Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with VirusRemover 2008


  • This topic is locked This topic is locked
8 replies to this topic

#1 toby826

toby826

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:04:29 AM

Posted 07 October 2008 - 07:24 PM

I recently downloaded some software, which was apparently a terrible idea. I use Mozilla Firefox, and internet explorer windows keep randomly opening, showing a "cannot display page" message, with a virus remover address. For a while I was unable to locate my hard drive when going to "my computer," neither could I change my desktop setting others than resolution. My desktop background keeps switching to a strange pop-up type virus warning that advises me to "Activate Antispyware." I ran ad-aware se several times and deleted the selections, same with spybot search and destroy and malware bytes' anit-malware. After this I was able to see my C:/ drive on "My computer," and the normal options for the display are available in the control panel. The annoying desktop background still persisted. I then ran Stinger, which deleted several items. The desktop background remains the same after my trying to change it, although I haven't encountered any more internet explorer pop-ups (yet.)
Here's my Hijack This report, I would appreciate any help. Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:01 PM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\WINDOWS.1\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS.1\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS.1\system32\oodag.exe
C:\WINDOWS.1\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
O2 - BHO: (no name) - {21B5F19E-6196-4865-9BB5-17380B776808} - (no file)
O2 - BHO: QXK Olive - {41B2F79F-05DE-4D34-85C5-6040D42351C9} - C:\WINDOWS.1\vortsgbqmxv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {9C4AB1CD-0ABC-4372-8513-5A73FA331E47} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: (no name) - {c0713e70-2d9d-4f75-a1bc-7ad87396d8e9} - (no file)
O2 - BHO: (no name) - {EBF1652D-FC54-4654-8738-55A21A0B520B} - (no file)
O2 - BHO: (no name) - {FCAC17B3-1ACF-4B89-8C93-685CA192CA68} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program

Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program

Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: olnmraew - {1EE3EAF4-D787-4E81-944C-D61A9E1869C4} - C:\WINDOWS.1\olnmraew.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe"

-atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleSyncNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: glecyf.dll
O20 - Winlogon Notify: urqPgdaX - C:\WINDOWS.1\
O21 - SSODL: lfstbwvd - {0BFB7218-2EBF-40B3-831F-BC72E4AE8EDB} - C:\WINDOWS.1\lfstbwvd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation -

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client

Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client

Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client

Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program

Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: Privacy Protection -

file:///C:\WINDOWS.1\privacy_danger\index.htm

--
End of file - 7121 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:29 AM

Posted 08 October 2008 - 05:44 AM

Hello toby826,

Welcome to Bleeping Computer :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

The current formatting of your log makes it difficult to read. Please open Notepad:
On top, click Format >uncheck Word Wrap.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 toby826

toby826
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:04:29 AM

Posted 08 October 2008 - 12:19 PM

Thanks for your response, Tea!

