is the log it gave me:


ComboFix 08-10-16.04 - Owner 2008-10-16 18:50:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.152 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpa.exe.tmp
C:\WINDOWS\brastk.exe
C:\WINDOWS\system32\wini10252.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.

2008-10-16 15:10 . 2008-10-16 15:10 <DIR> d-------- C:\rsit
2008-10-14 14:33 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-14 14:33 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-14 14:33 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-14 14:33 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-14 14:32 . 2008-10-14 14:33 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-10-14 14:32 . 2008-10-14 14:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-10-14 14:14 . 2008-10-14 14:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-14 12:50 . 2008-10-14 13:39 3,092 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-14 10:02 . 2008-10-14 14:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-14 01:44 . 2008-10-14 01:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-14 01:44 . 2008-10-14 01:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-14 00:50 . 2008-10-14 00:50 <DIR> d-------- C:\Program Files\Panda Security
2008-10-14 00:50 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-28 15:14 . 2008-09-28 15:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-09-28 14:50 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-28 13:27 . 2008-09-28 14:57 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-09-27 10:21 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-27 10:21 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-23 17:46 . 2008-09-23 17:46 245,408 --a------ C:\WINDOWS\system32\unicows.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 23:29 27,110 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-10-16 19:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-10-16 01:48 --------- d-----w C:\Program Files\MSN Messenger
2008-10-15 01:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-14 19:15 --------- d-----w C:\Program Files\AIM
2008-10-14 19:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-10-14 07:30 --------- d-----w C:\Program Files\Norton AntiVirus
2008-10-10 13:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 13:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 20:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-17 21:16 --------- d--h--w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-09-11 20:55 --------- d-----w C:\Program Files\Styler
2008-09-11 20:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\ViStart
2008-09-11 20:21 --------- d-----w C:\Program Files\WinFlip
2008-09-11 20:21 --------- d-----w C:\Program Files\TrueTransparency
2008-09-11 20:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Styler
2008-09-09 04:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-18 17:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-05 22:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-08-05 17:35 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2006-08-21 20:50 32 --sha-w C:\WINDOWS\{A2F545EE-C1F5-4945-A121-F9C16718B86A}.dat
2006-08-21 20:49 32 --sha-w C:\WINDOWS\{CFE28BF2-5F86-4D1F-840E-79B0ED8FCF45}.dat
2006-08-21 20:50 32 --sha-w C:\WINDOWS\system32\{7C67F7A2-638E-4682-9822-0CEEB1D2EF7D}.dat
2006-08-21 20:49 32 --sha-w C:\WINDOWS\system32\{BAAEE2C9-7F3E-4573-9480-04D42CA61A21}.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 2,019,328 2007-05-03 22:43:38 C:\Documents and Settings\Owner\My Documents\My Videos\Veoh\AppBackup\bak\VeohClient.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Documents and Settings\Owner\My Documents\My Videos\Veoh\AppBackup\VeohClient.exe

----a-w 2,019,328 2007-05-03 22:43:38 C:\Documents and Settings\Owner\My Documents\Veoh\bak\VeohClient.exe

----a-w 67,112 2006-08-01 20:35:36 C:\Program Files\AIM\bak\aim.exe

----a-w 180,269 2005-11-22 00:22:47 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

----a-w 54,296 2003-12-02 21:11:04 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

----a-w 58,392 2003-12-02 21:11:12 C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

----a-w 135,168 2004-11-15 22:04:32 C:\Program Files\Digital Media Reader\bak\shwiconem.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\Digital Media Reader\shwiconem.exe

----a-w 68,856 2007-06-02 18:36:32 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

----a-w 271,672 2007-07-31 23:44:42 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 28,739 2000-08-08 20:00:00 C:\Program Files\Microsoft Works\bak\WkDetect.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\Microsoft Works\WkDetect.exe

----a-w 24,576 2000-08-08 20:00:00 C:\Program Files\Microsoft Works\bak\wkfud.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\Microsoft Works\wkfud.exe

