1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help please: Adware.Virtumonde and PrivacyRemover.M64 malware

Discussion in 'Virus & Other Malware Removal' started by redsfan2008, Sep 18, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. redsfan2008

    redsfan2008 Thread Starter

    Joined:
    Sep 18, 2008
    Messages:
    10

    Hello,

    A few days ago, my background image got changed to a fake one containing a warning about Adware.Virtumonde and PrivacyRemover.M64. Also, I got a fake popup asking me to install something like "Windows XP Anti-Virus 2008" (I did not of course).

    I ran Norton Internet Security 2008 virus and security scans, but they showed up nothing. I ran Ad-Aware SE Personal, and it detected spyware. I clicked "fix" and after a reboot ran Ad-Aware again and it did not report any issues. Also, the background image is gone, and the fake popup is gone.

    However, if I try to access anti-malware sites such as Trend Micro, etc I cannot - the browser returns an error page. Also, if I search for anything in Google, when I click the links provided, they redirect me to other commercial sites instead, using the go.google redirect. This happens with both Explorer and Firefox.

    I have a Dell Dimension 2400 running Windows XP Home SP3, also running Norton Internet Security 2008.

    I ran HijackThis and have attached the logfile.

    Can you help?
    Thanks!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:07:44, on 15/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\Program Files\Maxtor\Utils\SyncServices.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\program files\silver crest memory adapter tools2.93\scma.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\camtool\VideoMonitor\CamTool.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
    O4 - HKLM\..\Run: [SCM] c:\program files\silver crest memory adapter tools2.93\scma.exe sys_auto_run C:\Program Files\Silver Crest Memory Adapter Tools2.93
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: camtool.lnk = C:\Program Files\camtool\VideoMonitor\CamTool.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
    O16 - DPF: KCrypto for Applets - https://www.ros.ie/applets/kcrypto.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120253110609
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.tagged.com/online/online2/bejeweled2/popcaploader_v6.cab
    O21 - SSODL: System - {323C3B3A-F0F8-48D4-A6DD-E1FF4C71175E} - C:\WINDOWS\system32\system32.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 12815 bytes
     
  2. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Hello and welcome to Tech Support Guy.

    My name is km2357 and I will be helping you to remove any infection(s) that you may have.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


    I will be back as soon as possible with your first instructions!
     
  3. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Step # 1: Make an uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.



    Step # 2: Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Be sure to save ComboFix.exe to your Desktop

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleaning the system:

    Uninstall List
    C:\ComboFix.txt
    New HijackThis log.


    Use multiple posts if you can't fit everything into one post.
     
  4. redsfan2008

    redsfan2008 Thread Starter

    Joined:
    Sep 18, 2008
    Messages:
    10
    Hello km2357,

    Thank you for your prompt reply - appreciated!

    I followed your instructions. I have attached the following:

    1. Uninstall List
    2. C:\ComboFix.txt
    3. New HijackThis log

    I was prompted to download a new version of ComboFix, so I clicked yes, hope this was ok?

    redsfan2008

    =====================================
    1. Uninstall List
    =====================================

