Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have no clue but if u can help please do.


  • This topic is locked This topic is locked
35 replies to this topic

#1 laidbackinjax

laidbackinjax

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 15 March 2010 - 09:20 PM

This computer originally got infected about two months ago things that was in the first infections was some kinda worm 32 virus had some time backdoor file and a key logger all of which I do not remember the exact names. I had paid tech support called iyogi that worked on it for a week and could not fix it. I have did full system recovery many times with out being able to get rid of what ever it is. The only thing im sure it does at first is disables my dvd drives was told by iyogi my dvd drive was bad so went out bought new one and installed it only for it to get disabled also i just did full recovery and not sure whats on here or not but my dvd drive is disabled and when i do a full recovery with the factory disk it seems to work at first but normally after a week or so my computer becomes very unresponsive and slow .I dont know alot about computers but it seems to rewrite the dvd drive registry I got tired of dealing with this issue so bought a new computer and believe its infected also dvd drive stop working on it also just sent it to factory to get repaired and did not tell them nothing of my previous dvd/ virus problems in fear that they would not cover it under factory warranty. PLease have look at my logs and see if anything jumps out and needs to be fixed or if they is any for sure way to just wipe this pc clean and make it virus free .


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 19:06:16.76 on Mon 03/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.475 [GMT -6:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268684786375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\1zxktap9.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-14 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-14 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-14 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100312.001\IDSXpx86.sys [2010-3-14 329592]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-14 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-14 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100315.003\NAVENG.SYS [2010-3-15 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100315.003\NAVEX15.SYS [2010-3-15 1324720]

