Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Network, good; Internet, bad
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Trojan:dos/alureon.E still here!
Go to first new post Cannot access any google sites - youtube ...
Go to first new post "Congratulations, you won" &am ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: Solved: Help - my computer is restarting by itself

Page 2 of 2 1 2
Reply  
Thread Tools
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,287 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
06-Aug-2008, 12:30 PM #16
Delete this file:

C:\WINDOWS\system32\bljkst.dll


Follow these steps to uninstall Combofix and all of its files and components.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


Then grab the lastest version and post a new log please.

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix:
__________________
Microsoft MVP - Consumer Security
Register for free to hide this ad!
Zydecoboy's Avatar
Junior Member with 13 posts.
  
Join Date: Jul 2008
Experience: Intermediate
06-Aug-2008, 06:17 PM #17
As requested, I deleted the indicated file and uninstalled the current installation of ComboFix. Then I downloaded/installed the latest version. The log is below. I also gen'd a hijackthis log after ComboFix completed (below as well). Thanks.

ComboFix 08-08-06.01 - Michael 2008-08-06 13:56:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.565 [GMT -7:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.
2008-08-05 11:48 . 2008-08-05 11:48 <DIR> d-------- C:\WINDOWS\Sun
2008-08-05 11:39 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-05 11:38 . 2008-08-05 11:39 <DIR> d-------- C:\Program Files\Java
2008-08-05 11:38 . 2008-08-05 11:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-01 00:08 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-01 00:08 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-28 09:56 . 2008-07-28 09:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 09:56 . 2008-07-28 09:56 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-07-28 09:56 . 2008-07-28 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 09:56 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-28 09:56 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-27 17:39 . 2008-07-27 17:39 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-13 20:45 . 2008-07-13 20:45 <DIR> d-------- C:\528c7d72431481fa007bde
2008-07-13 20:39 . 2008-07-13 20:39 <DIR> d-------- C:\2433278c4092a0ecd41becf5cb
2008-07-13 20:38 . 2008-06-11 17:22 8,723,064 --a------ C:\MSFT malicious sw removal tool v1.42.exe
2008-07-13 20:27 . 2008-07-13 20:27 <DIR> d-------- C:\5a98f9adb0b3327f6ab594
2008-07-13 20:27 . 2008-07-13 20:27 <DIR> d-------- C:\5a51ab8166c1b27a295dfd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 18:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 07:08 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-01 07:08 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-01 07:08 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-01 07:08 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-01 07:08 --------- d-----w C:\Program Files\Symantec
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-10 06:41 --------- d-----w C:\Program Files\Steam
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.
------- Sigcheck -------
2004-08-04 05:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-08-04 05:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe
2005-03-02 11:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 05:00 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 11:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 08:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 08:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll
2004-08-04 05:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 05:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll
2004-08-04 05:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2004-08-04 05:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-04 05:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 05:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 09:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 05:00 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 05:55 2015744 bbb2322eb14ad9ad55b1024ffd4d88bf C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 01:38 2015744 a58ac1c6199ef34228abee7fc057ae09 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 09:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 05:00 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 07:15 2136064 8318ed54797f3e513fd5817a1d4bbd18 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 02:08 2136064 1220faf071dea8653ee21de7dcda8bfd C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 05:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 05:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
2004-08-04 05:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe
2004-08-04 05:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
2004-08-04 05:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-04 05:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 05:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
2005-06-10 17:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 05:00 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-10 16:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-10 16:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 01:52 36864]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-19 21:23 69632]
"ThrustTSR"="C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe" [2003-04-10 12:44 217088]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 17:28 790528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-28 20:15 155648]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24 86016]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2004-11-30 18:10 1978368]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-12-17 16:14 135168]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2003-01-30 19:55 311296]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 19:55 196608]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 17:22 53096]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-06-14 22:13:46 303104]
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 21:37:56 217194]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-13 21:47:29 113664]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-01-15 21:57:54 278528]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-10-15 17:49:35 122880]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoDesktopCleanupWizard"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoAutoTrayNotify"= 1 (0x1)
"NoViewOnDrive"= 0 (0x0)
"NoNetConnectDisconnect"= 1 (0x1)
"NoStrCmpLogical"= 00000000
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL
"VIDC.ACDV"= ACDV.dll
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2006-12-18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Michael.job
- C:\PROGRA~1\NORTON~2\NORTON~3\Navw32.exe [2007-05-23 12:13]
2007-10-23 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2005-10-05 23:02]
2008-08-01 C:\WINDOWS\Tasks\Symantec Drmc.job
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-03 21:20]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 -: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 13:58:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-06 13:59:37
ComboFix-quarantined-files.txt 2008-08-06 20:59:34
ComboFix2.txt 2008-08-01 07:04:53
Pre-Run: 138,728,517,632 bytes free
Post-Run: 138,787,909,632 bytes free
185 --- E O F --- 2008-08-01 07:37:28
========================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:21 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michael\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe 1
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10991 bytes
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,287 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
07-Aug-2008, 12:28 PM #18
go to the following link and upload the following file(s) for analysis and let me know what the results are please:

