Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with msiconfig.exe Trojan


  • This topic is locked This topic is locked
15 replies to this topic

#1 shrktn

shrktn

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 28 December 2008 - 12:40 AM

Ok so I just got a iPod touch for christmas, I was surfing the internet when all of a sudden the screen turned black and the Apple logo appeared with a loading bar underneath it. So when it finally finished, it booted up and suddenly there was a bookmark to a pornographic site next to the Apps. I quickly deleted it then after I connected it to my computer. It synched and when it was finished out of nowhere 2 shortcuts appeared on my desktop with both of them having pornographic-related icons and names. I didn't click on them but instead I quickly deleted them. After I did that one of them kept popping back up again and again no matter how many times I deleted it. Also, warning messages kept pooping up saying that my computer was infected with malware and that I needed to click it in order to download some anti-virus. I clicked on the ballon but Internet Explorer kept freezing so I gave up. I ran my anti-virus software, which is "2007 Norton 360", about 3 times but that didn't help. I then ran Task Manager and then Googled every single process until I found out that "msiconfig.exe" was a bad process and that I needed to immediatly end it and remove it from "Start up Items". I went to Google once gain to see how i can remove this "thing" from my computer when I ran into a forum post on this site with someone having the same problem. I downloaded, installed, then ran "Malwarebytes' Anti-Malware" (Probably shouldn't have but I did) and it found some threats and quarantined them. I re-booted my computer and when I checked the Start Up Items", mnsiconfig.exe was still there.... I want to know if there is any way to completly remove it. I'm not confortable with the fact of it still being on my hardrive. Thanks in advance!


DDS (Version 1.1.0) - NTFSx86
Run by Compaq_Owner at 21:11:40.78 on Sat 12/27/2008
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.511 [GMT -8:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mWinlogon: System=c:\windows\system32\svch?st.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [D-Link RangeBooster G WDA-2320] c:\program files\d-link\rangebooster g wda-2320\AirPlusCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\43xjcajh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-26 99376]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081227.019\NAVENG.SYS [2008-12-27 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081227.019\NAVEX15.SYS [2008-12-27 876112]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-12-12 1245064]

=============== Created Last 30 ================

2008-12-27 20:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-27 20:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 20:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-27 20:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 20:10 <DIR> --d----- c:\windows\pss
2008-12-27 12:42 61,440 a------- c:\windows\system32\svch?st.exe
2008-12-27 12:42 181,760 a------- c:\program files\common files\Ndm399a2rL.exe
2008-12-26 12:32 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-26 12:32 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-26 12:32 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-26 12:32 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-25 13:47 <DIR> --d----- c:\program files\AMT
2008-12-25 11:59 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-23 14:08 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-23 14:08 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-12-19 13:03 <DIR> --d----- c:\program files\Print Server
2008-12-19 12:05 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2008-12-19 12:05 51,120 a----r-- c:\windows\system32\drivers\HPZid412.sys
2008-12-19 12:05 37,376 a------- c:\windows\system32\hpz3l3xu.dll
2008-12-19 11:51 278,584 a------- c:\windows\system32\HPZidr12.dll
2008-12-19 11:51 204,800 a------- c:\windows\system32\HPZipr12.dll
2008-12-19 11:51 94,208 a------- c:\windows\system32\HPZipt12.dll
2008-12-19 11:51 69,632 a------- c:\windows\system32\HPZipm12.exe
2008-12-19 11:51 61,440 a------- c:\windows\system32\HPZinw12.exe
2008-12-19 11:51 57,344 a------- c:\windows\system32\HPZisn12.dll
2008-12-19 11:49 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-19 11:49 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2008-12-19 11:47 79,647 a------- c:\windows\hpfins05.dat
2008-12-19 11:47 1,350 -------- c:\windows\hpfmdl05.dat
2008-12-17 23:10 <DIR> --d----- c:\windows\ie8updates
2008-12-12 23:19 <DIR> --d----- c:\windows\system32\N360_BACKUP
2008-12-12 23:03 <DIR> --d----- c:\program files\Norton 360
2008-12-12 23:02 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-12 23:02 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-12 23:02 10,671 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-12 23:02 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-10 16:18 <DIR> --d----- c:\program files\Audacity
2008-12-03 11:36 <DIR> --d----- c:\program files\iPod
2008-12-03 11:36 <DIR> --d----- c:\program files\iTunes
2008-12-03 11:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 15:48 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys
2008-12-01 15:48 59,264 a------- c:\windows\system32\dllcache\usbaudio.sys
2008-12-01 15:47 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-01 15:47 31,616 a------- c:\windows\system32\dllcache\usbccgp.sys