=============== Created Last 30 ================

2010-03-16 01:05:37 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable
2010-03-15 22:26:17 0 d-----w- c:\windows\system32\scripting
2010-03-15 22:26:16 0 d-----w- c:\windows\l2schemas
2010-03-15 22:26:15 0 d-----w- c:\windows\system32\en
2010-03-15 22:26:15 0 d-----w- c:\windows\system32\bits
2010-03-15 22:19:25 0 d-----w- c:\windows\network diagnostic
2010-03-15 22:09:56 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2010-03-15 22:08:59 9728 ------w- c:\windows\system32\ativdaxx.ax
2010-03-15 21:44:59 0 d-----w- c:\windows\system32\NtmsData
2010-03-15 21:39:57 0 d-sh--w- c:\documents and settings\hp_administrator\IECompatCache
2010-03-15 21:39:15 0 d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2010-03-15 21:28:31 0 d-sh--w- c:\documents and settings\hp_administrator\IETldCache
2010-03-15 21:22:20 0 d-----w- c:\program files\MSXML 4.0
2010-03-15 21:19:36 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-03-15 21:19:20 0 d-----w- c:\windows\ie8updates
2010-03-15 21:19:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-15 21:19:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-15 21:19:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-15 21:19:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-15 21:19:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-15 21:19:09 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-15 21:17:38 0 dc-h--w- c:\windows\ie8
2010-03-15 20:48:08 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-15 20:46:54 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-03-15 20:46:45 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-03-15 20:46:19 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-15 20:44:16 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-03-15 20:44:15 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-03-15 20:44:02 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-15 20:44:02 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-03-15 20:43:12 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-03-15 20:42:41 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-03-15 20:42:41 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-03-15 20:40:50 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-03-15 20:38:15 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-03-15 20:28:58 0 d-----w- c:\windows\system32\PreInstall
2010-03-15 20:26:20 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-03-15 11:16:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-03-15 05:15:42 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-15 05:15:39 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-15 05:15:39 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-15 05:15:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-15 05:15:39 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-15 05:15:39 0 d-----w- c:\program files\common files\Symantec Shared
2010-03-15 05:15:11 0 d-----w- c:\windows\system32\drivers\N360
2010-03-15 05:15:09 0 d-----w- c:\program files\Norton Security Suite
2010-03-15 05:15:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-03-15 05:14:59 0 d-----w- c:\program files\NortonInstaller
2010-03-15 05:14:59 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-03-15 05:13:01 0 d-sh--r- C:\cmdcons
2010-03-15 05:12:59 0 d-----w- c:\windows\setup.pss
2010-03-15 05:12:47 0 d-----w- c:\windows\setupupd
2010-03-15 05:02:22 0 d-sh--w- c:\documents and settings\hp_administrator\UserData
2010-03-15 05:00:25 0 d-----w- c:\program files\Microsoft
2010-03-15 04:59:53 1863 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EG134AA-ABA a1230n_YC_0Pavi_QCNH537_E54NAsyMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.07_T050729_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.4_#100315_N10EC8139_Z14F12F20_G10025954.MRK
2010-03-15 04:57:49 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Intuit
2010-03-15 04:54:27 181 ----a-w- c:\windows\system\hpsysdrv.DAT
2010-03-15 04:15:55 61 ----a-w- c:\windows\smscfg.ini
2010-03-15 04:15:50 333 ----a-w- c:\windows\system32\$ncsp$.inf
2010-03-15 04:15:37 5376 ----a-w- c:\windows\system32\drivers\viaide.sys
2010-03-15 04:15:31 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-03-15 04:13:20 1040 ----a-w- c:\windows\system32\drivers\alcxinit.dat
2010-03-15 04:03:54 0 d-----w- c:\program files\Symantec
2010-03-15 03:58:23 0 d-----w- c:\program files\Easy Internet signup
2010-03-15 03:58:05 2238 ----a-w- c:\windows\system32\doc.ico
2010-03-15 03:57:37 0 d-----w- c:\program files\PC-Doctor for DOS
2010-03-15 03:57:18 0 d-----w- c:\program files\PC-Doctor 5 for Windows
2010-03-15 03:54:48 0 d-----w- c:\windows\HPCPCUninstall-9972322
2010-03-15 03:54:38 118842 ----a-r- c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
2010-03-15 03:54:36 0 d-----w- c:\program files\Updates from HP
2010-03-15 03:54:35 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-03-15 03:54:11 0 d---a-w- c:\windows\system32\pcintro
2010-03-15 03:53:58 14290 ----a-w- c:\windows\system32\CHODDI.SYS
2010-03-15 03:53:57 46254 ----a-w- c:\windows\system32\oemlogo.bmp
2010-03-15 03:53:57 36864 ----a-w- c:\windows\system32\fpalsu.dll
2010-03-15 03:53:55 40960 ----a-w- c:\windows\system32\omano.dll
2010-03-15 03:53:52 45056 ----a-w- c:\windows\system32\hpreg.dll
2010-03-15 03:51:27 0 d-----w- c:\program files\Quicken
2010-03-15 03:51:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-03-15 03:50:58 109568 ----a-w- c:\windows\system32\pxinsi64.exe
2010-03-15 03:50:58 108544 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-03-15 03:50:24 0 d-----w- c:\windows\RegisteredPackages
2010-03-15 03:49:55 0 d-----w- c:\program files\common files\muvee Technologies
2010-03-15 03:49:54 0 d-----w- c:\program files\muvee Technologies
2010-03-15 03:48:36 122880 ----a-w- c:\windows\system32\ShellvRTF.dll
2010-03-15 03:48:36 0 d-----w- c:\windows\CREATOR
2010-03-15 03:47:48 86016 ----a-w- c:\windows\unvise32qt.exe
2010-03-15 03:47:42 0 d-----w- c:\windows\system32\QuickTime
2010-03-15 03:47:28 0 d-----w- c:\windows\Downloaded Installations
2010-03-15 03:47:04 376 ----a-w- c:\windows\ODBC.INI
2010-03-15 03:46:59 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-03-15 03:46:24 0 d-----w- c:\program files\common files\L&H
2010-03-15 03:46:20 0 d-----w- c:\program files\Microsoft ActiveSync
2010-03-15 03:46:05 0 d-----w- c:\windows\SHELLNEW
2010-03-15 03:44:01 0 d-----w- c:\program files\Microsoft Plus! Photo Story 2 LE
2010-03-15 03:43:55 0 d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2010-03-15 03:43:55 0 d-----w- c:\program files\Microsoft Plus! Dancer LE
2010-03-15 03:43:43 0 d-----w- c:\program files\Microsoft Money 2005
2010-03-15 03:43:17 0 d-----w- c:\program files\IntelliMover Data Transfer Demo
2010-03-15 03:42:06 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-03-15 03:42:06 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-03-15 03:42:06 0 d-----w- c:\program files\common files\InterVideo
2010-03-15 03:42:05 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-03-15 03:42:05 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-03-15 03:42:05 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-03-15 03:42:05 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-03-15 03:41:59 0 d-----w- c:\program files\InterVideo
2010-03-15 03:40:31 0 d-----w- c:\program files\common files\TiVo Shared
2010-03-15 03:38:57 0 d-----w- c:\program files\GemMaster
2010-03-15 03:38:53 0 d-----w- c:\program files\EnglishOtto
2010-03-15 03:35:53 0 d-----w- c:\program files\WildTangent
2010-03-15 03:35:21 59 ----a-w- c:\windows\WININIT.INI
2010-03-15 03:35:18 0 d-----w- c:\program files\common files\SureThing Shared
2010-03-15 03:35:15 0 d-----w- c:\program files\Sonic
2010-03-15 03:34:20 0 d-----w- c:\program files\common files\xing shared
2010-03-15 03:34:15 0 d-----w- c:\program files\common files\Real
2010-03-15 03:33:45 0 d-----w- c:\program files\MSN Encarta Standard
2010-03-15 03:31:57 90112 ----a-w- c:\windows\system32\ps2.EXE
2010-03-15 03:31:52 45056 ----a-w- c:\windows\system32\RUNCLOSE.OCX
2010-03-15 03:31:51 90112 ----a-w- c:\windows\system32\ps2.bat
2010-03-15 03:31:51 14112 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-03-15 03:30:29 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-03-15 03:29:36 21124 ----a-w- c:\windows\hpomdl07.dat
2010-03-15 03:29:36 112873 ----a-w- c:\windows\hpoins07.dat
2010-03-15 03:28:29 0 d-----w- c:\program files\common files\Sonic Shared
2010-03-15 03:27:36 0 d-----w- c:\program files\common files\HP
2010-03-15 03:25:05 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-03-15 03:25:05 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-03-15 03:25:05 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-03-15 03:25:05 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-03-15 03:25:05 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-03-15 03:25:05 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-03-15 03:24:43 80418 ----a-w- c:\windows\HPHins08.dat
2010-03-15 03:24:43 4011 ----a-w- c:\windows\hphmdl08.dat
2010-03-15 03:24:43 28672 ----a-w- c:\windows\system32\hpzjfw01.dll
2010-03-15 03:22:51 0 d-----w- c:\program files\HP
2010-03-15 03:22:49 72881 ----a-w- c:\windows\hpiins01.dat
2010-03-15 03:22:49 0 ----a-w- c:\windows\hpimdl01.dat
2010-03-15 03:22:02 0 d-----w- c:\windows\system32\FxsTmp
2010-03-15 03:21:13 0 d-----w- c:\program files\CONEXANT
2010-03-15 03:19:36 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-03-15 03:19:24 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-03-15 03:19:24 703232 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-03-15 03:19:24 39018 ----a-w- c:\windows\system32\hsfci012.dll
2010-03-15 03:19:24 220928 ----a-w- c:\windows\system32\drivers\HSFHWBS2.sys
2010-03-15 03:19:24 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-03-15 03:19:24 129045 ----a-w- c:\windows\system32\drivers\HSFProf.cty
2010-03-15 03:19:24 1038208 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2010-03-15 03:17:59 0 d-----w- c:\program files\ATI Technologies
2010-03-15 03:17:55 94574 ----a-w- c:\windows\system32\atiicdxx.dat
2010-03-15 03:13:26 0 d--h--w- c:\windows\$hf_mig$
2010-03-15 03:12:18 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-03-15 03:11:01 52736 ----a-w- c:\windows\system\hpsysdrv.exe
2010-03-15 03:09:31 786944 ----a-w- c:\windows\system32\RDBios32.dll
2010-03-15 03:09:31 532480 ----a-w- c:\windows\system32\cPC_DMIRD.dll
2010-03-15 03:09:18 49262 ----a-w- c:\windows\system32\jpicpl32.cpl
2010-03-15 03:08:45 36 ----a-w- c:\windows\wwwbatch.ini
2010-03-15 03:07:21 0 d-----w- c:\docume~1\alluse~1\applic~1\SBSI
2010-03-15 03:05:48 791 ----a-w- c:\windows\orun32.ini
2010-03-15 03:05:48 218245 ----a-w- c:\windows\orun32.isu
2010-03-15 03:05:46 306688 ----a-w- c:\windows\IsUninst.exe
2010-03-15 03:03:34 0 d-----w- c:\windows\system32\URTTemp
2010-03-15 02:56:42 0 d-----w- c:\windows\I386
2010-03-15 02:54:55 0 d-----w- C:\Program Files
2010-03-15 02:54:54 0 d-----r- c:\documents and settings\all users\Documents
2010-03-15 02:43:48 0 d-----r- c:\windows\Offline Web Pages
2010-03-15 02:43:37 0 d-sh--r- c:\windows\system32\dllcache
2010-03-15 00:47:59 303616 ----a-w- c:\windows\system32\wmstream.dll
2010-03-15 00:45:21 63684 ----a-w- c:\windows\system32\wbem\system.mof
2010-03-15 00:44:52 56832 ----a-w- c:\windows\system32\sol.exe
2010-03-15 00:43:54 94208 ----a-w- c:\windows\system32\odbcint.dll
2010-03-15 00:42:59 35072 ----a-w- c:\windows\system32\drivers\msgpc.sys
2010-03-15 00:41:42 7936 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2010-03-15 00:40:27 83456 ----a-w- c:\windows\system32\dpvsetup.exe
2010-03-15 00:39:59 8192 ----a-w- c:\windows\system32\bitsprx2.dll