http://virusscan.jotti.org/

C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\spoolsv.exe
__________________
Microsoft MVP - Consumer Security
Zydecoboy's Avatar
Junior Member with 13 posts.
  
Join Date: Jul 2008
Experience: Intermediate
07-Aug-2008, 05:17 PM #19
Hi... the results of the Jotti scan are below. No malware was detected in the scanned files. Overall, it seems like things are ok on my end, what do you think? Thanks for all your help!

Results of Jotti online file scanner - August 7th, 2008

File: explorer.exe
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 97bd6515465659ff8f3b7be375b2ea87
Packers detected: -

File: svchost.exe
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 8f078ae4ed187aaabc0a305146de6716
Packers detected: -

File: user32.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: b409909f6e2e8a7067076ed748abf1e7
Packers detected: -

File: ws2_32.dll
Status: OK
MD5: 2ed0b7f12a60f90092081c50fa0ec2b2
Packers detected: -

File: winlogon.exe
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 01c3346c241652f43aed8e2149881bfe
Packers detected: -

File: services.exe
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: c6ce6eec82f187615d1002bb3bb50ed4
Packers detected: -

File: spoolsv.exe
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: da81ec57acd4cdc3d4c51cf3d409af9f
Packers detected: -
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,287 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
07-Aug-2008, 09:23 PM #20
OK, this was the result I expected, so that's good.

Go to the following link and download Dial-a-Fix to your desktop. Unzip the program and double-click the Dial-a-Fix.exe to run the program.

Check:

Fix SSL/HTTPS/Cryptography and click Go.

http://www.majorgeeks.com/download4899.html

Reboot and then run ComboFix again and post the new log please.
__________________
Microsoft MVP - Consumer Security
Zydecoboy's Avatar
Junior Member with 13 posts.
  
Join Date: Jul 2008
Experience: Intermediate
07-Aug-2008, 11:12 PM #21
Ok, here's the combofix log. Note, I installed a new version of Norton SystemWorks and Antivirus. Thanks.