==================== Find3M ====================

2008-12-14 05:59 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-14 16:08 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-11-14 16:08 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-24 03:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 05:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 08:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-03 02:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 02:15 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-08-19 13:52 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 21:12:32.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 AM

Posted 05 January 2009 - 04:53 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

Disable Realtime Protection
Antimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable Norton Antivirus.
  • Right click on thr Norton icon (Posted Image) beside your click and select Disable Auto-Protect.
  • Select a disabled duration of 5 hours to ensure that it will not interfere with this fix.
  • Click OK to apply the settings.
When done properly, you should recieve a pop-up warning saying that protection was disabled. The Norton icon should now look like Posted Image.

Download and Run ComboFix
If you have already run ComboFix, delete your copy and download a new one. If the computer in question is unable to download ComboFix, transfer it using a removable media (CDs, flash drive).

Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

In your next reply include:
-the ComboFix log
-a new HijackThis or DDS log

Please also tell me of any changes you have made to your computer since you started your topic.

With Regards,
The Panda

#3 shrktn

shrktn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 05 January 2009 - 09:12 PM

Ok I ran the ComboFix and here's the log:



ComboFix 09-01-05.03 - Compaq_Owner 2009-01-05 17:39:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.366 [GMT -8:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\IE4 Error Log.txt
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://i5i.in
.
((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2008-12-27 20:34 . 2008-12-27 20:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 20:34 . 2008-12-27 20:34 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2008-12-27 20:34 . 2008-12-27 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 20:34 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 20:34 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-27 16:44 . 2008-12-27 16:44 <DIR> d-------- c:\documents and settings\Chris\Application Data\s_5849_OTl8fHx8OTl8fHwxMjQzMDQ4MTg3fA_
2008-12-27 12:42 . 2008-12-27 12:42 181,760 --a------ c:\program files\Common Files\Ndm399a2rL.exe
2008-12-26 12:32 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-26 12:32 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-26 12:32 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-12-26 12:32 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-25 13:47 . 2008-12-25 15:38 <DIR> d-------- c:\program files\AMT
2008-12-25 11:59 . 2008-12-25 11:58 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-25 11:16 . 2008-12-25 11:16 <DIR> d-------- c:\documents and settings\Maria\Application Data\SharePod
2008-12-23 14:08 . 2008-12-23 14:55 <DIR> d-------- c:\documents and settings\Chris\Application Data\U3
2008-12-23 14:08 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-23 14:08 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll
2008-12-20 17:16 . 2008-12-20 17:16 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Image Zone Express
2008-12-19 13:03 . 2008-12-19 13:03 <DIR> d-------- c:\program files\Print Server
2008-12-19 12:08 . 2008-12-19 12:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-19 12:05 . 2005-03-08 03:52 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-12-19 12:05 . 2005-05-10 20:49 37,376 --a------ c:\windows\system32\hpz3l3xu.dll
2008-12-19 12:05 . 2005-03-08 03:52 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-19 11:51 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2008-12-19 11:51 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-12-19 11:51 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-12-19 11:51 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-12-19 11:51 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2008-12-19 11:51 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-12-19 11:49 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-19 11:49 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-19 11:47 . 2008-12-20 17:15 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\HP
2008-12-19 11:47 . 2008-12-19 12:11 79,647 --a------ c:\windows\hpfins05.dat
2008-12-19 11:47 . 2005-06-06 04:39 1,350 --------- c:\windows\hpfmdl05.dat
2008-12-17 23:10 . 2008-12-17 23:10 <DIR> d-------- c:\windows\ie8updates
