Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Vundo Trojan?


  • This topic is locked This topic is locked
16 replies to this topic

#1 jujie_wan kenobi

jujie_wan kenobi

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 09 January 2009 - 08:16 PM

Hello -

I'm writing you because I think we have a trojan virus on our pc. I say this because the first several times I ran Malwarebytes’ Anti-Malware, I came across vendor names such as "Trojan.Vundo.H" and "Trojan.Agent". I've done several scans and deletions with Norton and MBAM, but we are still having intermittent problems with the pc.

1. When it first started, it created to pornographic links on the desktop that we were unable to delete permanently. After rebooting in safe mode and running Malwarebytes' Anti-Malware, I was able to remove these links.

2. We then started getting fake blue-screen-of-death and a fake Windows XP® reboot screen. (This one didn’t get me because I had seen it before. It was still really annoying!) If you waited it out, it would go back to your normal screen (whatever you were doing on the pc at that time)

3. It has also started to slow down our browser and force us to re-start. A lot of times the browser will just freeze the whole pc. . . . AND, when trying to shut down the pc, we often have to do it manually (when shutting off at night, we are unable to do so from the start menu. After clicking on shut down, it does nothing.)

4. It seems to 'hijack' the browser. If I click on a link, it takes me to a random advertisement, in no way related to my Google search. The only way to get around this is to type the web address in directly in the address bar, instead of clicking on the link from the results.

5. The internet is very slow in loading web pages and seems to time out.

6. FINALLY, the worst problem is that it will hijack/redirect a page to a site with disgusting pornographic images. (Something I pray my grandma doesn't have to see. It is her pc, but she uses it rarely.)

WHEN this happens, the process seems to start all over gain: wanting us to download anti-virus software. This is what happened when we first had problems: It would take us to that page with nasty images and have pop-up boxes stating we need to download anti-virus software. (Thankfully, I knew better than to download what they are pointing to and that's when I contacted you.)

Here are my two main questions:

(1) Is there a way to know if we already have the harmful spyware/keylogger element of this virus? I mean, can I assume that the pc is relatively “safe”, unless we follow the virus’s directions to download what they tell us? Or has the damage been done? (I’m hoping that the symptoms are just annoying, but not harmful to my pc or the files on it.) The actual downloading of their fraudulent antivirus software would be the ‘trojan’ part, correct? In other words, I’m hoping and praying that there is no actual spyware/keylogger virus on the pc yet, because we have been using it occasionally for bills and stuff.

(2) How do I get rid of it for good!!!?

Any help you can provide would be great! Thank you.


DDS (Ver_09-01-07.01) - NTFSx86
Run by HP_Administrator at 19:49:16.29 on Fri 01/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.301 [GMT -5:00]

AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1141095926\ee\AOLSoftware.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [PCDrProfiler]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [AOLDialer] "c:\program files\common files\aol\acs\AOLDial.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [SetDefPrt] "c:\program files\brother\brmflpro\BrDefPrt.exe"
mRun: [EPSON Stylus CX4800 Series] "c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE" /P26 "EPSON Stylus CX4800 Series" /O6 "USB003" /M "Stylus CX4800"
mRun: [EPSON Stylus CX4800 Series_Backup] "c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE" /P33 "EPSON Stylus CX4800 Series_Backup" /O5 "LPT1:" /M "Stylus CX4800"
mRun: [RegistryMechanic]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HostManager] "c:\program files\common files\aol\1141095926\ee\AOLSoftware.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [SS_MW] "c:\program files\radica\stylin' studio\SS_MW.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [msiexec.exe] msiconf.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\greeti~1.lnk - c:\program files\greetings workshop\GWREMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\sierra\planner\PLNRnote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMREMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\agremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: gwelpk.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-1 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-1 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-1 81288]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090109.023\NAVENG.SYS [2009-1-9 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090109.023\NAVEX15.SYS [2009-1-9 876112]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 NProtectService;Norton UnErase Protection;c:\progra~1\norton~3\norton~1\NPROTECT.EXE [2005-11-3 95832]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-1 356920]
R4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-1 1079176]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-28 1245064]
R4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2006-2-28 3379264]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-2-28 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-2-28 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-2-28 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-2-28 10368]