----a-w 286,720 2007-06-29 11:24:52 C:\Program Files\QuickTime\bak\QTTask.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\QuickTime\QTTask.exe

----a-w 53,248 2002-02-05 03:32:10 C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\REGSHAVE\REGSHAVE.EXE

----a-w 100,056 2006-08-21 21:39:07 C:\Program Files\SymNetDrv\bak\SNDMon.exe
----a-w 24,592 2007-09-26 02:20:37 C:\Program Files\SymNetDrv\SNDMon.exe

----a-w 15,360 2004-08-04 19:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 19:00:00 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [N/A]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 24592]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2007-09-25 24592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-25 24592]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2007-09-25 24592]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2007-09-25 24592]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-09-25 24592]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2007-09-25 24592]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-25 24592]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2007-09-25 24592]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-09-25 24592]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-25 24592]
"AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" [N/A]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-03-15 966656]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-06 1742384]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-08 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19046:TCP"= 19046:TCP:pORT_19046
"39691:TCP"= 39691:TCP:pORT_39691
"50098:TCP"= 50098:TCP:pORT_50098
"62371:TCP"= 62371:TCP:pORT_62371
"32805:TCP"= 32805:TCP:pORT_32805
"10457:TCP"= 10457:TCP:pORT_10457
"16383:TCP"= 16383:TCP:pORT_16383
"28930:TCP"= 28930:TCP:pORT_28930
"36573:TCP"= 36573:TCP:pORT_36573
"17904:TCP"= 17904:TCP:pORT_17904
"15297:TCP"= 15297:TCP:pORT_15297
"62043:TCP"= 62043:TCP:pORT_62043
"11403:TCP"= 11403:TCP:pORT_11403
"34266:TCP"= 34266:TCP:pORT_34266
"7106:TCP"= 7106:TCP:pORT_7106
"56601:TCP"= 56601:TCP:pORT_56601
"5148:TCP"= 5148:TCP:pORT_5148
"14137:TCP"= 14137:TCP:pORT_14137
"56625:TCP"= 56625:TCP:pORT_56625
"53730:TCP"= 53730:TCP:pORT_53730
"60636:TCP"= 60636:TCP:pORT_60636
"60746:TCP"= 60746:TCP:pORT_60746
"31055:TCP"= 31055:TCP:pORT_31055
"13301:TCP"= 13301:TCP:pORT_13301
"55298:TCP"= 55298:TCP:pORT_55298
"49045:TCP"= 49045:TCP:pORT_49045
"16431:TCP"= 16431:TCP:pORT_16431
"47636:TCP"= 47636:TCP:pORT_47636
"15923:TCP"= 15923:TCP:pORT_15923
"34867:TCP"= 34867:TCP:pORT_34867
"49782:TCP"= 49782:TCP:pORT_49782
"5920:TCP"= 5920:TCP:pORT_5920
"60055:TCP"= 60055:TCP:pORT_60055
"27493:TCP"= 27493:TCP:pORT_27493
"44451:TCP"= 44451:TCP:pORT_44451
"33293:TCP"= 33293:TCP:pORT_33293
"58355:TCP"= 58355:TCP:pORT_58355
"14934:TCP"= 14934:TCP:pORT_14934
"39493:TCP"= 39493:TCP:pORT_39493
"26126:TCP"= 26126:TCP:pORT_26126
"28447:TCP"= 28447:TCP:pORT_28447
"32738:TCP"= 32738:TCP:pORT_32738
"40777:TCP"= 40777:TCP:pORT_40777
"26051:TCP"= 26051:TCP:pORT_26051
"61668:TCP"= 61668:TCP:pORT_61668
"64289:TCP"= 64289:TCP:pORT_64289
"9066:TCP"= 9066:TCP:pORT_9066
"13926:TCP"= 13926:TCP:pORT_13926
"65059:TCP"= 65059:TCP:pORT_65059
"61184:TCP"= 61184:TCP:pORT_61184
"55730:TCP"= 55730:TCP:pORT_55730
"42460:TCP"= 42460:TCP:pORT_42460
"49480:TCP"= 49480:TCP:pORT_49480
"31780:TCP"= 31780:TCP:pORT_31780
"12615:TCP"= 12615:TCP:pORT_12615
"23582:TCP"= 23582:TCP:pORT_23582