    3D Home Designer Deluxe Edition
    Ad-Aware SE Personal
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Photoshop 7.0
    Adobe Reader 7.1.0
    Adobe Shockwave Player
    AppCore
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 4
    Barbie(tm) as Island Princess 1 Screen Saver
    Barbie(tm) as Island Princess 2 Screen Saver
    BCWipe 3.0
    Bonus
    Broadcom Management Programs
    Camtasia Studio 4
    camtool
    CC_ccProxyExt
    ccCommon
    ccCommon
    ccPxyCore
    CheckIt Diagnostics
    CIB
    Clifford Thinking Adventures
    Component Framework
    Conexant SmartHSFi V92 56K DF PCI Modem
    Connection Keep Alive
    DAO
    Dell Picture Studio - Dell Image Expert
    Dell Solution Center
    Digital Line Detect
    Directory Snoop 5.02 (Trial Version)
    DisneyLand15 Screen Saver
    Disney's Winnie the Pooh Toddler
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    DVDSentry
    Easy CD Creator 5 Basic
    FinePixViewer Ver.4.2
    FLV Player 2.0, build 24
    FUJIFILM DS SERIAL TWAIN
    FUJIFILM EZtouch Ver.3.3
    FUJIFILM PICTURE SHUTTLE Ver.3.3
    FUJIFILM USB Driver
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Heretic II
    HijackThis 2.0.2
    Hollywood FX 5.5 Additional Effects
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Image Grabber 3.0.1
    ImageMixer VCD2 for FinePix
    Intel(R) Extreme Graphics Driver
    InterActual Player
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Kremlin
    Kubex Software 3D Home Designer
    LiveUpdate (Symantec Corporation)
    LiveUpdate (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    MasterSplitter Program
    Maxtor Backup
    Maxtor Encryption
    Maxtor OneTouch III
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 97, Professional Edition
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works 7.0
    MicroStaff WINASPI
    Modem Helper
    Mozilla Firefox (2.0.0.16)
    MSRedist
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MyDsc2
    MyDVD
    Neat Image v5 Demo
    NetWaiting
    Norton Add-on Pack (Symantec Corporation)
    Norton AntiSpam
    Norton AntiVirus
    Norton AntiVirus Help
    Norton AntiVirus Help
    Norton Cleanup
    Norton Confidential Core
    Norton GoBack 4.1
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    Norton Protection Center
    Norton SystemWorks
    Norton SystemWorks 2006 Basic Edition
    Norton SystemWorks 2006 Basic Edition (Symantec Corporation)
    Norton Utilities
    NSW_DRM_COLLECTION
    Operation Pridelands
    Paint Shop Pro 7
    Parental Control
    Persistent_Wheels_Music ScreenSaver
    Picasa 2
    Pinnacle Hollywood FX for Studio
    PowerDVD
    proDAD Heroglyph 1.0
    proDAD Heroglyph 2.0
    Quake III Team Arena
    Quake 3 Arena Demo
    Quake 4(TM) Demo
    Quake II
    Quake III Arena
    QuickTime
    RAW FILE CONVERTER LE
    RealPlayer
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Silver Crest Memory Adapter 2.93
    Skype™ Beta 0.96
    SmartSound Quicktracks Plugin
    SPBBC 32bit
    Spectra
    Studio 9
    Studio 9 Content CD/DVD
    Team Arena Demo
    TextBridge Classic 2.0
    Tweak UI
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    USB PC Cam Zoom
    Windows Genuine Advantage v1.3.0254.0
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! ¤u¨ã¦C
    Yahoo! Browser Services
    Yahoo! Browser Services
    Yahoo! Messenger
    Yahoo! Messenger Explorer Bar
    Yahoo! Search Protection


    =====================================
    2. C:\ComboFix.txt
    =====================================