2008-12-16 09:05 . 2008-12-16 09:05 <DIR> d-------- c:\documents and settings\Chris\Application Data\InterVideo
2008-12-15 18:00 . 2008-12-15 18:00 <DIR> d-------- c:\documents and settings\Maria\Application Data\MySpace
2008-12-13 00:11 . 2008-12-13 00:11 <DIR> d--hs---- c:\documents and settings\NetworkService\PrivacIE
2008-12-12 23:19 . 2008-12-12 23:19 <DIR> d-------- c:\windows\system32\N360_BACKUP
2008-12-12 23:04 . 2008-12-12 23:04 <DIR> d-------- c:\program files\Windows Sidebar
2008-12-12 23:03 . 2008-12-28 12:55 <DIR> d-------- c:\program files\Norton 360
2008-12-12 23:02 . 2008-12-16 09:12 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-12 23:02 . 2008-12-16 09:12 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-12 23:02 . 2008-12-16 09:12 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-12 23:02 . 2008-12-16 09:12 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-10 16:18 . 2008-12-10 16:23 <DIR> d-------- c:\program files\Audacity
2008-12-08 17:30 . 2008-12-08 17:30 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 01:40 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-28 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-28 20:55 --------- d-----w c:\program files\MySpace
2008-12-28 04:18 --------- d-----w c:\documents and settings\Chris\Application Data\Symantec
2008-12-27 06:13 --------- d-----w c:\documents and settings\Chris\Application Data\Apple Computer
2008-12-25 19:58 --------- d-----w c:\program files\Java
2008-12-25 19:44 --------- d-----w c:\documents and settings\Maria\Application Data\Apple Computer
2008-12-25 16:59 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2008-12-22 05:21 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Audacity
2008-12-19 20:08 --------- d-----w c:\program files\Hewlett-Packard
2008-12-19 19:51 --------- d-----w c:\program files\HP
2008-12-16 17:12 --------- d-----w c:\program files\Symantec
2008-12-15 22:19 --------- d-----w c:\documents and settings\Maria\Application Data\Symantec
2008-12-15 20:19 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2008-12-14 23:12 --------- d-----w c:\documents and settings\Guest\Application Data\Symantec
2008-12-14 13:59 5,699,584 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-13 08:07 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Symantec
2008-12-03 19:36 --------- d-----w c:\program files\iTunes
2008-12-03 19:36 --------- d-----w c:\program files\iPod
2008-12-03 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 19:35 --------- d-----w c:\program files\QuickTime
2008-12-03 19:34 --------- d-----w c:\program files\Common Files\Apple
2008-11-28 04:54 --------- d-----w c:\program files\DVDVideoSoft
2008-11-28 04:54 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-16 05:31 --------- d-----w c:\documents and settings\Guest\Application Data\MySpace
2008-11-15 00:08 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-15 00:08 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-11-09 03:45 --------- d-----w c:\documents and settings\Chris\Application Data\MySpace
2008-11-09 03:42 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\MySpace
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-06-30 21:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\ropfnqz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-08-25 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-26 99376]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-01-06 c:\windows\Tasks\User_Feed_Synchronization-{08C880F1-5667-4C33-8764-B3DF21AF0122}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-msiexec - msiconf.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\43xjcajh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 17:40:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-05 17:41:58
ComboFix-quarantined-files.txt 2009-01-06 01:41:38

Pre-Run: 122,796,273,664 bytes free
Post-Run: 122,789,146,624 bytes free

231 --- E O F --- 2008-12-18 07:10:17



_____________________________________________________________________________________





DDS (Version 1.1.0) - NTFSx86
Run by Compaq_Owner at 17:48:08.99 on Mon 01/05/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.402 [GMT -8:00]

AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [D-Link RangeBooster G WDA-2320] c:\program files\d-link\rangebooster g wda-2320\AirPlusCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\43xjcajh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll

============= SERVICES / DRIVERS ===============

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-26 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090105.035\NAVENG.SYS [2009-1-5 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090105.035\NAVEX15.SYS [2009-1-5 876112]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-12-12 1245064]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