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605815c7-2899-11da-8157-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 13:15]

2008-09-27 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-10-16 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]

2008-10-16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A83E3B29-F2B2-44E5-808D-692D98FFA176}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 19:36]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\aug8e294.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 18:53:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-16 18:55:41
ComboFix-quarantined-files.txt 2008-10-16 23:55:38

Pre-Run: 160,890,224,640 bytes free
Post-Run: 161,090,203,648 bytes free

247 --- E O F --- 2008-01-14 19:43:11
 

·
Registered
Joined
·
3,217 Posts
Re: Red circle with an X saying my computer is infected!

Howdy there

First lets install the recovery console before we proceed further, lets try it this way.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'No' to exit ComboFix scan.
Next step....

Go to start menu - Select Run and in the command box type in notepad
Next - copy/paste the text in the code box below into it:

File::
C:\WINDOWS\{A2F545EE-C1F5-4945-A121-F9C16718B86A}.dat
C:\WINDOWS\{CFE28BF2-5F86-4D1F-840E-79B0ED8FCF45}.dat
C:\WINDOWS\system32\{7C67F7A2-638E-4682-9822-0CEEB1D2EF7D}.dat
C:\WINDOWS\system32\{BAAEE2C9-7F3E-4573-9480-04D42CA61A21}.dat

AWF::
C:\Documents and Settings\Owner\My Documents\My Videos\Veoh\AppBackup\bak\VeohClient.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe
C:\Program Files\Digital Media Reader\bak\shwiconem.exe
C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\Microsoft Works\bak\WkDetect.exe
C:\Program Files\Microsoft Works\bak\wkfud.exe
C:\Program Files\QuickTime\bak\QTTask.exe
C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE
C:\Program Files\SymNetDrv\bak\SNDMon.exe
C:\WINDOWS\system32\bak\ctfmon.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{605815c7-2899-11da-8157-806d6172696f}]
O15 - Trusted Zone: *.ciscering.com
O15 - Trusted Zone: *.whataboutadog.com


- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.



Combofix will then execute the script and produce a fresh log
Please post this back in your next reply

Next Steps....

I want you to run an online scan for me, first lets clear out any unwanted files

Download and scan with CCleaner lite
1.Double click the file and install ccleaner

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.
In the Applications Tab:
  • Clean all in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
This animation will guide you through the process:


**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


Once done post back in your next reply with:
>> The new combofix log
>> The log from kaspersky
>> A fresh HJT log

Also update me on how things are running
 

·
Registered
Joined
·
7 Posts
Discussion Starter #7
Re: Red circle with an X saying my computer is infected!

Hi!

Once again thanks for all your help.
My computer is actually running very well! The red circle is actually gone after the combofix!!
I don't notice my computer doing anything weird at the moment.

One problem though my Windows wont let me accept the donwload for the Kaspersky online scanner, It says Windows has blocked the software because it cannot verify the publisher.


Okay here is the new combofix log:


ComboFix 08-10-16.04 - Owner 2008-10-17 11:41:59.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.112 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\{A2F545EE-C1F5-4945-A121-F9C16718B86A}.dat
C:\WINDOWS\{CFE28BF2-5F86-4D1F-840E-79B0ED8FCF45}.dat
C:\WINDOWS\system32\{7C67F7A2-638E-4682-9822-0CEEB1D2EF7D}.dat
C:\WINDOWS\system32\{BAAEE2C9-7F3E-4573-9480-04D42CA61A21}.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\{A2F545EE-C1F5-4945-A121-F9C16718B86A}.dat
C:\WINDOWS\{CFE28BF2-5F86-4D1F-840E-79B0ED8FCF45}.dat
C:\WINDOWS\system32\{7C67F7A2-638E-4682-9822-0CEEB1D2EF7D}.dat
C:\WINDOWS\system32\{BAAEE2C9-7F3E-4573-9480-04D42CA61A21}.dat