==================== Find3M ====================

2010-03-15 05:15:32 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-15 05:15:25 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-12-22 05:35:05 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-22 05:35:05 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe

============= FINISH: 19:06:57.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:47 PM

Posted 20 March 2010 - 10:09 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 laidbackinjax

laidbackinjax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 21 March 2010 - 08:24 AM


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 7:12:13.18 on Sun 03/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.478 [GMT -6:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Active Mobster\ActiveMobster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [PCDrProfiler]
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268684786375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\1zxktap9.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\1zxktap9.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\1zxktap9.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-17 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-17 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-17 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100312.001\IDSXpx86.sys [2010-3-17 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-17 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-17 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100320.022\NAVENG.SYS [2010-3-20 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100320.022\NAVEX15.SYS [2010-3-20 1324720]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-03-21 03:35:24 0 d-----w- c:\program files\Yahoo!
2010-03-20 03:52:06 0 d-----w- c:\program files\YourBountyHunter!
2010-03-19 07:16:44 0 d--h--w- c:\windows\system32\GroupPolicy
2010-03-19 05:48:45 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-19 05:48:38 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-19 05:48:38 0 d-----w- c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2010-03-19 05:48:05 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-19 05:07:04 0 d-----w- c:\windows\pss
2010-03-19 04:42:50 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HPQ
2010-03-19 01:01:14 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-19 01:00:52 539160 ----a-w- c:\windows\system32\LVUI2.dll
2010-03-19 01:00:51 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-03-19 01:00:51 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-03-19 01:00:51 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2010-03-19 01:00:51 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2010-03-19 01:00:24 82289 ----a-w- c:\windows\system32\lvcoinst.ini
2010-03-19 01:00:24 34068 ----a-w- c:\windows\system32\Repository.reg
2010-03-19 01:00:24 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-03-19 01:00:24 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-03-19 01:00:24 114712 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-03-19 01:00:09 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-19 00:59:59 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-03-19 00:57:56 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-19 00:57:56 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-03-18 19:53:33 203576 ----a-w- c:\windows\system32\RICHTX32.OCX
2010-03-18 19:53:33 0 d-----w- c:\program files\Active Mobster
2010-03-18 19:52:31 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2010-03-18 19:52:30 0 d-----w- c:\program files\Mobster Commander Utility
2010-03-18 19:51:31 0 d-----w- c:\program files\Mobster Super Adder
2010-03-18 04:49:12 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-03-18 04:22:48 0 d-----w- c:\windows\system32\appmgmt
2010-03-18 00:46:22 0 d-----w- c:\docume~1\hp_adm~1\applic~1\MSNInstaller
2010-03-18 00:25:12 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-18 00:24:56 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-18 00:24:55 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-18 00:24:55 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-18 00:24:55 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-18 00:24:55 0 d-----w- c:\program files\common files\Symantec Shared
2010-03-18 00:24:26 0 d-----w- c:\program files\Norton Security Suite
2010-03-18 00:24:15 0 d-----w- c:\program files\NortonInstaller
2010-03-17 20:50:00 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2010-03-17 20:49:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 20:49:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-17 20:49:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 20:49:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 08:19:51 109248 ----a-w- c:\windows\system32\MSWINSCK.OCX
2010-03-17 08:19:50 0 d-----w- c:\program files\Mobster Utility
2010-03-16 10:09:54 0 d-----w- c:\program files\Norton Support
2010-03-16 01:05:37 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable
2010-03-15 22:26:17 0 d-----w- c:\windows\system32\scripting
2010-03-15 22:26:16 0 d-----w- c:\windows\l2schemas
2010-03-15 22:26:15 0 d-----w- c:\windows\system32\en
2010-03-15 22:26:15 0 d-----w- c:\windows\system32\bits
2010-03-15 22:19:25 0 d-----w- c:\windows\network diagnostic
2010-03-15 22:09:56 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2010-03-15 22:08:59 9728 ------w- c:\windows\system32\ativdaxx.ax
2010-03-15 21:44:59 0 d-----w- c:\windows\system32\NtmsData
2010-03-15 21:39:57 0 d-sh--w- c:\documents and settings\hp_administrator\IECompatCache
2010-03-15 21:39:15 0 d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2010-03-15 21:28:31 0 d-sh--w- c:\documents and settings\hp_administrator\IETldCache
2010-03-15 21:22:20 0 d-----w- c:\program files\MSXML 4.0
2010-03-15 21:19:36 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-03-15 21:19:20 0 d-----w- c:\windows\ie8updates
2010-03-15 21:19:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-15 21:19:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-15 21:19:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-15 21:19:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-15 21:19:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-15 21:19:09 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-15 21:17:38 0 dc-h--w- c:\windows\ie8
2010-03-15 20:48:08 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-15 20:46:54 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-03-15 20:46:45 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-03-15 20:46:19 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-15 20:44:16 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-03-15 20:44:15 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-03-15 20:44:02 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-15 20:44:02 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-03-15 20:43:12 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-03-15 20:42:41 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-03-15 20:42:41 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-03-15 20:40:50 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-03-15 20:38:15 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-03-15 20:28:58 0 d-----w- c:\windows\system32\PreInstall
2010-03-15 20:26:20 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-03-15 11:16:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-03-15 05:15:11 0 d-----w- c:\windows\system32\drivers\N360
2010-03-15 05:15:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-03-15 05:14:59 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-03-15 05:13:01 0 d-sh--r- C:\cmdcons
2010-03-15 05:12:59 0 d-----w- c:\windows\setup.pss
2010-03-15 05:12:47 0 d-----w- c:\windows\setupupd
2010-03-15 05:02:22 0 d-sh--w- c:\documents and settings\hp_administrator\UserData
2010-03-15 05:00:25 0 d-----w- c:\program files\Microsoft