ComboFix 08-10-07.06 - Administrator 2008-10-08 12:03:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.373 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS.1\lfstbwvd.dll
C:\WINDOWS.1\olnmraew.dll
C:\WINDOWS.1\privacy_danger
C:\WINDOWS.1\privacy_danger\images\body.gif
C:\WINDOWS.1\privacy_danger\images\capt.gif
C:\WINDOWS.1\privacy_danger\images\capt2.gif
C:\WINDOWS.1\privacy_danger\images\red.gif
C:\WINDOWS.1\privacy_danger\images\text.gif
C:\WINDOWS.1\privacy_danger\index.htm
C:\WINDOWS.1\qmafxprs.dll
C:\WINDOWS.1\system32\Desktop_.ini
C:\WINDOWS.1\vortsgbqmxv.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-10-07 19:13 . 2008-10-07 19:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-07 02:44 . 2008-10-07 02:43 102,664 --a------ C:\WINDOWS.1\system32\drivers\tmcomm.sys
2008-10-07 02:43 . 2008-10-07 03:32 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-10-07 01:23 . 2008-10-07 01:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 01:23 . 2008-10-07 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 01:23 . 2008-10-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-07 01:23 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS.1\system32\drivers\mbamswissarmy.sys
2008-10-07 01:23 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS.1\system32\drivers\mbam.sys
2008-10-06 21:14 . 2008-10-07 00:42 205 --a------ C:\WINDOWS.1\wininit.ini
2008-10-06 19:44 . 2008-10-06 19:49 <DIR> d-------- C:\Program Files\SpybotSD
2008-10-06 18:49 . 2008-10-07 00:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-06 17:02 . 2008-10-06 17:02 0 --a------ C:\WINDOWS.1\vpc32.INI
2008-10-06 13:29 . 2008-10-06 08:53 86,016 --a------ C:\WINDOWS.1\qkeftmxn.exe
2008-10-06 13:28 . 2008-10-06 13:28 <DIR> d-------- C:\Adobe CS3
2008-10-06 12:22 . 2008-10-06 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-10-06 12:08 . 2008-10-06 12:08 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-10-05 18:57 . 2008-10-06 16:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-10-05 18:53 . 2008-10-05 18:53 <DIR> d-------- C:\Program Files\DNA
2008-10-05 18:53 . 2008-10-05 18:53 <DIR> d-------- C:\Program Files\BitTorrent
2008-10-05 18:53 . 2008-10-06 20:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-10-05 18:18 . 2008-10-05 18:18 <DIR> d-------- C:\WINDOWS.1\system32\LogFiles
2008-10-03 16:46 . 2008-10-03 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-02 20:58 . 2008-10-02 21:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Download Manager
2008-10-01 18:40 . 2008-10-01 18:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Media Player Classic
2008-10-01 18:04 . 2008-10-01 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-27 19:07 . 2008-09-27 19:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-09-27 18:54 . 2008-09-27 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-27 18:54 . 2008-09-27 18:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-09-27 18:52 . 2008-10-07 00:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-09-19 15:12 . 2008-09-19 15:13 <DIR> d-------- C:\DVDVideoSoft
2008-09-19 15:11 . 2008-09-19 15:11 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-09-19 15:11 . 2008-09-19 15:11 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-09-19 15:11 . 2008-10-06 16:47 <DIR> d-------- C:\Program Files\AskBarDis
2008-09-17 15:38 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS.1\system32\drivers\usbprint.sys
2008-09-16 17:31 . 2008-09-16 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\dwhelper
2008-09-16 17:19 . 2008-09-16 17:19 <DIR> d-------- C:\WINDOWS.1\BUVC_AP
2008-09-16 13:17 . 2008-09-16 17:22 <DIR> d-------- C:\Program Files\Google
2008-09-16 13:17 . 2008-09-16 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-15 18:10 . 2008-09-15 18:10 <DIR> d-------- C:\Program Files\Common Files\snp2uvc
2008-09-08 20:24 . 2008-09-09 00:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-09-08 17:19 . 2008-09-08 17:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-08 17:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-07 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-07 01:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-06 17:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-05 23:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-09-30 21:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-09-16 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 04:57 --------- d-----w C:\Program Files\iTunes
2008-09-05 04:57 --------- d-----w C:\Program Files\iPod
2008-09-05 04:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-05 04:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-09-05 04:56 --------- d-----w C:\Program Files\QuickTime Alternative