=============== Created Last 30 ================

2009-01-05 17:38 161,792 a------- c:\windows\SWREG.exe
2009-01-05 17:38 98,816 a------- c:\windows\sed.exe
2008-12-27 20:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-27 20:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 20:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-27 20:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 20:10 <DIR> --d----- c:\windows\pss
2008-12-27 12:42 181,760 a------- c:\program files\common files\Ndm399a2rL.exe
2008-12-26 12:32 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-26 12:32 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-26 12:32 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-26 12:32 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-25 13:47 <DIR> --d----- c:\program files\AMT
2008-12-25 11:59 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-23 14:08 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-23 14:08 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-12-19 13:03 <DIR> --d----- c:\program files\Print Server
2008-12-19 12:05 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2008-12-19 12:05 51,120 a----r-- c:\windows\system32\drivers\HPZid412.sys
2008-12-19 12:05 37,376 a------- c:\windows\system32\hpz3l3xu.dll
2008-12-19 11:51 278,584 a------- c:\windows\system32\HPZidr12.dll
2008-12-19 11:51 204,800 a------- c:\windows\system32\HPZipr12.dll
2008-12-19 11:51 94,208 a------- c:\windows\system32\HPZipt12.dll
2008-12-19 11:51 69,632 a------- c:\windows\system32\HPZipm12.exe
2008-12-19 11:51 61,440 a------- c:\windows\system32\HPZinw12.exe
2008-12-19 11:51 57,344 a------- c:\windows\system32\HPZisn12.dll
2008-12-19 11:49 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-19 11:49 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2008-12-19 11:47 79,647 a------- c:\windows\hpfins05.dat
2008-12-19 11:47 1,350 -------- c:\windows\hpfmdl05.dat
2008-12-17 23:10 <DIR> --d----- c:\windows\ie8updates
2008-12-12 23:19 <DIR> --d----- c:\windows\system32\N360_BACKUP
2008-12-12 23:03 <DIR> --d----- c:\program files\Norton 360
2008-12-12 23:02 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-12 23:02 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-12 23:02 10,671 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-12 23:02 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-10 16:18 <DIR> --d----- c:\program files\Audacity

==================== Find3M ====================

2008-12-14 05:59 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-14 16:08 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-11-14 16:08 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-24 03:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 05:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 08:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-08-19 13:52 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 17:48:19.89 ===============



Well I haven't made any changes to my computer since the time of the post but my computer behaves differently. Every time I try to open Internet Explorer 2 windows open and it doesn't respond, I have to end up shuting it down via Task Manager. Another thing is that my antivirus program,which as I mentioned is "2007 Norton 360", keeps alerting me that I am not "protected against intrusion attempts" and when i click the "Fix" button it supposedly fixes it but in a few minutes the same thing pops up again no matter how many times I do that. And lastly, when I used to boot my computer ever since it was new it would never ask me which system to boot from, either "Windows XP Home Edition" or "Windows XP Recovery..." and now it does but usually it just shows that for a few seconds then it just boots normally. I thank you again for your time and help.

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 AM

Posted 06 January 2009 - 08:30 AM

Hello.

The boot selection is the Recovery Console that ComboFix installed. If you want to change the boot screen back, just remind me when you are cleaned of infetions.

Please disable your protection.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    File::
    c:\program files\Common Files\Ndm399a2rL.exe
    c:\windows\system32\ropfnqz.exe
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
    
    Dirlook::
    c:\documents and settings\Chris\Application Data\s_5849_OTl8fHx8OTl8fHwxMjQzMDQ4MTg3fA_
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simple double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.

Re-enable your protection please.

With Regards,
The Panda

Edited by PropagandaPanda, 06 January 2009 - 08:30 AM.