=============== Created Last 30 ================

2009-01-08 20:14 1,495 a------- c:\windows\system32\senekalog.dat
2009-01-07 11:49 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-01 23:34 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-01 23:34 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-01 23:34 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-01 23:34 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-01 23:34 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-01 23:34 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\PC Tools
2009-01-01 23:00 0 a------- c:\windows\system32\drivers\seneka.sys
2009-01-01 22:07 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-01-01 22:07 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-01 22:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 22:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 22:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-01 21:46 132,608 a------- c:\windows\system32\niywwfqx.dll
2009-01-01 21:35 14,336 a------- c:\windows\system32\senekajwykxxvu.dll
2008-12-31 19:20 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\FrostWire
2008-12-31 19:19 <DIR> --d----- c:\program files\FrostWire
2008-12-26 20:16 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2008-12-26 20:16 5,504 a------- c:\windows\system32\dllcache\mstee.sys
2008-12-26 20:16 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2008-12-26 20:16 10,880 a------- c:\windows\system32\dllcache\ndisip.sys
2008-12-26 20:16 16,384 a------- c:\windows\system32\ipsink.ax
2008-12-26 20:16 16,384 a------- c:\windows\system32\dllcache\ipsink.ax
2008-12-26 20:16 15,360 a------- c:\windows\system32\drivers\StreamIP.sys
2008-12-26 20:16 15,360 a------- c:\windows\system32\dllcache\streamip.sys
2008-12-26 20:14 <DIR> --d----- c:\program files\Radica
2008-12-22 18:57 <DIR> --d----- c:\program files\DivX

==================== Find3M ====================

2008-12-12 12:27 3,067,392 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-15 11:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:18 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2008-02-28 17:12 2,310 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2008-01-01 15:31 8,628 a---h--- c:\program files\PhotoImpression.GID
2007-08-30 10:50 251 a------- c:\program files\wt3d.ini
2007-06-21 18:20 374 a------- c:\docume~1\hp_adm~1\applic~1\internaldb6334.dat
2007-06-21 18:20 18,432 a------- c:\docume~1\hp_adm~1\applic~1\internaldb41.dat
2007-06-21 18:20 556 a------- c:\docume~1\hp_adm~1\applic~1\internaldb8467.dat
2006-09-12 11:00 256 a------- c:\program files\config.set
2005-07-13 13:46 135,168 a------- c:\program files\photoimpression.exe
2005-07-13 10:29 77,824 a------- c:\program files\Res_Frame.mll
2005-07-13 10:19 495,128 a------- c:\program files\ShareObjs.mll
2005-07-13 10:18 57,344 a------- c:\program files\Director.dll
2005-07-01 10:41 348,160 a------- c:\program files\EXIF.dll
2005-06-30 10:46 311,296 a------- c:\program files\DiscClub.dll
2005-06-30 10:06 552,960 a------- c:\program files\afc.dll
2005-06-08 12:56 65,536 a------- c:\program files\afcrc.dll
2005-06-08 12:56 86,016 a------- c:\program files\AlignSplit.dll
2005-04-27 08:48 229,376 a------- c:\program files\DvdIfo.dll
2005-04-11 15:07 458,752 a------- c:\program files\DGUI.dll
2005-03-17 09:35 10,146,657 a------- c:\program files\PHOTOIMPRESSION.hlp
2005-03-10 13:14 815,104 a------- c:\program files\EzDll.dll
2005-02-04 08:10 63,860 a------- c:\program files\afc.inf
2004-05-04 10:53 1,645,320 a------- c:\program files\gdiplus.dll
2003-10-21 15:45 442,368 a------- c:\program files\FPXLIB.DLL
2003-03-25 08:59 225,280 a------- c:\program files\Res_Dll.dll
2003-01-24 10:46 2,201 a------- c:\program files\Background.jpg
2002-10-14 09:17 601 a------- c:\program files\launch.xml
2002-09-16 16:04 2,589 a----r-- c:\program files\dtype.inf
2002-08-29 18:41 323,072 a------- c:\program files\msvcrt.dll
2002-06-25 16:17 1,399 a------- c:\program files\CommandBar.xml
2001-03-07 20:07 4,608 a----r-- c:\program files\THK16.DLL
2001-03-04 19:35 14,848 a----r-- c:\program files\THK32.DLL
1995-07-31 12:44 212,480 a------- c:\program files\Pcdlib32.dll

============= FINISH: 19:50:25.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 12 January 2009 - 02:27 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 jujie_wan kenobi

jujie_wan kenobi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 13 January 2009 - 11:49 AM

Hello fenzodahl512 -

Attached are the COMBO FIX Log, and the two DDS files (attach and DDS) ran today. Please let me know what else is needed. Thank you much for your help.