2008-09-05 04:56 --------- d-----w C:\Program Files\Bonjour
2008-09-05 04:55 --------- d-----w C:\Program Files\Apple Software Update
2008-09-05 04:54 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-05 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-05 04:49 --------- d-----w C:\Program Files\DVD Shrink
2008-09-05 04:49 --------- d-----w C:\Program Files\DivX
2008-09-05 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-05 04:42 --------- d-----w C:\Program Files\Veoh Networks
2008-09-05 02:16 --------- d-----w C:\Program Files\LimeWire
2008-09-05 01:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
2008-09-04 19:35 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-04 19:35 --------- d-----w C:\Program Files\Java
2008-09-04 19:02 --------- d-----w C:\Program Files\IrfanView
2008-09-04 19:00 --------- d-----w C:\Program Files\VideoLAN
2008-09-04 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-09-04 18:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\acccore
2008-09-04 18:24 --------- d-----w C:\Program Files\Viewpoint
2008-09-04 18:24 --------- d-----w C:\Program Files\Common Files\AOL
2008-09-04 18:24 --------- d-----w C:\Program Files\AIM6
2008-09-04 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-04 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-09-04 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore
2008-09-04 18:13 --------- d-----w C:\Program Files\Atheros
2008-09-04 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
2008-09-04 18:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-09-04 18:09 315,392 ----a-w C:\WINDOWS.1\HideWin.exe
2008-09-04 18:09 --------- d-----w C:\Program Files\Realtek
2008-09-04 18:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-04 06:56 --------- d-----w C:\Program Files\DIFX
2008-09-04 06:39 --------- d-----w C:\Program Files\Symantec
2008-09-04 06:38 --------- d-----w C:\Program Files\Symantec Client Security
2008-09-04 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-04 06:36 --------- d-----w C:\Program Files\OO Software
2008-09-04 06:36 --------- d-----w C:\Program Files\CyberLink
2008-09-04 06:35 99,970 ----a-w C:\WINDOWS.1\UninstallFirefox.exe
2008-09-04 06:35 --------- d-----w C:\Program Files\MagicISO
2008-09-04 06:35 --------- d-----w C:\Program Files\DVD2one
2008-09-04 06:35 --------- d-----w C:\Program Files\DVD Decrypter
2008-09-04 06:35 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-04 06:35 --------- d-----w C:\Program Files\Ahead
2008-09-04 06:34 --------- d-----w C:\Program Files\Lavasoft
2008-09-04 06:34 --------- d-----w C:\Program Files\Jasc Software Inc
2008-09-04 06:33 --------- d-----w C:\Program Files\Real Alternative
2008-09-04 06:33 --------- d-----w C:\Program Files\Media Player Classic
2008-09-04 06:33 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-04 06:33 --------- d-----w C:\Program Files\7-Zip
2008-09-04 06:32 155,995 ----a-w C:\WINDOWS.1\java\Packages\XZ9VJ3T3.ZIP
2008-09-04 06:32 --------- d-----w C:\Program Files\Common Files\Java
2008-09-04 06:23 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-04-17 85184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-05-27 413696]
"NeroFilterCheck"="C:\WINDOWS.1\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-04 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=glecyf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 EraserUtilDrvI7;EraserUtilDrvI7;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-09-17 99376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3053eca2-7ad9-11dd-9c65-001e4c8e422e}]
\Shell\AutoRun\command - E:\Launch.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-04 C:\WINDOWS.1\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 17:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{21B5F19E-6196-4865-9BB5-17380B776808} - (no file)
BHO-{41B2F79F-05DE-4D34-85C5-6040D42351C9} - C:\WINDOWS.1\vortsgbqmxv.dll
BHO-{9C4AB1CD-0ABC-4372-8513-5A73FA331E47} - (no file)
BHO-{c0713e70-2d9d-4f75-a1bc-7ad87396d8e9} - (no file)
BHO-{EBF1652D-FC54-4654-8738-55A21A0B520B} - (no file)
BHO-{FCAC17B3-1ACF-4B89-8C93-685CA192CA68} - (no file)
Toolbar-{1EE3EAF4-D787-4E81-944C-D61A9E1869C4} - C:\WINDOWS.1\olnmraew.dll
SSODL-lfstbwvd-{0BFB7218-2EBF-40B3-831F-BC72E4AE8EDB} - C:\WINDOWS.1\lfstbwvd.dll
Notify-urqPgdaX - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6oexwd6y.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 12:07:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS.1\system32\oodag.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS.1\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-08 12:11:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-08 17:11:53