2010-03-15 04:59:53 1863 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EG134AA-ABA a1230n_YC_0Pavi_QCNH537_E54NAsyMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.07_T050729_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.4_#100315_N10EC8139_Z14F12F20_G10025954.MRK
2010-03-15 04:57:49 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Intuit
2010-03-15 04:54:27 182 ----a-w- c:\windows\system\hpsysdrv.DAT
2010-03-15 04:15:55 61 ----a-w- c:\windows\smscfg.ini
2010-03-15 04:15:50 333 ----a-w- c:\windows\system32\$ncsp$.inf
2010-03-15 04:15:37 5376 ----a-w- c:\windows\system32\drivers\viaide.sys
2010-03-15 04:15:31 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-03-15 04:13:20 1040 ----a-w- c:\windows\system32\drivers\alcxinit.dat
2010-03-15 04:03:54 0 d-----w- c:\program files\Symantec
2010-03-15 03:58:23 0 d-----w- c:\program files\Easy Internet signup
2010-03-15 03:58:05 2238 ----a-w- c:\windows\system32\doc.ico
2010-03-15 03:57:37 0 d-----w- c:\program files\PC-Doctor for DOS
2010-03-15 03:57:18 0 d-----w- c:\program files\PC-Doctor 5 for Windows
2010-03-15 03:54:48 0 d-----w- c:\windows\HPCPCUninstall-9972322
2010-03-15 03:54:38 118842 ----a-r- c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
2010-03-15 03:54:36 0 d-----w- c:\program files\Updates from HP
2010-03-15 03:54:35 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-03-15 03:54:11 0 d---a-w- c:\windows\system32\pcintro
2010-03-15 03:53:58 14290 ----a-w- c:\windows\system32\CHODDI.SYS
2010-03-15 03:53:57 46254 ----a-w- c:\windows\system32\oemlogo.bmp
2010-03-15 03:53:57 36864 ----a-w- c:\windows\system32\fpalsu.dll
2010-03-15 03:53:55 40960 ----a-w- c:\windows\system32\omano.dll
2010-03-15 03:53:52 45056 ----a-w- c:\windows\system32\hpreg.dll
2010-03-15 03:51:27 0 d-----w- c:\program files\Quicken
2010-03-15 03:51:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-03-15 03:50:58 109568 ----a-w- c:\windows\system32\pxinsi64.exe
2010-03-15 03:50:58 108544 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-03-15 03:50:24 0 d-----w- c:\windows\RegisteredPackages
2010-03-15 03:49:55 0 d-----w- c:\program files\common files\muvee Technologies
2010-03-15 03:49:54 0 d-----w- c:\program files\muvee Technologies
2010-03-15 03:48:36 122880 ----a-w- c:\windows\system32\ShellvRTF.dll
2010-03-15 03:48:36 0 d-----w- c:\windows\CREATOR
2010-03-15 03:47:48 86016 ----a-w- c:\windows\unvise32qt.exe
2010-03-15 03:47:42 0 d-----w- c:\windows\system32\QuickTime
2010-03-15 03:47:28 0 d-----w- c:\windows\Downloaded Installations
2010-03-15 03:47:04 376 ----a-w- c:\windows\ODBC.INI
2010-03-15 03:46:59 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-03-15 03:46:24 0 d-----w- c:\program files\common files\L&H
2010-03-15 03:46:20 0 d-----w- c:\program files\Microsoft ActiveSync
2010-03-15 03:46:05 0 d-----w- c:\windows\SHELLNEW
2010-03-15 03:44:01 0 d-----w- c:\program files\Microsoft Plus! Photo Story 2 LE
2010-03-15 03:43:55 0 d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2010-03-15 03:43:55 0 d-----w- c:\program files\Microsoft Plus! Dancer LE
2010-03-15 03:43:17 0 d-----w- c:\program files\IntelliMover Data Transfer Demo
2010-03-15 03:42:06 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-03-15 03:42:06 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-03-15 03:42:06 0 d-----w- c:\program files\common files\InterVideo
2010-03-15 03:42:05 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-03-15 03:42:05 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-03-15 03:42:05 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-03-15 03:42:05 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-03-15 03:41:59 0 d-----w- c:\program files\InterVideo
2010-03-15 03:40:31 0 d-----w- c:\program files\common files\TiVo Shared
2010-03-15 03:38:53 0 d-----w- c:\program files\EnglishOtto
2010-03-15 03:35:53 0 d-----w- c:\program files\WildTangent
2010-03-15 03:35:21 59 ----a-w- c:\windows\WININIT.INI
2010-03-15 03:35:18 0 d-----w- c:\program files\common files\SureThing Shared
2010-03-15 03:35:15 0 d-----w- c:\program files\Sonic
2010-03-15 03:34:20 0 d-----w- c:\program files\common files\xing shared
2010-03-15 03:34:15 0 d-----w- c:\program files\common files\Real
2010-03-15 03:33:45 0 d-----w- c:\program files\MSN Encarta Standard
2010-03-15 03:31:52 45056 ----a-w- c:\windows\system32\RUNCLOSE.OCX
2010-03-15 03:31:51 14112 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-03-15 03:30:29 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-03-15 03:29:36 21124 ----a-w- c:\windows\hpomdl07.dat
2010-03-15 03:29:36 112873 ----a-w- c:\windows\hpoins07.dat
2010-03-15 03:28:29 0 d-----w- c:\program files\common files\Sonic Shared
2010-03-15 03:27:36 0 d-----w- c:\program files\common files\HP
2010-03-15 03:25:05 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-03-15 03:25:05 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-03-15 03:25:05 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-03-15 03:25:05 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-03-15 03:25:05 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-03-15 03:25:05 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-03-15 03:24:43 80418 ----a-w- c:\windows\HPHins08.dat
2010-03-15 03:24:43 4011 ----a-w- c:\windows\hphmdl08.dat
2010-03-15 03:24:43 28672 ----a-w- c:\windows\system32\hpzjfw01.dll
2010-03-15 03:22:51 0 d-----w- c:\program files\HP
2010-03-15 03:22:49 72881 ----a-w- c:\windows\hpiins01.dat
2010-03-15 03:22:49 0 ----a-w- c:\windows\hpimdl01.dat
2010-03-15 03:22:02 0 d-----w- c:\windows\system32\FxsTmp
2010-03-15 03:21:13 0 d-----w- c:\program files\CONEXANT
2010-03-15 03:19:36 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-03-15 03:19:24 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-03-15 03:19:24 703232 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-03-15 03:19:24 39018 ----a-w- c:\windows\system32\hsfci012.dll
2010-03-15 03:19:24 220928 ----a-w- c:\windows\system32\drivers\HSFHWBS2.sys
2010-03-15 03:19:24 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-03-15 03:19:24 129045 ----a-w- c:\windows\system32\drivers\HSFProf.cty
2010-03-15 03:19:24 1038208 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2010-03-15 03:17:59 0 d-----w- c:\program files\ATI Technologies
2010-03-15 03:17:55 94574 ----a-w- c:\windows\system32\atiicdxx.dat
2010-03-15 03:13:26 0 d--h--w- c:\windows\$hf_mig$
2010-03-15 03:12:18 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-03-15 03:11:01 52736 ----a-w- c:\windows\system\hpsysdrv.exe
2010-03-15 03:09:31 786944 ----a-w- c:\windows\system32\RDBios32.dll
2010-03-15 03:09:31 532480 ----a-w- c:\windows\system32\cPC_DMIRD.dll
2010-03-15 03:09:18 49262 ----a-w- c:\windows\system32\jpicpl32.cpl
2010-03-15 03:08:45 36 ----a-w- c:\windows\wwwbatch.ini
2010-03-15 03:07:21 0 d-----w- c:\docume~1\alluse~1\applic~1\SBSI
2010-03-15 03:05:48 791 ----a-w- c:\windows\orun32.ini
2010-03-15 03:05:48 218245 ----a-w- c:\windows\orun32.isu
2010-03-15 03:05:46 306688 ----a-w- c:\windows\IsUninst.exe
2010-03-15 03:03:34 0 d-----w- c:\windows\system32\URTTemp
2010-03-15 02:56:42 0 d-----w- c:\windows\I386
2010-03-15 02:54:55 0 d-----w- C:\Program Files
2010-03-15 02:54:54 0 d-----r- c:\documents and settings\all users\Documents
2010-03-15 02:43:48 0 d-----r- c:\windows\Offline Web Pages
2010-03-15 02:43:37 0 d-sh--r- c:\windows\system32\dllcache
2010-03-15 00:47:59 303616 ----a-w- c:\windows\system32\wmstream.dll
2010-03-15 00:45:21 63684 ----a-w- c:\windows\system32\wbem\system.mof
2010-03-15 00:44:52 56832 ----a-w- c:\windows\system32\sol.exe
2010-03-15 00:43:54 94208 ----a-w- c:\windows\system32\odbcint.dll
2010-03-15 00:42:59 35072 ----a-w- c:\windows\system32\drivers\msgpc.sys
2010-03-15 00:41:42 7936 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2010-03-15 00:40:27 83456 ----a-w- c:\windows\system32\dpvsetup.exe
2010-03-15 00:39:59 8192 ----a-w- c:\windows\system32\bitsprx2.dll