.
((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-16 15:10 . 2008-10-16 15:10 <DIR> d-------- C:\rsit
2008-10-14 14:14 . 2008-10-14 14:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-14 12:50 . 2008-10-14 13:39 3,092 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-14 10:02 . 2008-10-16 19:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-14 01:44 . 2008-10-14 01:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-14 01:44 . 2008-10-14 01:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-14 00:50 . 2008-10-14 00:50 <DIR> d-------- C:\Program Files\Panda Security
2008-10-14 00:50 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-28 15:14 . 2008-09-28 15:19 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-09-28 14:50 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-28 13:27 . 2008-09-28 14:57 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-09-27 10:21 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-27 10:21 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-23 17:46 . 2008-09-23 17:46 245,408 --a------ C:\WINDOWS\system32\unicows.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 16:44 --------- d-----w C:\Program Files\Microsoft Works
2008-10-17 16:44 --------- d-----w C:\Program Files\Digital Media Reader
2008-10-17 16:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-17 16:41 --------- d-----w C:\Program Files\SymNetDrv
2008-10-17 16:41 --------- d-----w C:\Program Files\REGSHAVE
2008-10-17 16:41 --------- d-----w C:\Program Files\QuickTime
2008-10-17 16:41 --------- d-----w C:\Program Files\iTunes
2008-10-17 16:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-10-17 00:40 27,230 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-10-16 01:48 --------- d-----w C:\Program Files\MSN Messenger
2008-10-14 19:15 --------- d-----w C:\Program Files\AIM
2008-10-14 19:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-10-14 07:30 --------- d-----w C:\Program Files\Norton AntiVirus
2008-10-10 13:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 13:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 20:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-17 21:16 --------- d--h--w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-09-11 20:55 --------- d-----w C:\Program Files\Styler
2008-09-11 20:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\ViStart
2008-09-11 20:21 --------- d-----w C:\Program Files\WinFlip
2008-09-11 20:21 --------- d-----w C:\Program Files\TrueTransparency
2008-09-11 20:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Styler
2008-09-09 04:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-08-18 17:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-05 22:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-08-05 17:35 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-21 180269]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-08-08 24576]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 28739]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 54296]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 58392]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-08-21 100056]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 271672]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-03-15 966656]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2005-08-06 1742384]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-08 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19046:TCP"= 19046:TCP:pORT_19046
"39691:TCP"= 39691:TCP:pORT_39691
"50098:TCP"= 50098:TCP:pORT_50098
"62371:TCP"= 62371:TCP:pORT_62371
"32805:TCP"= 32805:TCP:pORT_32805
"10457:TCP"= 10457:TCP:pORT_10457
"16383:TCP"= 16383:TCP:pORT_16383
"28930:TCP"= 28930:TCP:pORT_28930
"36573:TCP"= 36573:TCP:pORT_36573
"17904:TCP"= 17904:TCP:pORT_17904
"15297:TCP"= 15297:TCP:pORT_15297
"62043:TCP"= 62043:TCP:pORT_62043
"11403:TCP"= 11403:TCP:pORT_11403
"34266:TCP"= 34266:TCP:pORT_34266
"7106:TCP"= 7106:TCP:pORT_7106
"56601:TCP"= 56601:TCP:pORT_56601
"5148:TCP"= 5148:TCP:pORT_5148
"14137:TCP"= 14137:TCP:pORT_14137
"56625:TCP"= 56625:TCP:pORT_56625
"53730:TCP"= 53730:TCP:pORT_53730
"60636:TCP"= 60636:TCP:pORT_60636
"60746:TCP"= 60746:TCP:pORT_60746
"31055:TCP"= 31055:TCP:pORT_31055
"13301:TCP"= 13301:TCP:pORT_13301
"55298:TCP"= 55298:TCP:pORT_55298
"49045:TCP"= 49045:TCP:pORT_49045
"16431:TCP"= 16431:TCP:pORT_16431
"47636:TCP"= 47636:TCP:pORT_47636
"15923:TCP"= 15923:TCP:pORT_15923
"34867:TCP"= 34867:TCP:pORT_34867
"49782:TCP"= 49782:TCP:pORT_49782
"5920:TCP"= 5920:TCP:pORT_5920
"60055:TCP"= 60055:TCP:pORT_60055
"27493:TCP"= 27493:TCP:pORT_27493
"44451:TCP"= 44451:TCP:pORT_44451
"33293:TCP"= 33293:TCP:pORT_33293
"58355:TCP"= 58355:TCP:pORT_58355
"14934:TCP"= 14934:TCP:pORT_14934
"39493:TCP"= 39493:TCP:pORT_39493
"26126:TCP"= 26126:TCP:pORT_26126
"28447:TCP"= 28447:TCP:pORT_28447
"32738:TCP"= 32738:TCP:pORT_32738
"40777:TCP"= 40777:TCP:pORT_40777
"26051:TCP"= 26051:TCP:pORT_26051
"61668:TCP"= 61668:TCP:pORT_61668
"64289:TCP"= 64289:TCP:pORT_64289
"9066:TCP"= 9066:TCP:pORT_9066
"13926:TCP"= 13926:TCP:pORT_13926
"65059:TCP"= 65059:TCP:pORT_65059
"61184:TCP"= 61184:TCP:pORT_61184
"55730:TCP"= 55730:TCP:pORT_55730
"42460:TCP"= 42460:TCP:pORT_42460
"49480:TCP"= 49480:TCP:pORT_49480
"31780:TCP"= 31780:TCP:pORT_31780
"12615:TCP"= 12615:TCP:pORT_12615
"23582:TCP"= 23582:TCP:pORT_23582