ComboFix 08-08-07.05 - Michael 2008-08-07 18:58:52.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.571 [GMT -7:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))
.
2008-08-07 18:37 . 2008-08-07 19:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-08-07 16:16 . 2008-08-07 16:16 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-08-07 16:16 . 2008-08-07 16:17 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-08-07 15:02 . 2008-08-07 15:06 <DIR> d-------- C:\Program Files\Norton SystemWorks Premier
2008-08-07 15:02 . 2008-08-07 16:16 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-07 15:02 . 2008-08-07 16:16 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-07 15:02 . 2008-08-07 16:16 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-07 15:02 . 2008-08-07 16:16 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-05 11:48 . 2008-08-05 11:48 <DIR> d-------- C:\WINDOWS\Sun
2008-08-05 11:39 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-05 11:38 . 2008-08-05 11:39 <DIR> d-------- C:\Program Files\Java
2008-08-05 11:38 . 2008-08-05 11:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-01 00:08 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-08-01 00:08 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-28 09:56 . 2008-07-28 09:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 09:56 . 2008-07-28 09:56 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-07-28 09:56 . 2008-07-28 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 09:56 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-28 09:56 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-27 17:39 . 2008-07-27 17:39 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-13 20:45 . 2008-07-13 20:45 <DIR> d-------- C:\528c7d72431481fa007bde
2008-07-13 20:39 . 2008-07-13 20:39 <DIR> d-------- C:\2433278c4092a0ecd41becf5cb
2008-07-13 20:27 . 2008-07-13 20:27 <DIR> d-------- C:\5a98f9adb0b3327f6ab594
2008-07-13 20:27 . 2008-07-13 20:27 <DIR> d-------- C:\5a51ab8166c1b27a295dfd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 23:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-07 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-07 23:16 --------- d-----w C:\Program Files\Symantec
2008-08-07 23:04 --------- d-----w C:\Documents and Settings\Michael\Application Data\Symantec
2008-08-07 21:14 --------- d-----w C:\Program Files\Norton SystemWorks
2008-07-31 00:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-31 00:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-31 00:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-10 06:41 --------- d-----w C:\Program Files\Steam
.
((((((((((((((((((((((((((((( snapshot@2008-08-06_13.59.22.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-25 02:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-08-07 23:15:30 7,406 ----a-r C:\WINDOWS\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
- 2006-02-23 19:41:02 466,944 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2007-08-29 02:04:25 511,328 ----a-w C:\WINDOWS\system32\capicom.dll
- 2005-10-04 00:35:04 81,748 ----a-w C:\WINDOWS\system32\drivers\NPDRIVER.SYS
+ 2006-10-10 13:17:57 81,780 ----a-w C:\WINDOWS\system32\drivers\NPDRIVER.SYS
- 2005-10-04 00:19:00 90,272 ----a-w C:\WINDOWS\system32\drivers\SdDriver.SYS
+ 2005-11-04 02:43:42 90,272 ----a-w C:\WINDOWS\system32\drivers\SdDriver.SYS
+ 2007-07-31 06:43:41 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-07-31 06:43:41 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-07-31 06:43:41 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
- 2007-10-01 21:48:56 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
+ 2007-08-13 20:50:34 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
- 2007-10-01 21:49:04 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
+ 2007-08-13 20:50:34 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
- 2007-10-01 21:49:16 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys
+ 2007-08-13 20:50:34 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
+ 2007-08-10 00:27:53 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
- 2007-10-01 21:49:10 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
+ 2007-08-13 20:50:34 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
+ 2007-08-13 20:50:34 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
- 2007-10-01 21:49:20 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
+ 2007-08-13 20:50:34 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
- 2007-10-01 21:49:26 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
+ 2007-08-13 20:50:34 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
+ 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
- 2008-01-05 22:10:31 48,238 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-08-07 21:16:45 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2003-03-19 05:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2007-03-22 03:39:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.DLL
- 2003-03-19 04:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2007-03-22 03:33:00 503,808 ----a-w C:\WINDOWS\system32\MSVCP71.DLL
- 2003-02-21 12:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2007-03-22 03:33:00 348,160 ----a-w C:\WINDOWS\system32\MSVCR71.DLL
- 2000-09-30 01:29:30 31,744 ----a-w C:\WINDOWS\system32\S32stat.DLL
+ 2000-09-30 00:29:30 31,744 ----a-w C:\WINDOWS\system32\S32stat.DLL
- 2007-10-01 21:49:38 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll
+ 2007-08-23 23:57:55 577,928 ----a-w C:\WINDOWS\system32\SymNeti.dll
- 2007-10-01 21:49:36 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
+ 2007-08-23 23:57:55 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
+ 2006-12-02 05:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 05:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 05:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 05:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 07:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 07:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 07:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 07:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 07:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 07:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 07:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 07:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 07:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 07:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_ x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 01:52 36864]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-19 21:23 69632]
"ThrustTSR"="C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe" [2003-04-10 12:44 217088]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 17:28 790528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-28 20:15 155648]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24 86016]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00 49152]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2004-11-30 18:10 1978368]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-12-17 16:14 135168]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2003-01-30 19:55 311296]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 19:55 196608]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 17:07 617984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Premier\osCheck.exe" [2007-09-18 08:22 25472]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 21:53 714608]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-06-14 22:13:46 303104]
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 21:37:56 217194]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-13 21:47:29 113664]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-01-15 21:57:54 278528]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoDesktopCleanupWizard"= 1 (0x1)
"Intellimenus"= 1 (0x1)
"NoAutoTrayNotify"= 1 (0x1)
"NoViewOnDrive"= 0 (0x0)
"NoNetConnectDisconnect"= 1 (0x1)
"NoStrCmpLogical"= 00000000
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"VIDC.YV12"= ATIYUV12.DLL
"VIDC.ACDV"= ACDV.dll
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
R2 AsusGIO;AsusGIO;C:\Program Files\ASUS\Ai Booster\AsusGIO.sys [2003-11-26 22:15]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-08-24 22:07]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
*Newly Created Service* - ASUSGIO
.
Contents of the 'Scheduled Tasks' folder
2008-08-07 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Michael.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2007-08-26 18:19]
2008-08-07 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks Premier\OBC.exe [2007-09-18 08:22]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O8 -: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 -: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 19:06:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ati2evxx.exe
.
**************************************************************************
.
Completion time: 2008-08-07 19:09:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-08 02:09:30
ComboFix2.txt 2008-08-01 07:04:53
Pre-Run: 138,304,360,448 bytes free
Post-Run: 138,254,336,000 bytes free
224 --- E O F --- 2008-08-01 07:37:28
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,287 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
09-Aug-2008, 11:11 AM #22
That's good. How are things now?
Zydecoboy's Avatar
Junior Member with 13 posts.
  