#4 jujie_wan kenobi

jujie_wan kenobi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 13 January 2009 - 11:50 AM

woops! forgot. [attachments]

Attached Files



#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 13 January 2009 - 01:33 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\ffkuz.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 jujie_wan kenobi

jujie_wan kenobi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 13 January 2009 - 02:16 PM

Thank you again for your quick feedback!

(1) Here is the latest ComboFix log

ComboFix 09-01-13.03 - HP_Administrator 2009-01-13 13:48:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.446 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\ffkuz.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ffkuz.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-01 23:35 . 2009-01-13 13:55 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-01 23:34 . 2009-01-13 01:30 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-01 23:34 . 2009-01-01 23:34 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\PC Tools
2009-01-01 23:34 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-01 23:34 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-01 23:34 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-01 23:34 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-01 22:07 . 2009-01-01 22:07 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 22:07 . 2009-01-01 22:07 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-01 22:07 . 2009-01-01 22:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 22:07 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 22:07 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-31 19:20 . 2008-12-31 20:04 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2008-12-31 19:19 . 2008-12-31 19:20 <DIR> d-------- c:\program files\FrostWire
2008-12-26 20:16 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax
2008-12-26 20:16 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\dllcache\ipsink.ax
2008-12-26 20:16 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2008-12-26 20:16 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\dllcache\streamip.sys
2008-12-26 20:16 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2008-12-26 20:16 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\dllcache\ndisip.sys
2008-12-26 20:16 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2008-12-26 20:16 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\dllcache\mstee.sys
2008-12-26 20:14 . 2008-12-26 20:14 <DIR> d-------- c:\program files\Radica
2008-12-22 18:57 . 2008-12-22 18:57 <DIR> d-------- c:\program files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 18:54 --------- d-----w c:\program files\Greetings Workshop
2009-01-13 18:49 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-13 03:47 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Move Networks
2009-01-06 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-05 17:00 --------- d-----w c:\program files\Norton SystemWorks Basic Edition
2009-01-01 00:19 --------- d-----w c:\program files\LimeWire
2008-12-17 20:45 --------- d-----w c:\program files\Albums
2008-12-12 04:27 --------- d-----w c:\documents and settings\All Users\Application Data\WildTangent
2008-12-12 04:00 --------- d-----w c:\program files\HP Games
2008-12-03 15:45 --------- d-----w c:\program files\MSN Messenger
2008-02-28 22:12 2,310 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-01-01 20:31 8,628 ---ha-w c:\program files\PhotoImpression.GID
2007-08-30 15:50 251 ----a-w c:\program files\wt3d.ini
2007-06-21 23:20 556 ----a-w c:\documents and settings\HP_Administrator\Application Data\internaldb8467.dat
2007-06-21 23:20 374 ----a-w c:\documents and settings\HP_Administrator\Application Data\internaldb6334.dat
2007-06-21 23:20 18,432 ----a-w c:\documents and settings\HP_Administrator\Application Data\internaldb41.dat
2006-10-03 06:43 2,402,550 ----a-w c:\windows\inf\SET1ADA.tmp
2006-09-12 16:00 256 ----a-w c:\program files\config.set
2005-07-13 18:46 135,168 ----a-w c:\program files\photoimpression.exe
2005-07-13 15:29 77,824 ----a-w c:\program files\Res_Frame.mll
2005-07-13 15:19 495,128 ----a-w c:\program files\ShareObjs.mll
2005-07-13 15:18 57,344 ----a-w c:\program files\Director.dll
2005-07-01 15:41 348,160 ----a-w c:\program files\EXIF.dll
2005-06-30 15:46 311,296 ----a-w c:\program files\DiscClub.dll
2005-06-30 15:06 552,960 ----a-w c:\program files\afc.dll
2005-06-08 17:56 86,016 ----a-w c:\program files\AlignSplit.dll
2005-06-08 17:56 65,536 ----a-w c:\program files\afcrc.dll
2005-04-27 13:48 229,376 ----a-w c:\program files\DvdIfo.dll
2005-04-11 20:07 458,752 ----a-w c:\program files\DGUI.dll
2005-03-17 14:35 10,146,657 ----a-w c:\program files\PHOTOIMPRESSION.hlp
2005-03-10 18:14 815,104 ----a-w c:\program files\EzDll.dll
2005-02-04 13:10 63,860 ----a-w c:\program files\afc.inf
2004-05-04 15:53 1,645,320 ----a-w c:\program files\gdiplus.dll
2003-10-21 20:45 442,368 ----a-w c:\program files\FPXLIB.DLL
2003-03-25 13:59 225,280 ----a-w c:\program files\Res_Dll.dll
2003-01-24 15:46 2,201 ----a-w c:\program files\Background.jpg
2002-10-14 14:17 601 ----a-w c:\program files\launch.xml
2002-09-16 21:04 2,589 ----a-r c:\program files\dtype.inf
2002-08-29 23:41 323,072 ----a-w c:\program files\msvcrt.dll
2002-06-25 21:17 1,399 ----a-w c:\program files\CommandBar.xml
2001-03-08 01:07 4,608 ----a-r c:\program files\THK16.DLL
2001-03-05 00:35 14,848 ----a-r c:\program files\THK32.DLL
1995-07-31 17:44 212,480 ----a-w c:\program files\Pcdlib32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 389120]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-02-27 98304]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"SetDefPrt"="c:\program files\Brother\BRMFLPRO\BrDefPrt.exe" [2002-12-18 40960]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"EPSON Stylus CX4800 Series_Backup"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-31 180269]
"HostManager"="c:\program files\Common Files\AOL\1141095926\ee\AOLSoftware.exe" [2006-09-25 50736]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"NSWosCheck"="c:\program files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 25472]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"SS_MW"="c:\program files\Radica\Stylin' Studio\SS_MW.exe" [2008-04-25 524288]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-09-04 50688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Event Planner Reminders Tray Icon.lnk - c:\sierra\Planner\PLNRnote.exe [2006-03-04 184320]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMREMIND.EXE [2006-09-14 327680]
Forget Me Not.lnk - c:\program files\Broderbund\AG CreataCard\agremind.exe [2006-03-01 331776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-10-28 1568768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= vvlcodec.dll
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1141095926\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-03 99376]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-01-25 149352]
R4 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~3\NORTON~1\NPROTECT.EXE [2005-11-03 95832]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-01 356920]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-02-28 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-02-28 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-02-28 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-02-28 10368]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 09:05]