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968]
.
Contents of the 'Scheduled Tasks' folder

2008-10-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 13:15]

2008-09-27 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NAVW32.exe [2002-11-14 19:31]

2008-10-17 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 09:04]

2008-10-17 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A83E3B29-F2B2-44E5-808D-692D98FFA176}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 19:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
HKLM-Run-AIMPro - C:\Program Files\AIM\AIM Pro\aimpro.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 11:44:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\Owner\LOCALS~1\Temp\RGI3.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-10-17 11:47:06
ComboFix-quarantined-files.txt 2008-10-17 16:47:03
ComboFix2.txt 2008-10-16 23:55:42

Pre-Run: 160,995,348,480 bytes free
Post-Run: 161,029,509,120 bytes free

209 --- E O F --- 2008-01-14 19:43:11











And here is the new HJT log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-17 12:14:34
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 154 GB (82%) free of 186 GB
Total RAM: 382 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:35, on 10/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Media Reader\bak\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://video.wbla.com/cab/IDMFlash.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222497502203
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8809 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A83E3B29-F2B2-44E5-808D-692D98FFA176}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2002-11-15 112248]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-11-21 180269]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe [2000-08-08 24576]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2003-12-02 54296]
"ccRegVfy"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe [2003-12-02 58392]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-08-21 100056]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-07-31 271672]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-03-15 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-02 68856]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2004-11-22 307200]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-10-17 12:12:50 ----A---- C:\HijackThis.exe
2008-10-17 11:52:10 ----SHD---- C:\RECYCLER
2008-10-17 11:47:10 ----D---- C:\WINDOWS\temp
2008-10-17 11:47:08 ----A---- C:\ComboFix.txt
2008-10-17 11:41:11 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-17 11:41:05 ----D---- C:\ComboFix
2008-10-17 11:37:20 ----A---- C:\Boot.bak
2008-10-17 11:37:04 ----RASHD---- C:\cmdcons
2008-10-16 19:27:34 ----A---- C:\bigfixlog.txt
2008-10-16 18:48:28 ----A---- C:\WINDOWS\zip.exe
2008-10-16 18:48:28 ----A---- C:\WINDOWS\VFIND.exe
2008-10-16 18:48:28 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-16 18:48:28 ----A---- C:\WINDOWS\SWSC.exe
2008-10-16 18:48:28 ----A---- C:\WINDOWS\SWREG.exe
2008-10-16 18:48:28 ----A---- C:\WINDOWS\sed.exe
2008-10-16 18:48:28 ----A---- C:\WINDOWS\grep.exe
2008-10-16 18:48:28 ----A---- C:\WINDOWS\fdsv.exe
2008-10-16 18:48:21 ----D---- C:\WINDOWS\ERDNT
2008-10-16 18:48:21 ----AD---- C:\Qoobox
2008-10-16 15:10:07 ----D---- C:\rsit
2008-10-14 14:14:02 ----D---- C:\Program Files\Trend Micro
2008-10-14 12:50:14 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-14 12:50:03 ----A---- C:\rapport.txt
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\VACFix.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-14 12:49:40 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-10-14 12:49:39 ----A---- C:\WINDOWS\system32\Process.exe
2008-10-14 10:02:22 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-14 00:50:19 ----D---- C:\Program Files\Panda Security
2008-09-28 15:14:35 ----D---- C:\WINDOWS\BDOSCAN8
2008-09-27 10:21:45 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-27 10:21:45 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-23 17:46:32 ----A---- C:\WINDOWS\system32\unicows.dll