Join Date: Jul 2008
Experience: Intermediate
11-Aug-2008, 06:03 PM #23
Hi.... I was away over the weekend. But I did a full system scan last night with the new Norton Antivirus and it came out clean except for one troublesome cookie, which it fixed. Otherwise things seem to be working pretty well now, definitely not rebooting on it's own like before, and the performance seems to be on par with what it was before the attack. I think I'll run one more full scan with Kaspersky just to be sure. Otherwise unless you see something fishy in the logs that you want me to look into, I'd say it looks like a success from my end.

What clean-up steps would you recommend? And is it ok to uninstall all the various programs we used during the cleanup? Let me know what you think.

Once we're finished I'll mark this thread as "solved" and make a donation to the forum. You have been a tremendous help, thank you very much!
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,287 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
11-Aug-2008, 09:21 PM #24
Thank you for the kind words and the donation. Both are very much appreciated.

Here are some final instructions for you.


Follow these steps to uninstall Combofix and all of its files and components.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


The following program will remove some of the tools we've used and their associated files and backups and then it will delete itself.

Please download OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt.exe to run it. (Vista users, please right-click on OTMoveIt2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your firewall or real-time protection attempts to block OTMoveIt2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application which will delete itself.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.


Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on StartAll ProgramsAccessoriesSystem Tools and then select System Restore.

In the System Restore wizard, select Create a restore point and click the Next button.

Type a name for your new restore point then click on Create.


I also recommend downloading SPYWAREBLASTER for added protection.

Read here for info on how to tighten your security.


Delete Temporary Files:

Go to Start - Run and type in cleanmgr and click OK.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.


***

You should trim down your start-ups (these show as the 04 entries in your HijackThis log) as there are too many running. You can research them at these sites and if they aren’t required at start-up then you can uncheck them in msconfig via Start - Run - type msconfig click OK and then click on the start-up tab.

http://castlecops.com/StartupList.html
http://www.bleepingcomputer.com/startups/
http://www.windowsstartup.com/wso/index.php
__________________
Microsoft MVP - Consumer Security
Zydecoboy's Avatar
Junior Member with 13 posts.
  
Join Date: Jul 2008
Experience: Intermediate
16-Aug-2008, 03:56 AM #25
Welps that's it, everything is working great now and back to normal. You've saved me from having to rebuild the O/S from the ground up.

Thank you so much for your devotion and dilligence in eradicating this malware from my PC, It's really fantastic of you and the other pros here at the forum to devote your time and energy in the fight against these hackers, phishers, spammers, and malware miscreants - you are the White Knights in this Cyberwar.

Finally in recognition of the headaches you saved me, I'm donating $75.00 to the forum - keep up the great work Tech Support Guys!!!
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 79,287 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
16-Aug-2008, 09:49 PM #26
You're most welcome and thank you very much for the generous donation. The kind gesture is sincerely appreciated.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 2 of 2 1 2

Tags
auto reset, crash

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 10:23 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.