#5 shrktn

shrktn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 06 January 2009 - 02:41 PM

Combo Fix's log:


ComboFix 09-01-05.05 - Compaq_Owner 2009-01-06 11:19:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.499 [GMT -8:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point

FILE ::
c:\program files\Common Files\Ndm399a2rL.exe
c:\windows\system32\ropfnqz.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Ndm399a2rL.exe
c:\windows\system32\ropfnqz.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2008-12-27 20:34 . 2008-12-27 20:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 20:34 . 2008-12-27 20:34 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2008-12-27 20:34 . 2008-12-27 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 20:34 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 20:34 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-27 16:44 . 2008-12-27 16:44 <DIR> d-------- c:\documents and settings\Chris\Application Data\s_5849_OTl8fHx8OTl8fHwxMjQzMDQ4MTg3fA_
2008-12-26 12:32 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-26 12:32 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-26 12:32 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-12-26 12:32 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-25 13:47 . 2008-12-25 15:38 <DIR> d-------- c:\program files\AMT
2008-12-25 11:59 . 2008-12-25 11:58 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-25 11:16 . 2008-12-25 11:16 <DIR> d-------- c:\documents and settings\Maria\Application Data\SharePod
2008-12-23 14:08 . 2008-12-23 14:55 <DIR> d-------- c:\documents and settings\Chris\Application Data\U3
2008-12-23 14:08 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-23 14:08 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\dllcache\hidserv.dll
2008-12-20 17:16 . 2008-12-20 17:16 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\Image Zone Express
2008-12-19 13:03 . 2008-12-19 13:03 <DIR> d-------- c:\program files\Print Server
2008-12-19 12:08 . 2008-12-19 12:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-19 12:05 . 2005-03-08 03:52 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-12-19 12:05 . 2005-05-10 20:49 37,376 --a------ c:\windows\system32\hpz3l3xu.dll
2008-12-19 12:05 . 2005-03-08 03:52 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-19 11:51 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2008-12-19 11:51 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-12-19 11:51 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-12-19 11:51 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-12-19 11:51 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2008-12-19 11:51 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-12-19 11:49 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-19 11:49 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2008-12-19 11:47 . 2008-12-20 17:15 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\HP
2008-12-19 11:47 . 2008-12-19 12:11 79,647 --a------ c:\windows\hpfins05.dat
2008-12-19 11:47 . 2005-06-06 04:39 1,350 --------- c:\windows\hpfmdl05.dat
2008-12-17 23:10 . 2008-12-17 23:10 <DIR> d-------- c:\windows\ie8updates
2008-12-16 09:05 . 2008-12-16 09:05 <DIR> d-------- c:\documents and settings\Chris\Application Data\InterVideo
2008-12-15 18:00 . 2008-12-15 18:00 <DIR> d-------- c:\documents and settings\Maria\Application Data\MySpace
2008-12-13 00:11 . 2008-12-13 00:11 <DIR> d--hs---- c:\documents and settings\NetworkService\PrivacIE
2008-12-12 23:19 . 2008-12-12 23:19 <DIR> d-------- c:\windows\system32\N360_BACKUP
2008-12-12 23:04 . 2008-12-12 23:04 <DIR> d-------- c:\program files\Windows Sidebar
2008-12-12 23:03 . 2008-12-28 12:55 <DIR> d-------- c:\program files\Norton 360
2008-12-12 23:02 . 2008-12-16 09:12 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-12 23:02 . 2008-12-16 09:12 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-12 23:02 . 2008-12-16 09:12 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-12 23:02 . 2008-12-16 09:12 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-10 16:18 . 2008-12-10 16:23 <DIR> d-------- c:\program files\Audacity
2008-12-08 17:30 . 2008-12-08 17:30 <DIR> d-------- c:\documents and settings\Compaq_Owner\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 17:34 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-28 20:56 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-28 20:55 --------- d-----w c:\program files\MySpace
2008-12-28 04:18 --------- d-----w c:\documents and settings\Chris\Application Data\Symantec
2008-12-27 06:13 --------- d-----w c:\documents and settings\Chris\Application Data\Apple Computer
2008-12-25 19:58 --------- d-----w c:\program files\Java
2008-12-25 19:44 --------- d-----w c:\documents and settings\Maria\Application Data\Apple Computer
2008-12-25 16:59 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2008-12-22 05:21 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Audacity
2008-12-19 20:08 --------- d-----w c:\program files\Hewlett-Packard
2008-12-19 19:51 --------- d-----w c:\program files\HP
2008-12-16 17:12 --------- d-----w c:\program files\Symantec
2008-12-15 22:19 --------- d-----w c:\documents and settings\Maria\Application Data\Symantec
2008-12-15 20:19 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\LimeWire
2008-12-14 23:12 --------- d-----w c:\documents and settings\Guest\Application Data\Symantec
2008-12-14 13:59 5,699,584 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-13 08:07 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Symantec
2008-12-03 19:36 --------- d-----w c:\program files\iTunes
2008-12-03 19:36 --------- d-----w c:\program files\iPod
2008-12-03 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 19:35 --------- d-----w c:\program files\QuickTime
2008-12-03 19:34 --------- d-----w c:\program files\Common Files\Apple
2008-11-28 04:54 --------- d-----w c:\program files\DVDVideoSoft
2008-11-28 04:54 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-16 05:31 --------- d-----w c:\documents and settings\Guest\Application Data\MySpace
2008-11-15 00:08 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-15 00:08 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-11-09 03:45 --------- d-----w c:\documents and settings\Chris\Application Data\MySpace
2008-11-09 03:42 --------- d-----w c:\documents and settings\Compaq_Owner\Application Data\MySpace
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-06-30 21:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\Chris\Application Data\s_5849_OTl8fHx8OTl8fHwxMjQzMDQ4MTg3fA_ ----