==================== Find3M ====================

2010-03-18 00:24:48 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-18 00:24:43 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-17 00:46:37 118784 ----a-w- c:\windows\system32\msstdfmt.dll
2009-12-22 05:35:05 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-22 05:35:05 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

============= FINISH: 7:12:51.03 ===============

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:47 PM

Posted 21 March 2010 - 08:30 AM

Hello laidbackinjax,

I asked for an OTL log and a GMER log, but you posted DDS ohmy.gif Its not a big problem, since OTL and DDS both create alike logs, but please try to read the instructions carefully smile.gif

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 laidbackinjax

laidbackinjax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 21 March 2010 - 08:44 AM

OTL Extras logfile created on: 3/21/2010 6:55:45 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 508.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 176.07 Gb Total Space | 160.40 Gb Free Space | 91.10% Space Free | Partition Type: NTFS
Drive D: | 10.21 Gb Total Space | 3.51 Gb Free Space | 34.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MYPC
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- File not found
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS1BE.tmp\SymNRT.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zS1BE.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2C3D719A-92C7-4323-89CC-C937D0267B84}" = muvee autoProducer 4.0
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3076D235-59F2-448E-889F-D04F985B4CF1}" = HP Tunes
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}" = muvee autoProducer unPlugged 1.1 - HPD
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}" = Office 2003 Tour
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"Active Mobster_is1" = Active Mobster 1.0.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mobster Commander Utility_is1" = Mobster Commander Utility 1.0.3
"Mobster Super Adder_is1" = Mobster Super Adder 1.0.7
"Mobster Utility_is1" = Mobster Utility 2.4.0
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"N360" = Norton Security Suite
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2010 5:21:26 PM | Computer Name = MYPC | Source = Application Error | ID = 1000
Description = Faulting application ndp1.1sp1-kb953297-x86.exe, version 1.0.1622.4946,
faulting module ndp1.1sp1-kb953297-x86.exe, version 1.0.1622.4946, fault address
0x00016bed.