Pre-Run: 18,795,581,440 bytes free
Post-Run: 18,736,869,376 bytes free

247



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:43 PM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS.1\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS.1\system32\oodag.exe
C:\WINDOWS.1\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.1\explorer.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: glecyf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6729 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:29 AM

Posted 08 October 2008 - 10:31 PM

Hello,

I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we knew in 2006; read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player

Do the same with the Ask Toolbar. Another useless toolbar usually downloaded with a program and without your knowledge. Reboot to reset the registry.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O20 - AppInit_DLLs: glecyf.dll
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folders (if they exist):

C:\Program Files\Viewpoint
C:\Program Files\AskBarDis

Reboot your computer once again.

Please run a scan with MBAM and post the report here and let me know how it's running now. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 toby826

toby826
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:04:29 AM

Posted 09 October 2008 - 11:40 AM

Hi Tea,
Your advice has been very helpful! :thumbsup: Since running combo fix my desktop hasn't been hijacked, and no more internet explorer windows have opened. I took the liberty of also disabling/uninstalling IE, as I never use it. I ran MBAM, it found a few things, but has I believe fixed them. Do you think there's anything else that I should do? Thanks again for your help, here's the log:

Malwarebytes' Anti-Malware 1.28
Database version: 1245
Windows 5.1.2600 Service Pack 2

10/9/2008 10:04:26 AM
mbam-log-2008-10-09 (10-04-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 97303
Time elapsed: 38 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.bsfk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\olnmraew.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS.1\qkeftmxn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:29 AM

Posted 09 October 2008 - 07:14 PM

Hello,

Glad to know it's better. :thumbsup:

Could I see one more run with ComboFix? I want to be sure the little nitty gritties have been deleted too. Also post a (hopefully) final HijackThis log. Still running well?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 toby826

toby826
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:04:29 AM

Posted 11 October 2008 - 05:56 PM

Hi!
Sorry it's been a couple of days, I was visiting my parents and had no internet access! :thumbsup:
It still seems to be running fine, again thank you so much for your help! I was at my wit's end!
Here are the logs:

ComboFix 08-10-07.06 - Administrator 2008-10-11 17:48:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.409 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.