2008-12-27 16:44 4400 --a------ c:\documents and settings\Chris\Application Data\s_5849_OTl8fHx8OTl8fHwxMjQzMDQ4MTg3fA_\spl.ini


((((((((((((((((((((((((((((( snapshot@2009-01-05_17.41.07.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-06 17:34:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_348.dat
+ 2009-01-06 17:34:14 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6cc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"D-Link RangeBooster G WDA-2320"="c:\program files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2005-12-15 2490368]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-11-30 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-08-25 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-26 99376]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-01-06 c:\windows\Tasks\User_Feed_Synchronization-{08C880F1-5667-4C33-8764-B3DF21AF0122}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\43xjcajh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 11:21:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-06 11:22:46
ComboFix-quarantined-files.txt 2009-01-06 19:22:26
ComboFix2.txt 2009-01-06 01:41:59

Pre-Run: 123,955,675,136 bytes free
Post-Run: 123,943,370,752 bytes free

232 --- E O F --- 2008-12-18 07:10:17





____________________________________________________________________________________


When I ran Malwarebytes it stopped responding at one point. Is that normal?



Malwarebytes' Anti-Malware 1.32
Database version: 1625
Windows 5.1.2600 Service Pack 2

1/6/2009 11:40:04 AM
mbam-log-2009-01-06 (11-40-04).txt

Scan type: Quick Scan
Objects scanned: 60999
Time elapsed: 11 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 AM

Posted 06 January 2009 - 03:24 PM

Hello.

When I ran Malwarebytes it stopped responding at one point. Is that normal?

It's not normal, but shouldn't be anything to worry about.

Looks good.

Update Windows Installation
Your Microsoft Windows installation is out of date. Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.

Please click here to check for and install updates to Windows, and Microsoft applications. If you encounter any problems during the installation, please feel free to ask for help.

The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Reboot and repeat the update process until there are no more updates to install.

Please post a fresh DDS log after.

With Regards,
The Panda

#7 shrktn

shrktn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 07 January 2009 - 02:35 AM

It's not normal, but shouldn't be anything to worry about.


Ok just making sure.

I went to the website and all it showed was that I had "Automatic Updates" ON. I did it manually via the Control Pannel and same thing, apparently I have all the updates available for my computer. Also, Norton still keeps telling me about that "Intrusion Prevention is turned off" warning message....I think it might just re-install it. Oh and I forgot to mention that Internet Explorer works great now, no more "Internet Explorer is not responding."