Error - 3/15/2010 5:21:39 PM | Computer Name = MYPC | Source = Application Error | ID = 1001
Description = Fault bucket 1505346685.

[ System Events ]
Error - 3/15/2010 1:33:45 AM | Computer Name = MYPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IDSxpx86

Error - 3/15/2010 5:21:44 PM | Computer Name = MYPC | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 3/16/2010 12:32:42 PM | Computer Name = MYPC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the crd service to connect.

Error - 3/16/2010 12:32:42 PM | Computer Name = MYPC | Source = Service Control Manager | ID = 7000
Description = The crd service failed to start due to the following error: %%1053

Error - 3/17/2010 6:51:54 PM | Computer Name = MYPC | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.

Error - 3/17/2010 7:33:57 PM | Computer Name = MYPC | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 82a7500c.

Error - 3/17/2010 8:33:42 PM | Computer Name = MYPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IDSxpx86


< End of report >

Attached Files

  • Attached File  OTL.zip   48.92KB   1 downloads


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:47 PM

Posted 21 March 2010 - 08:55 AM

Thanks, now please proceed with the Combofix run smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 laidbackinjax

laidbackinjax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 21 March 2010 - 09:07 AM

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.<<< i am sorry didnt know otl was same thing as dds just thought that meant need a new dds log smile.gif skip the gmer and go straight to the combo fix now ?

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:47 PM

Posted 21 March 2010 - 09:20 AM

Yes smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 laidbackinjax

laidbackinjax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 21 March 2010 - 09:22 AM