2008-10-09 10:08 . 2008-10-09 10:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-10-07 19:13 . 2008-10-07 19:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-07 02:44 . 2008-10-07 02:43 102,664 --a------ C:\WINDOWS.1\system32\drivers\tmcomm.sys
2008-10-07 02:43 . 2008-10-07 03:32 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-10-07 01:23 . 2008-10-07 01:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 01:23 . 2008-10-07 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 01:23 . 2008-10-07 01:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-07 01:23 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS.1\system32\drivers\mbamswissarmy.sys
2008-10-07 01:23 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS.1\system32\drivers\mbam.sys
2008-10-06 21:14 . 2008-10-07 00:42 205 --a------ C:\WINDOWS.1\wininit.ini
2008-10-06 19:44 . 2008-10-06 19:49 <DIR> d-------- C:\Program Files\SpybotSD
2008-10-06 18:49 . 2008-10-07 00:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-06 17:02 . 2008-10-06 17:02 0 --a------ C:\WINDOWS.1\vpc32.INI
2008-10-06 13:28 . 2008-10-06 13:28 <DIR> d-------- C:\Adobe CS3
2008-10-06 12:22 . 2008-10-06 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-10-06 12:08 . 2008-10-06 12:08 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-10-05 18:57 . 2008-10-06 16:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-10-05 18:53 . 2008-10-05 18:53 <DIR> d-------- C:\Program Files\DNA
2008-10-05 18:53 . 2008-10-05 18:53 <DIR> d-------- C:\Program Files\BitTorrent
2008-10-05 18:53 . 2008-10-06 20:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-10-05 18:18 . 2008-10-05 18:18 <DIR> d-------- C:\WINDOWS.1\system32\LogFiles
2008-10-03 16:46 . 2008-10-03 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-02 20:58 . 2008-10-02 21:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Download Manager
2008-10-01 18:40 . 2008-10-01 18:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Media Player Classic
2008-10-01 18:04 . 2008-10-01 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-09-27 19:07 . 2008-09-27 19:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-09-27 18:54 . 2008-09-27 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-27 18:54 . 2008-09-27 18:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-09-27 18:52 . 2008-10-07 00:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-09-19 15:12 . 2008-09-19 15:13 <DIR> d-------- C:\DVDVideoSoft
2008-09-19 15:11 . 2008-09-19 15:11 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-09-19 15:11 . 2008-09-19 15:11 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-09-17 15:38 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS.1\system32\drivers\usbprint.sys
2008-09-16 17:31 . 2008-09-16 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\dwhelper
2008-09-16 17:19 . 2008-09-16 17:19 <DIR> d-------- C:\WINDOWS.1\BUVC_AP
2008-09-16 13:17 . 2008-09-16 17:22 <DIR> d-------- C:\Program Files\Google
2008-09-16 13:17 . 2008-09-16 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-15 18:10 . 2008-09-15 18:10 <DIR> d-------- C:\Program Files\Common Files\snp2uvc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-08 17:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-07 03:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-07 01:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-06 17:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-05 23:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-09-30 21:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-09-16 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 05:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-09-08 22:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-09-05 04:57 --------- d-----w C:\Program Files\iTunes
2008-09-05 04:57 --------- d-----w C:\Program Files\iPod
2008-09-05 04:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-05 04:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-09-05 04:56 --------- d-----w C:\Program Files\QuickTime Alternative
2008-09-05 04:56 --------- d-----w C:\Program Files\Bonjour
2008-09-05 04:55 --------- d-----w C:\Program Files\Apple Software Update
2008-09-05 04:54 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-05 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-05 04:49 --------- d-----w C:\Program Files\DVD Shrink
2008-09-05 04:49 --------- d-----w C:\Program Files\DivX
2008-09-05 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-09-05 04:42 --------- d-----w C:\Program Files\Veoh Networks
2008-09-05 02:16 --------- d-----w C:\Program Files\LimeWire
2008-09-05 01:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
2008-09-04 19:35 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-04 19:35 --------- d-----w C:\Program Files\Java
2008-09-04 19:02 --------- d-----w C:\Program Files\IrfanView
2008-09-04 19:00 --------- d-----w C:\Program Files\VideoLAN
2008-09-04 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-09-04 18:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\acccore
2008-09-04 18:24 --------- d-----w C:\Program Files\Common Files\AOL
2008-09-04 18:24 --------- d-----w C:\Program Files\AIM6
2008-09-04 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-09-04 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore
2008-09-04 18:13 --------- d-----w C:\Program Files\Atheros
2008-09-04 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
2008-09-04 18:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-09-04 18:09 315,392 ----a-w C:\WINDOWS.1\HideWin.exe
2008-09-04 18:09 --------- d-----w C:\Program Files\Realtek
2008-09-04 18:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-04 06:56 --------- d-----w C:\Program Files\DIFX
2008-09-04 06:39 --------- d-----w C:\Program Files\Symantec
2008-09-04 06:38 --------- d-----w C:\Program Files\Symantec Client Security
2008-09-04 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-04 06:36 --------- d-----w C:\Program Files\OO Software
2008-09-04 06:36 --------- d-----w C:\Program Files\CyberLink
2008-09-04 06:35 99,970 ----a-w C:\WINDOWS.1\UninstallFirefox.exe
2008-09-04 06:35 --------- d-----w C:\Program Files\MagicISO
2008-09-04 06:35 --------- d-----w C:\Program Files\DVD2one
2008-09-04 06:35 --------- d-----w C:\Program Files\DVD Decrypter
2008-09-04 06:35 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-04 06:35 --------- d-----w C:\Program Files\Ahead
2008-09-04 06:34 --------- d-----w C:\Program Files\Lavasoft
2008-09-04 06:34 --------- d-----w C:\Program Files\Jasc Software Inc
2008-09-04 06:33 --------- d-----w C:\Program Files\Real Alternative
2008-09-04 06:33 --------- d-----w C:\Program Files\Media Player Classic
2008-09-04 06:33 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-04 06:33 --------- d-----w C:\Program Files\7-Zip
2008-09-04 06:32 155,995 ----a-w C:\WINDOWS.1\java\Packages\XZ9VJ3T3.ZIP
2008-09-04 06:32 --------- d-----w C:\Program Files\Common Files\Java
2008-09-04 06:23 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-10-08_12.11.29.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-08 16:02:49 53,166 ----a-w C:\WINDOWS.1\system32\perfc009.dat
+ 2008-10-11 22:46:25 53,166 ----a-w C:\WINDOWS.1\system32\perfc009.dat
- 2008-10-08 16:02:49 380,918 ----a-w C:\WINDOWS.1\system32\perfh009.dat
+ 2008-10-11 22:46:25 380,918 ----a-w C:\WINDOWS.1\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-04-17 85184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-05-27 413696]
"NeroFilterCheck"="C:\WINDOWS.1\system32\NeroCheck.exe" [2001-07-09 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-04 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3053eca2-7ad9-11dd-9c65-001e4c8e422e}]
\Shell\AutoRun\command - E:\Launch.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-04 C:\WINDOWS.1\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 17:32]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6oexwd6y.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 17:50:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-11 17:52:34
ComboFix-quarantined-files.txt 2008-10-11 22:52:09
ComboFix2.txt 2008-10-08 17:11:58

Pre-Run: 17,609,482,240 bytes free
Post-Run: 17,599,537,152 bytes free

195


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:35 PM, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.1\System32\smss.exe
C:\WINDOWS.1\system32\winlogon.exe
C:\WINDOWS.1\system32\services.exe
C:\WINDOWS.1\system32\lsass.exe
C:\WINDOWS.1\system32\svchost.exe
C:\WINDOWS.1\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS.1\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS.1\system32\oodag.exe
C:\WINDOWS.1\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.1\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.1\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.1\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 6351 bytes

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:29 AM

Posted 11 October 2008 - 06:08 PM

Hello there,

You're most welcome, and Excellent! :) I really like it that it's still good after a couple of days. That tells me there was nothing there to regenerate the baddies. :thumbsup: Your HijackThis log looks really good too.

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

You have some really good protection in place so you get spared "The Speech"! :) I would suggest you install a firewall though. I use a router and still have a software firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:29 AM

Posted 02 November 2008 - 10:01 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users