__________________________________________________________


DDS (Version 1.1.0) - NTFSx86
Run by Compaq_Owner at 23:33:17.26 on Tue 01/06/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.428 [GMT -8:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [D-Link RangeBooster G WDA-2320] c:\program files\d-link\rangebooster g wda-2320\AirPlusCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\43xjcajh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll

============= SERVICES / DRIVERS ===============

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 466880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-26 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090106.004\NAVENG.SYS [2009-1-6 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090106.004\NAVEX15.SYS [2009-1-6 876112]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-12-12 1245064]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

=============== Created Last 30 ================

2009-01-06 11:25 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-01-06 11:18 <DIR> --d----- C:\ComboFix
2009-01-05 17:38 161,792 a------- c:\windows\SWREG.exe
2009-01-05 17:38 98,816 a------- c:\windows\sed.exe
2008-12-27 20:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-27 20:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 20:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-27 20:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 20:10 <DIR> --d----- c:\windows\pss
2008-12-26 12:32 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-26 12:32 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-26 12:32 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-26 12:32 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-25 13:47 <DIR> --d----- c:\program files\AMT
2008-12-25 11:59 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-23 14:08 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-23 14:08 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-12-19 13:03 <DIR> --d----- c:\program files\Print Server
2008-12-19 12:05 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2008-12-19 12:05 51,120 a----r-- c:\windows\system32\drivers\HPZid412.sys
2008-12-19 12:05 37,376 a------- c:\windows\system32\hpz3l3xu.dll
2008-12-19 11:51 278,584 a------- c:\windows\system32\HPZidr12.dll
2008-12-19 11:51 204,800 a------- c:\windows\system32\HPZipr12.dll
2008-12-19 11:51 94,208 a------- c:\windows\system32\HPZipt12.dll
2008-12-19 11:51 69,632 a------- c:\windows\system32\HPZipm12.exe
2008-12-19 11:51 61,440 a------- c:\windows\system32\HPZinw12.exe
2008-12-19 11:51 57,344 a------- c:\windows\system32\HPZisn12.dll
2008-12-19 11:49 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-19 11:49 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2008-12-19 11:47 79,647 a------- c:\windows\hpfins05.dat
2008-12-19 11:47 1,350 -------- c:\windows\hpfmdl05.dat
2008-12-17 23:10 <DIR> --d----- c:\windows\ie8updates
2008-12-12 23:19 <DIR> --d----- c:\windows\system32\N360_BACKUP
2008-12-12 23:03 <DIR> --d----- c:\program files\Norton 360
2008-12-12 23:02 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-12 23:02 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-12 23:02 10,671 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-12 23:02 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-10 16:18 <DIR> --d----- c:\program files\Audacity

==================== Find3M ====================

2008-12-14 05:59 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-14 16:08 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-11-14 16:08 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-24 03:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 05:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 08:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-08-19 13:52 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 23:33:43.37 ===============

Edited by shrktn, 07 January 2009 - 02:47 AM.


#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 AM

Posted 07 January 2009 - 08:15 AM

Hello shrktn.

Looks clean.

Had you disabled Norton when running ComboFix? Re-enabling it should fix those errors.

With Regards,
The Panda

#9 shrktn

shrktn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 08 January 2009 - 02:50 PM

That's great to hear that finally its gone.

Had you disabled Norton when running ComboFix? Re-enabling it should fix those errors.

I did as a matter of fact. ever since my computer got infected it has been saying that.

Thanks a lot PropagandaPanda you were such a big help.

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 AM

Posted 09 January 2009 - 08:13 AM

Sorry for the delay.

I see that some of Norton's services have been disabled.

Let's use a registry script to try to re-enable them.

Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgr]
    "Start"=dword:00000002
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSetMgr]
    "Start"=dword:00000002
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdate Notice]
    "Start"=dword:00000002
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.
----
Still happening?

If so, do you see the Symantec icon beside your clock?

With Regards,
The Panda

#11 shrktn

shrktn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2009 - 02:18 PM

I did that but i'm still having the same issue

If so, do you see the Symantec icon beside your clock?

I do as a matter of fact, this is what shows up: Posted Image

Would it just be better to re-install it?