ComboFix 10-03-20.04 - HP_Administrator 03/21/2010 8:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.367 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-790525478-602162358-839522115-500
c:\windows\system32\CHODDI.SYS
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-21 12:26 . 2010-02-12 23:41 558448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-03-21 12:26 . 2010-02-02 01:20 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-03-21 03:39 . 2010-03-21 03:39 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Yahoo
2010-03-21 03:39 . 2010-03-21 03:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2010-03-21 03:37 . 2010-03-21 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-21 03:37 . 2009-12-14 22:52 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-03-21 03:35 . 2010-03-21 03:37 -------- d-----w- c:\program files\Yahoo!
2010-03-20 23:25 . 2010-03-16 08:48 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100320.022\NAVENG.SYS
2010-03-20 23:25 . 2010-03-16 08:48 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100320.022\EECTRL.SYS
2010-03-20 23:25 . 2010-03-16 08:48 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100320.022\CCERASER.DLL
2010-03-20 23:25 . 2010-03-16 08:48 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100320.022\ECMSVR32.DLL
2010-03-20 23:25 . 2010-03-16 08:48 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100320.022\NAVENG32.DLL
2010-03-20 23:25 . 2010-03-16 08:48 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100320.022\NAVEX32A.DLL
2010-03-20 23:25 . 2010-03-16 08:48 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100320.022\NAVEX15.SYS
2010-03-20 23:25 . 2010-03-16 08:48 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100320.022\ERASER.SYS
2010-03-20 03:52 . 2010-03-21 02:40 -------- d-----w- c:\program files\YourBountyHunter!
2010-03-19 07:16 . 2010-03-19 07:16 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-03-19 05:49 . 2010-03-19 05:49 52224 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-19 05:49 . 2010-03-19 05:49 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-19 05:48 . 2010-03-19 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-19 05:48 . 2010-03-19 05:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-19 05:48 . 2010-03-19 05:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2010-03-19 05:48 . 2010-03-19 05:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-19 05:31 . 2010-03-19 05:31 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Identities
2010-03-19 04:42 . 2010-03-19 04:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HPQ
2010-03-19 01:01 . 2010-03-19 01:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2010-03-19 01:00 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2010-03-19 01:00 . 2009-10-07 08:49 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-03-19 01:00 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-03-19 01:00 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2010-03-19 01:00 . 2009-10-07 08:47 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-03-19 01:00 . 2009-10-07 08:46 114712 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-03-19 01:00 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-03-19 01:00 . 2009-10-07 08:24 34068 ----a-w- c:\windows\system32\Repository.reg
2010-03-19 00:59 . 2009-10-07 08:49 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-03-19 00:59 . 2010-03-19 01:01 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-03-19 00:59 . 2010-03-19 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-03-19 00:59 . 2010-03-19 00:59 -------- d-----w- c:\program files\Logitech
2010-03-19 00:57 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-19 00:57 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-03-18 19:53 . 2010-03-19 03:47 -------- d-----w- c:\program files\Active Mobster
2010-03-18 19:52 . 2010-03-18 19:58 -------- d-----w- c:\program files\Mobster Commander Utility
2010-03-18 19:51 . 2010-03-18 19:52 -------- d-----w- c:\program files\Mobster Super Adder
2010-03-18 04:49 . 2010-03-18 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-18 04:25 . 2010-03-18 04:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HP
2010-03-18 04:25 . 2010-03-18 04:25 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\IsolatedStorage
2010-03-18 04:25 . 2010-03-18 04:25 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\HP
2010-03-18 02:34 . 2010-03-16 17:36 52224 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1zxktap9.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\FFExternalAlert.dll
2010-03-18 02:34 . 2010-03-16 17:36 101376 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1zxktap9.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\RadioWMPCore.dll
2010-03-18 00:46 . 2010-03-18 00:46 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MSNInstaller
2010-03-18 00:28 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys
2010-03-18 00:28 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys
2010-03-18 00:28 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\Scxpx86.dll
2010-03-18 00:28 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSxpx86.dll
2010-03-18 00:28 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSviA64.sys
2010-03-18 00:25 . 2010-03-18 00:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2010-03-18 00:24 . 2010-03-18 00:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-18 00:24 . 2010-03-18 04:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-18 00:24 . 2010-03-18 00:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-18 00:24 . 2010-03-18 00:24 1291104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-03-18 00:24 . 2010-03-18 00:24 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-03-18 00:24 . 2010-03-18 00:24 776952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-03-18 00:24 . 2010-03-18 00:24 -------- d-----w- c:\program files\Norton Security Suite
2010-03-18 00:24 . 2010-03-18 00:24 -------- d-----w- c:\program files\NortonInstaller
2010-03-17 20:50 . 2010-03-17 20:50 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-17 20:50 . 2010-03-17 20:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2010-03-17 20:49 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 20:49 . 2010-03-17 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-17 20:49 . 2010-03-17 20:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 20:49 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 08:19 . 2010-03-21 03:30 -------- d-----w- c:\program files\Mobster Utility
2010-03-16 10:09 . 2010-03-16 10:09 -------- d-----w- c:\program files\Norton Support
2010-03-15 22:39 . 2010-03-15 22:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-15 22:26 . 2010-03-15 22:26 -------- d-----w- c:\windows\system32\scripting
2010-03-15 22:26 . 2010-03-15 22:26 -------- d-----w- c:\windows\l2schemas
2010-03-15 22:26 . 2010-03-15 22:26 -------- d-----w- c:\windows\system32\en
2010-03-15 22:26 . 2010-03-15 22:26 -------- d-----w- c:\windows\system32\bits
2010-03-15 22:09 . 2008-04-14 00:12 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2010-03-15 22:08 . 2008-04-14 00:11 32768 ------w- c:\windows\system32\ativtmxx.dll
2010-03-15 21:44 . 2010-03-15 21:47 -------- d-----w- c:\windows\system32\NtmsData
2010-03-15 21:39 . 2010-03-15 21:39 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache
2010-03-15 21:39 . 2010-03-15 21:39 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE
2010-03-15 21:28 . 2010-03-15 21:28 -------- d-sh--w- c:\documents and settings\HP_Administrator\IETldCache
2010-03-15 21:22 . 2010-03-15 21:22 -------- d-----w- c:\program files\MSXML 4.0
2010-03-15 21:19 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-03-15 21:19 . 2010-03-15 21:19 -------- d-----w- c:\windows\ie8updates
2010-03-15 21:19 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-03-15 21:19 . 2009-12-21 19:14 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-15 21:19 . 2009-12-21 19:14 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-15 21:19 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-15 21:19 . 2009-12-21 19:14 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-03-15 21:19 . 2009-12-21 19:14 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-03-15 21:17 . 2010-03-15 21:19 -------- dc-h--w- c:\windows\ie8
2010-03-15 21:06 . 2010-03-15 22:22 -------- d-----w- c:\windows\ServicePackFiles
2010-03-15 20:48 . 2009-12-04 18:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-15 20:46 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-03-15 20:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-03-15 20:46 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-15 20:44 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-03-15 20:44 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-03-15 20:44 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-15 20:44 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-03-15 20:43 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-03-15 20:42 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-03-15 20:42 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-03-15 20:40 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-03-15 20:38 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-03-15 20:36 . 2010-03-16 09:59 50272 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-15 20:33 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-03-15 20:33 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-03-15 20:33 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-03-15 20:33 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-03-15 20:33 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-03-15 20:33 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-03-15 20:33 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-03-15 20:33 . 2009-12-08 19:26 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-15 20:33 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-03-15 20:33 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-03-15 20:33 . 2009-12-08 19:27 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-15 20:33 . 2009-12-08 18:43 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-15 11:16 . 2010-03-15 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-15 05:38 . 2010-03-18 20:40 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Adobe
2010-03-15 05:38 . 2010-03-15 05:38 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-15 05:38 . 2010-03-18 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-15 05:26 . 2010-03-15 05:26 0 ----a-w- c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 12:25 . 2010-03-19 01:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-21 12:25 . 2010-03-19 01:00 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-18 04:25 . 2010-03-15 04:57 139 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2010-03-18 00:24 . 2010-03-18 00:24 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-18 00:24 . 2010-03-18 00:24 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-18 00:24 . 2005-03-07 19:52 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-18 00:24 . 2005-03-07 19:52 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-15 22:29 . 2004-11-17 11:31 92191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-15 22:29 . 2010-03-15 22:29 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-03-15 22:29 . 2010-03-15 22:29 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-03-15 22:29 . 2010-03-15 22:29 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-03-15 22:29 . 2010-03-15 22:29 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-03-15 22:29 . 2010-03-15 22:29 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-03-15 22:29 . 2010-03-15 22:29 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-03-15 22:29 . 2010-03-15 22:29 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2010-03-15 22:29 . 2010-03-15 22:29 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-03-15 04:59 . 2010-03-15 04:59 1863 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EG134AA-ABA a1230n_YC_0Pavi_QCNH537_E54NAsyMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.07_T050729_WXP2_L409_M959_J200_7AMD_8Athlon 64_92.4_#100315_N10EC8139_Z14F12F20_G10025954.MRK
2010-03-15 03:40 . 2005-06-10 17:05 -------- d-----w- c:\program files\Windows Plus
2010-03-15 03:32 . 2005-06-10 17:04 -------- d-----w- c:\program files\microsoft frontpage
2010-03-15 03:28 . 2010-03-15 03:21 -------- d-----w- c:\program files\CONEXANT
2010-03-15 03:26 . 2010-03-15 03:17 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-15 03:26 . 2010-03-15 03:17 -------- d-----w- c:\program files\ATI Technologies
2010-03-15 03:23 . 2010-03-15 04:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Intuit
2010-03-15 03:23 . 2010-03-15 04:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2010-03-15 03:23 . 2010-03-15 04:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SampleView
2010-03-15 03:23 . 2010-03-15 04:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-03-15 03:23 . 2010-03-15 04:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2010-03-15 03:23 . 2010-03-15 04:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-03-15 03:23 . 2010-03-15 04:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer
2010-02-17 00:46 . 2000-05-24 06:45 118784 ----a-w- c:\windows\system32\msstdfmt.dll
2009-12-31 16:50 . 2010-03-15 00:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:35 . 2009-12-22 05:35 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 19:14 . 2010-03-15 00:47 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [3/17/2010 6:30 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [3/17/2010 6:30 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [3/17/2010 6:30 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSXpx86.sys [3/17/2010 6:28 PM 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [3/17/2010 6:30 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/17/2010 10:37 PM 102448]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UDFS
.
Contents of the 'Scheduled Tasks' folder