======List of files/folders modified in the last 1 months======

2008-10-17 12:13:01 ----D---- C:\WINDOWS\Prefetch
2008-10-17 12:04:59 ----D---- C:\WINDOWS\Help
2008-10-17 11:55:54 ----D---- C:\WINDOWS
2008-10-17 11:55:33 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-17 11:47:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-17 11:47:13 ----D---- C:\WINDOWS\system32
2008-10-17 11:44:53 ----A---- C:\WINDOWS\system.ini
2008-10-17 11:44:52 ----D---- C:\Program Files\SymNetDrv
2008-10-17 11:44:52 ----D---- C:\Program Files\REGSHAVE
2008-10-17 11:44:52 ----D---- C:\Program Files\QuickTime
2008-10-17 11:44:52 ----D---- C:\Program Files\Microsoft Works
2008-10-17 11:44:52 ----D---- C:\Program Files\iTunes
2008-10-17 11:44:52 ----D---- C:\Program Files\Digital Media Reader
2008-10-17 11:44:52 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-17 11:43:58 ----D---- C:\WINDOWS\system32\drivers
2008-10-17 11:43:58 ----D---- C:\WINDOWS\AppPatch
2008-10-17 11:43:58 ----D---- C:\Program Files\Common Files
2008-10-17 11:37:20 ----RASH---- C:\boot.ini
2008-10-17 11:36:38 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-17 11:36:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-17 11:31:28 ----A---- C:\WINDOWS\win.ini
2008-10-17 11:31:22 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-10-16 19:35:41 ----RD---- C:\Program Files
2008-10-16 15:29:23 ----SHD---- C:\WINDOWS\Installer
2008-10-16 15:29:23 ----D---- C:\Config.Msi
2008-10-15 20:48:23 ----D---- C:\WINDOWS\WinSxS
2008-10-15 20:48:18 ----D---- C:\Program Files\MSN Messenger
2008-10-15 18:07:11 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-10-15 17:50:50 ----HD---- C:\WINDOWS\inf
2008-10-15 17:50:44 ----RSD---- C:\WINDOWS\Fonts
2008-10-15 11:53:27 ----D---- C:\WINDOWS\network diagnostic
2008-10-14 14:15:59 ----D---- C:\Program Files\AIM
2008-10-14 14:15:52 ----D---- C:\Documents and Settings\Owner\Application Data\Aim
2008-10-14 14:00:40 ----D---- C:\WINDOWS\Minidump
2008-10-14 14:00:40 ----D---- C:\WINDOWS\Debug
2008-10-14 10:03:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-14 02:30:03 ----D---- C:\Program Files\Norton AntiVirus
2008-10-14 01:36:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-03 11:38:13 ----D---- C:\Program Files\Internet Explorer
2008-09-23 22:24:01 ----AC---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 SAVRTPEL;SAVRTPEL; \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-07-22 231168]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070822.009\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070822.009\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-14 70144]
R3 SAVRT;SAVRT; \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS []
R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20081014.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-10-17 245376]
R4 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-04 59136]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver; C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-31 106496]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2002-11-13 317128]
R2 ccPxySvc;Symantec Proxy Service; C:\Program Files\Norton Internet Security\ccPxySvc.exe [2002-11-14 34496]
R2 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-11-14 116336]
R2 NISUM;Norton Internet Security Accounts Manager; C:\Program Files\Norton Internet Security\NISUM.EXE [2002-11-14 140992]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-08-06 172032]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation Service; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-12-02 99352]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-07-31 501048]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
 