2009-01-12 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2007-09-18 07:22]

2009-01-12 c:\windows\Tasks\wrSpySweeper_L03FE816753B1429F98C8778250FAF6F4.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 18:55]

2009-01-12 c:\windows\Tasks\wrSpySweeper_L03FE816753B1429F98C8778250FAF6F4.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-03-01 18:55]

2009-01-12 c:\windows\Tasks\wrSpySweeper_L03FE816753B1429F98C8778250FAF6F4.job
- c:\","d:\","e:\","f:\","g:\","h:\","i:\","j:\","K:\" []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: *.trymedia.com

c:\windows\Downloaded Program Files\kxhcm10.ocx - O16 -: {2E28242B-A689-11D4-80F2-0040266CBB8D}
hxxp://downtowncam.marion.net/kxhcm10.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 13:55:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WRLogonNTF.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\arservice.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Spyware Doctor\pctsSvc.exe
c:\progra~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-01-13 13:59:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-13 18:59:29
ComboFix2.txt 2009-01-13 16:42:39

Pre-Run: 212,525,301,760 bytes free
Post-Run: 212,451,012,608 bytes free

272 --- E O F --- 2008-12-19 05:01:43


(2) Here is the latest HJT log (I'm assuming this is the DDS text file that's generated when running the DDS program downloaded earlier?)

DDS (Ver_09-01-07.01) - NTFSx86
Run by HP_Administrator at 14:02:46.85 on Tue 01/13/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.464 [GMT -5:00]

AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\Program Files\Common Files\AOL\1141095926\ee\aolsoftware.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Sierra\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [AOLDialer] "c:\program files\common files\aol\acs\AOLDial.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [SetDefPrt] "c:\program files\brother\brmflpro\BrDefPrt.exe"
mRun: [EPSON Stylus CX4800 Series] "c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE" /P26 "EPSON Stylus CX4800 Series" /O6 "USB003" /M "Stylus CX4800"
mRun: [EPSON Stylus CX4800 Series_Backup] "c:\windows\system32\spool\drivers\w32x86\3\E_FATIADA.EXE" /P33 "EPSON Stylus CX4800 Series_Backup" /O5 "LPT1:" /M "Stylus CX4800"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HostManager] "c:\program files\common files\aol\1141095926\ee\AOLSoftware.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [SS_MW] "c:\program files\radica\stylin' studio\SS_MW.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\greeti~1.lnk - c:\program files\greetings workshop\GWREMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\sierra\planner\PLNRnote.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMREMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\agremind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartui.lnk - c:\program files\scansoft\paperport\smartui\SmartUI.exe
IE: &Search
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-1 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-1 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-1 81288]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-3 99376]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 NProtectService;Norton UnErase Protection;c:\progra~1\norton~3\norton~1\NPROTECT.EXE [2005-11-3 95832]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-1 356920]
R4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-1 1079176]
R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-28 1245064]
R4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2006-2-28 3379264]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-2-28 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-2-28 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-2-28 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-2-28 10368]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090112.041\NAVENG.SYS [2009-1-13 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090112.041\NAVEX15.SYS [2009-1-13 876112]

=============== Created Last 30 ================

2009-01-13 13:47 <DIR> --d----- C:\ComboFix
2009-01-13 11:36 161,792 a------- c:\windows\SWREG.exe
2009-01-13 11:36 98,816 a------- c:\windows\sed.exe
2009-01-01 23:34 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-01 23:34 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-01 23:34 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-01 23:34 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-01 23:34 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-01 23:34 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\PC Tools
2009-01-01 22:07 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-01-01 22:07 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-01 22:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 22:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 22:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-31 19:20 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\FrostWire
2008-12-31 19:19 <DIR> --d----- c:\program files\FrostWire
2008-12-26 20:16 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2008-12-26 20:16 5,504 a------- c:\windows\system32\dllcache\mstee.sys
2008-12-26 20:16 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2008-12-26 20:16 10,880 a------- c:\windows\system32\dllcache\ndisip.sys
2008-12-26 20:16 16,384 a------- c:\windows\system32\ipsink.ax
2008-12-26 20:16 16,384 a------- c:\windows\system32\dllcache\ipsink.ax
2008-12-26 20:16 15,360 a------- c:\windows\system32\drivers\StreamIP.sys
2008-12-26 20:16 15,360 a------- c:\windows\system32\dllcache\streamip.sys
2008-12-26 20:14 <DIR> --d----- c:\program files\Radica
2008-12-22 18:57 <DIR> --d----- c:\program files\DivX

==================== Find3M ====================

2008-12-12 12:27 3,067,392 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-23 08:01 283,648 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-02-28 17:12 2,310 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2008-01-01 15:31 8,628 a---h--- c:\program files\PhotoImpression.GID
2007-08-30 10:50 251 a------- c:\program files\wt3d.ini
2007-06-21 18:20 374 a------- c:\docume~1\hp_adm~1\applic~1\internaldb6334.dat
2007-06-21 18:20 18,432 a------- c:\docume~1\hp_adm~1\applic~1\internaldb41.dat
2007-06-21 18:20 556 a------- c:\docume~1\hp_adm~1\applic~1\internaldb8467.dat
2006-09-12 11:00 256 a------- c:\program files\config.set
2005-07-13 13:46 135,168 a------- c:\program files\photoimpression.exe
2005-07-13 10:29 77,824 a------- c:\program files\Res_Frame.mll
2005-07-13 10:19 495,128 a------- c:\program files\ShareObjs.mll
2005-07-13 10:18 57,344 a------- c:\program files\Director.dll
2005-07-01 10:41 348,160 a------- c:\program files\EXIF.dll
2005-06-30 10:46 311,296 a------- c:\program files\DiscClub.dll
2005-06-30 10:06 552,960 a------- c:\program files\afc.dll
2005-06-08 12:56 65,536 a------- c:\program files\afcrc.dll
2005-06-08 12:56 86,016 a------- c:\program files\AlignSplit.dll
2005-04-27 08:48 229,376 a------- c:\program files\DvdIfo.dll
2005-04-11 15:07 458,752 a------- c:\program files\DGUI.dll
2005-03-17 09:35 10,146,657 a------- c:\program files\PHOTOIMPRESSION.hlp
2005-03-10 13:14 815,104 a------- c:\program files\EzDll.dll
2005-02-04 08:10 63,860 a------- c:\program files\afc.inf
2004-05-04 10:53 1,645,320 a------- c:\program files\gdiplus.dll
2003-10-21 15:45 442,368 a------- c:\program files\FPXLIB.DLL
2003-03-25 08:59 225,280 a------- c:\program files\Res_Dll.dll
2003-01-24 10:46 2,201 a------- c:\program files\Background.jpg
2002-10-14 09:17 601 a------- c:\program files\launch.xml
2002-09-16 16:04 2,589 a----r-- c:\program files\dtype.inf
2002-08-29 18:41 323,072 a------- c:\program files\msvcrt.dll
2002-06-25 16:17 1,399 a------- c:\program files\CommandBar.xml
2001-03-07 20:07 4,608 a----r-- c:\program files\THK16.DLL
2001-03-04 19:35 14,848 a----r-- c:\program files\THK32.DLL
1995-07-31 12:44 212,480 a------- c:\program files\Pcdlib32.dll