2010-03-21 c:\windows\Tasks\User_Feed_Synchronization-{3AC1F7FE-FF3D-45D3-9718-83C8C2083ECA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1zxktap9.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1zxktap9.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\1zxktap9.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 08:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1548450032-3500882753-3375874413-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-21 08:19:31
ComboFix-quarantined-files.txt 2010-03-21 14:19

Pre-Run: 172,161,687,552 bytes free
Post-Run: 173,246,164,992 bytes free

- - End Of File - - 597E296C2FC042EA33F1E15EAB275F5B


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:47 PM

Posted 21 March 2010 - 09:29 AM

Hello laidbackinjax,

UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • MBAM log
  • A description of the remaining problems.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 laidbackinjax

laidbackinjax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 21 March 2010 - 10:54 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3891
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/21/2010 9:52:47 AM
mbam-log-2010-03-21 (09-52-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 196268
Time elapsed: 1 hour(s), 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{661e32fd-a5f0-49bc-96cc-d872fe10a7dc} (AdWare.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3296405e-e08f-4442-801e-3dcd2c6aa82c} (AdWare.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll (AdWare.WebHancer) -> Quarantined and deleted successfully.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:47 PM

Posted 21 March 2010 - 11:25 AM

How are things running now? What problems do you still have?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 laidbackinjax

laidbackinjax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 21 March 2010 - 12:08 PM

Well i can give u a update on whats has changed or seems not normal my dvd drive are working and was working before we started today. When they starting working not sure haven't checked them since i posted this topic till today or did I change or do anything to the them to try fix them. My pc is still really slow and sure its a old pc but running and processing way slower than before i got infected the first time I have noticed strange process running or what i think might be strange keep in mind i know practically nothing about computers but the process will have a valid name process but has spaces in the name. Not sure y i go in one week from having 3 svchost.exe to having 7 running if that is normal or not or what is running in there that keep needing to access the internet. I have duplicate processes running same name just under diff user name one say system another HP_ Administrator. Malwarebytes never found the original back door program or key logger program that was on my pc so i know it is widely used and respected as good program i dont put much faith in it on detecting the issues I have had. I was hacked through backdoor and this person would login my personal accounts and keep stealing my info only thing i was sure of is that what ever it was seemed to always disable my dvd drive not sure y. It always seemed that this bug stayed one step ahead of me of anything i tried or paid support tried to do to fix my computer maybe im just paranoid but is was as if he could watch everything we done. My current really noticeable problem is that my fire fox is super slow and uses 100% pc usage at time with alot of memory as much as 900,000kb at a time. I have tried to trouble this issue by disabling all add-ons , plugins ect ... one by one and even totally uninstalling it a installing it back with no luck. Not sure if this has anything to do with my issues just something strange so thought i would bring it up. I have looked in advanced system info and seen alot of programs services im not sure about like this one RemoteRegi stry svchost.ex e -k LocalServi ce Running Auto if you would like to look over all them just let me know and ill post the entire log.Most of my issues in the past seemed to be related more to being hacked or somebody else have access to my computer more than a known virus just corrupting my pc which did happen but i see no signs of my operating system being corrupt at this moment .

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:47 PM

Posted 21 March 2010 - 12:33 PM

QUOTE
I have did full system recovery many times with out being able to get rid of what ever it is.
To put it simple, this is not possible. If you did full system recovery, there is no way the malware can have survived.
The only way you could reinfect your system, was by using backed up data that contained infected elements.

At this point htings look perfectly clean to me. I see you have SuperAntispyware installed, this may seriously slow down your computer. Its a good program, but I recommend to turn off all active protection and to keep it only as an on-demand scanner.

Let me know if disabling super antispyware improved things.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 laidbackinjax

laidbackinjax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 21 March 2010 - 01:47 PM

Well as far i know superantispyware has been disabled and not running and its not open but ill go look at the settings maybe something is running in the background. I would like to really thank you for your time it was much appreciated.If it looks clean to you then I believe ya. I have did full pc recovery about 8 times and yes i did come back what ever it was. I was not backing up any data or do i have any external storage devices now if im just being targeted for some reason I dont know . I talked with a microsoft tech and he recommended i do a low lvl reformat and that nothing can survive that which i tried but none of the tools provided by samsung which makes my hard disk would work. After trying to get support from them for about two weeks with no response i used a program called kill disk when i did my last full system recovery. each time i always used the factory disk also didn't recover from the partion. Maybe i finally got rid of it not sure when i first booted it back up and seen my dvd drives was not working which was trademark for whatever this bug is i didnt think it was gone once again drives seem to be working now so not sure but there was definitely a issue because somebody was still accessing my personal accounts even after i had changed all the pw and login info after a full system recovery. I have currently not noticed anybody in my personal accounts this time around but after u go through something like this its hard to feel safe again. I posted the topic to have a expert look around and see if anything jumps out at you. Apparently all looks well so thank once again for taking your time to have look and helping me out. I bought a new pc because i was tired of dealing with this issue and dvd drive quit working on it also which their tech support could not fix and i had to send it back to the factory to get fixed. I am 99% sure this has something to do with the same bug what it is or where im getting it from i dont know no spyware maleware has yet to pick up on it though the odds of me going through three different dvd drives on two separate computers in a month though i believe to be highly unlikely.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users