·
Registered
Joined
·
3,217 Posts
Re: Red circle with an X saying my computer is infected!

Hi there

Lets try a different online scanner...

Go here to run an online scannner from ESET.
Note: -> You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is uncheckmarked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish,
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
 

·
Registered
Joined
·
7 Posts
Discussion Starter #9
Re: Red circle with an X saying my computer is infected!

Okay here you go,

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3533 (20081017)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.060 (20070601)
# EOSSerial=157cfa8ddc504740adc0c994b082509b
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-10-18 12:47:13
# local_time=2008-10-17 07:47:13 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=304548
# found=0
# scan_time=3250
 

·
Registered
Joined
·
3,217 Posts
Re: Red circle with an X saying my computer is infected!

Howdy irv08

All is looking good. Now lets get your anti virus up to date to prevent further infection. As norton also incorporates a firewall we will also deal with this too

First lets download a free antivirus that will keep you protected - A good free anti virus software to start with is AntiVir®. Download but do not install just yet

To remove norton please download the Norton removal tool

Now disconnect from the internet and run the tool, once complete install, connect back to the internet, update and run a full scan with Antivir.

Firewalls - The windows default firewall only blocks traffic in one direction and will not prevent nasties on your computer phoning home, I suggest suing a third party firewall such as Zonealarm Free.

Let me know how things go, anymore problems to report?
 

·
Registered
Joined
·
7 Posts
Discussion Starter #11
Re: Red circle with an X saying my computer is infected!

Okay thanks sooo much! I added the anitvirus and firewall.

And no more problems, my computer is running great!

Once again thanks a whole lot, I have no idea what I would of done with out your help :grin:
 

·
Registered
Joined
·
3,217 Posts
Re: Red circle with an X saying my computer is infected!

Howdy there....

Now that your clear - Lets tidy up after ourselves

Go start menu select run (vista users press windows key & r) to bring up the run dialog
In the command line type in combofix /u - Note the space between combofix & /u)

This will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Now that you appear to be free from malware lets help you stay that way!

Update windows on a regular basis - If you do not have automatic updates enabled then

Visit Microsoft's Update Page and update your computer from there
Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions.
Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more information on firewalls read this article here

Make your Internet Explorer more secure - This can be done by following these simple instructions:

Open Internet Explorer, click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

Safer Browsing
Use software such as Trendprotect or Sitehound to help you stay away from unsuspecting sites that have malicious purposes.
Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects)

Use an alternative browser
Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser.

Computer Maintenance
Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis.

Scan your computer regularly for malware
Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy and Adaware 2007 Free by Lavasoft can help you keep clear. These products are scan on demand and do not have active back ground scanning. These two products can be installed together without any complications.

Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) - Please note that this product can also be run as free without a licience but the background protection will not be active.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet.

-> So How Did I Get Infected In First Place - By TonyKlein
-> How to prevent Malware - By miekiemoes
-> I'm not pulling your leg, honest - By Sandi Hardmeie

**Kindly respond one more time and let me know if we may consider this thread resolved.
 

·
Registered
Joined
·
7 Posts
Discussion Starter #13
Re: Red circle with an X saying my computer is infected!

Helllo

Okay all done [:

yes the thread is solved.

thanks for the help!
 
1 - 14 of 14 Posts
Status
Not open for further replies.
Top