============= FINISH: 14:03:01.79 ===============


Is this what you needed?

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 13 January 2009 - 02:32 PM

Looks good to me.. How's the computer now? Lets do an online scan to make sure we don't miss any...


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 jujie_wan kenobi

jujie_wan kenobi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 13 January 2009 - 05:29 PM

Here are the results. I'm saddened to see 4 threats found! Do I need to still worry? :thumbsup:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3762 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=bf545a762819154080513bc97dc3910e
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-13 10:17:36
# local_time=2009-01-13 05:17:36 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=630953
# found=4
# scan_time=5538
C:\Program Files\ProfileWatcher\pj.exe probably a variant of Win32/Delf trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\ffkuz.dll.vir Win32/BHO.NLI trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\NPROTECT\00091318.exe probably a variant of Win32/Delf trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\RECYCLER\NPROTECT\00091328.VIR Win32/BHO.NLI trojan (unable to clean - deleted) 00000000000000000000000000000000

#9 jujie_wan kenobi

jujie_wan kenobi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 13 January 2009 - 05:48 PM

I'm having another problem. Is this related to the virus?

I'm getting a dialogue box entitled "Data Execution Prevention - Micosoft windows", then:
To help protect your computer windows has closed this program
Name: windows explorer
Publisher: Microsoft Corporation

Then, it says Data execution prevention helps protect against damage from viruses and other security threats.

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 13 January 2009 - 10:26 PM

Can you post me the full error and screenshot please?..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 jujie_wan kenobi

jujie_wan kenobi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 13 January 2009 - 11:27 PM

I haven't seen it happen for the past 6 hours. I rebooted once (and also had to reconnect my wireless router, due to connection problems). Maybe this was an isolated incident. I'll be sure to let you know if it occurs again.

Is it ok to re-enable my anti-virus programs before turning of my pc for the night?

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 14 January 2009 - 01:54 AM

I haven't seen it happen for the past 6 hours. I rebooted once (and also had to reconnect my wireless router, due to connection problems). Maybe this was an isolated incident. I'll be sure to let you know if it occurs again.

Is it ok to re-enable my anti-virus programs before turning of my pc for the night?


Well, yes.. In fact, you have to enable your antivirus protection all the time (unless when you run our fix.. but please re-enable them back as soon as you finish doing the fixes) :thumbsup:


Run your pc for a couple of days and then tell me more about it :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 jujie_wan kenobi

jujie_wan kenobi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 14 January 2009 - 09:24 PM

I'll check in with you on Friday to let you know if I see that error again.
Did the most recent log(s) look ok? virus/malware-wise ??

Thanks!

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 15 January 2009 - 03:59 AM

I'll check in with you on Friday to let you know if I see that error again.
Did the most recent log(s) look ok? virus/malware-wise ??

Thanks!


Latest log looks nice.. I can't find anything malicious in it :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 jujie_wan kenobi

jujie_wan kenobi
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 15 January 2009 - 02:19 PM

Thank you so much for the all clear!

FINAL QUESTIONS:

(1) Just today, within the hour, PC Tools Anti-virus software blocked a trojan virus from downloading. (see screen print). Is this enough to just select "block" when it warns the user or should something else be done to protect the pc.

(2) We have MBAM, Norton, and PC Tools on the pc for anti-virus. What is the best combination of applications (or single application) to use in the future to proct the pc? In other words what do I need for firewall/anti-virus/anti-trojan, etc?

Thankyou.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users