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 AM

Posted 09 January 2009 - 04:29 PM

Hello.

Yes, please try reinstalling. The infection may have damaged it.

After the reinstall, run DDS again and post the log.

With Regards,
The Panda

#13 shrktn

shrktn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 09 January 2009 - 05:44 PM

So I reinstalled it and I don't get the warning message anymore



DDS (Version 1.1.0) - NTFSx86
Run by Compaq_Owner at 14:34:05.65 on Fri 01/09/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.504 [GMT -8:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [D-Link RangeBooster G WDA-2320] c:\program files\d-link\rangebooster g wda-2320\AirPlusCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\43xjcajh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/

============= SERVICES / DRIVERS ===============

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-8-25 466880]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\NAVENG.SYS [2009-1-9 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\NAVEX15.SYS [2009-1-9 876112]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-9 1245064]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-18 149352]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-18 149352]
S4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-18 149352]

=============== Created Last 30 ================

2009-01-09 14:22 <DIR> --d----- c:\program files\Norton 360
2009-01-09 14:21 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-09 14:21 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-09 14:21 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-09 14:21 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-09 14:21 <DIR> --d----- c:\program files\Symantec
2009-01-09 14:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-01-06 11:25 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-01-06 11:18 <DIR> --d----- C:\ComboFix
2009-01-05 17:38 161,792 a------- c:\windows\SWREG.exe
2009-01-05 17:38 98,816 a------- c:\windows\sed.exe
2008-12-27 20:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-27 20:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 20:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-27 20:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 20:10 <DIR> --d----- c:\windows\pss
2008-12-26 12:32 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-26 12:32 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-26 12:32 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-26 12:32 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-25 13:47 <DIR> --d----- c:\program files\AMT
2008-12-25 11:59 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-23 14:08 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-23 14:08 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2008-12-19 13:03 <DIR> --d----- c:\program files\Print Server
2008-12-19 12:05 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2008-12-19 12:05 51,120 a----r-- c:\windows\system32\drivers\HPZid412.sys
2008-12-19 12:05 37,376 a------- c:\windows\system32\hpz3l3xu.dll
2008-12-19 11:51 278,584 a------- c:\windows\system32\HPZidr12.dll
2008-12-19 11:51 204,800 a------- c:\windows\system32\HPZipr12.dll
2008-12-19 11:51 94,208 a------- c:\windows\system32\HPZipt12.dll
2008-12-19 11:51 69,632 a------- c:\windows\system32\HPZipm12.exe
2008-12-19 11:51 61,440 a------- c:\windows\system32\HPZinw12.exe
2008-12-19 11:51 57,344 a------- c:\windows\system32\HPZisn12.dll
2008-12-19 11:49 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-19 11:49 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2008-12-19 11:47 79,647 a------- c:\windows\hpfins05.dat
2008-12-19 11:47 1,350 -------- c:\windows\hpfmdl05.dat
2008-12-17 23:10 <DIR> --d----- c:\windows\ie8updates
2008-12-12 23:19 <DIR> --d----- c:\windows\system32\N360_BACKUP
2008-12-10 16:18 <DIR> --d----- c:\program files\Audacity

==================== Find3M ====================

2008-12-14 05:59 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-14 16:08 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-11-14 16:08 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-24 03:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 05:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 05:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 08:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-08-19 13:52 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 14:34:32.31 ===============

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 AM

Posted 09 January 2009 - 07:19 PM

Looks good.

Unless you have other problems, we can wrap up.

Uninstall ComboFix
Remove Combofix now that we're done with it.

If this tool has helped you, please consider making a donation to its author. Posted Image
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Resets clock settings to standard format.
  • Hide file extensions and hidden/system files.
  • Clear System Restore cache and creates new restore point.
Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#15 shrktn

shrktn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 10 January 2009 - 02:29 AM

Alright ComboFix is uninstalled.

Umm no I'm pretty sure I'm all straighened out with my computer.

Thanks a lot for your time and help PropagandaPanda I really apreciate it. I couldn't have fixed my problem by myself.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users