    ComboFix 08-09-19.04 - Quake2 2008-09-19 22:59:04.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.422 [GMT 1:00]
    Running from: C:\Documents and Settings\Quake2\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Quake2\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * Created a new restore point
    .
    ADS - system32: deleted 99885 bytes in 1 streams.
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\Theresa\Cookies\[email protected][1].txt
    C:\Documents and Settings\Theresa\Cookies\[email protected][2].txt
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\system.exe
    C:\WINDOWS\system32\dao350.dll
    C:\WINDOWS\system32\drivers\fad.sys
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\WINDOWS\system32\tdssinit.dll
    C:\WINDOWS\system32\tdsslog.dll
    C:\WINDOWS\system32\tdssmain.dll
    C:\WINDOWS\system32\tdssservers.dat
    .
    ((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))
    .
    2008-09-15 23:06 . 2008-09-15 23:06 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-15 02:50 . 2008-09-15 02:50 <DIR> d-------- C:\Documents and Settings\Quake2\Application Data\Lavasoft
    2008-09-01 22:04 . 2008-09-01 22:04 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
    2008-09-01 22:04 . 2008-09-01 22:04 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
    2008-09-01 22:04 . 2008-09-01 22:04 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-08-26 00:26 . 2008-04-14 01:12 276,992 --------- C:\WINDOWS\SYSTEM32\wmphoto.dll
    2008-08-26 00:26 . 2008-04-14 01:12 69,120 --------- C:\WINDOWS\SYSTEM32\wlanapi.dll
    2008-08-26 00:24 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\SYSTEM32\msxml6.dll
    2008-08-26 00:24 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msxml6.dll
    2008-08-26 00:24 . 2008-04-14 01:12 412,160 --------- C:\WINDOWS\SYSTEM32\photometadatahandler.dll
    2008-08-26 00:24 . 2008-04-14 01:12 193,024 --------- C:\WINDOWS\SYSTEM32\napmontr.dll
    2008-08-26 00:24 . 2008-04-14 01:12 176,640 --------- C:\WINDOWS\SYSTEM32\napstat.exe
    2008-08-26 00:24 . 2008-04-14 01:12 155,136 --------- C:\WINDOWS\SYSTEM32\mssha.dll
    2008-08-26 00:24 . 2008-04-14 01:12 144,384 --------- C:\WINDOWS\SYSTEM32\onex.dll
    2008-08-26 00:24 . 2008-04-13 18:27 79,872 --------- C:\WINDOWS\SYSTEM32\msxml6r.dll
    2008-08-26 00:24 . 2008-04-13 18:27 79,872 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msxml6r.dll
    2008-08-26 00:24 . 2008-04-13 19:14 76,800 --------- C:\WINDOWS\SYSTEM32\msshavmsg.dll
    2008-08-26 00:24 . 2008-04-14 01:12 30,208 --------- C:\WINDOWS\SYSTEM32\napipsec.dll
    2008-08-26 00:22 . 2008-04-14 01:11 650,752 --------- C:\WINDOWS\SYSTEM32\dot3ui.dll
    2008-08-25 22:41 . 2008-05-01 15:33 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
    2008-08-25 22:40 . 2008-04-11 20:04 691,712 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-19 21:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-09-19 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-09-16 22:24 --------- d-----w C:\Documents and Settings\Quake\Application Data\Symantec
    2008-09-03 20:28 --------- d-----w C:\Program Files\MSN Messenger
    2008-07-30 16:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-07-30 16:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-07-30 16:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-07-21 22:01 --------- d-----w C:\Program Files\Valve
    2008-07-20 21:13 --------- d-----w C:\Program Files\id Software
    2008-07-20 21:10 --------- d-----w C:\Program Files\Free Christmas Tree 3D Screensaver
    2008-07-20 21:09 --------- d-----w C:\Program Files\Night Before Christmas 3D Screensaver
    2008-07-20 21:07 --------- d-----w C:\Program Files\Java
    2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
    2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
    2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
    2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
    2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
    2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
    2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
    2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
    2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
    2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
    2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
    2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
    2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
    2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
    2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
    2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
    2008-07-07 20:26 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
    2008-06-28 19:50 22,328 ----a-w C:\Documents and Settings\Quake2\Application Data\PnkBstrK.sys
    2008-06-28 19:50 103,736 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
    2008-06-28 19:49 66,872 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrA.exe
    2008-06-24 17:12 295,936 ------w C:\WINDOWS\SYSTEM32\wmpeffects.dll
    2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
    2008-06-24 16:43 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
    2008-06-24 09:57 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
    2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
    2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
    2008-06-20 17:46 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
    2008-06-20 17:46 147,968 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
    2008-06-20 11:51 361,600 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2008-06-20 11:40 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
    2008-06-20 11:08 225,856 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
    2002-07-26 16:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
    2006-03-26 06:50 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-17 68856]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 126976]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-08-14 28672]
    "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
    "BCWipeTM Startup"="C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" [2004-05-05 294912]
    "SCM"="c:\program files\silver crest memory adapter tools2.93\scma.exe" [2004-08-20 426089]
    "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE" [1998-07-07 37376]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 22528]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 51048]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 406016]
    "USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-04-06 61440]
    "USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
    "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-01-14 339968]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 712704]
    "mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2006-08-11 81920]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 224248]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 714608]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-07-07 22528]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-03 113664]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    camtool.lnk - C:\Program Files\camtool\VideoMonitor\CamTool.exe [2006-10-19 94208]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-10-26 24576]
    Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-01 111376]
    Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2005-11-14 861872]
    Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-01 51984]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "System"= {323C3B3A-F0F8-48D4-A6DD-E1FF4C71175E} - C:\WINDOWS\system32\system32.dll [2004-06-30 0]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll
    "MSVideo"= CSvidcap.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
    "C:\\Q3Ademo\\quake3.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    R1 EPPSCSIx;EPPSCSIx;C:\WINDOWS\system32\drivers\EPPSCSI.SYS [1999-03-17 47148]
    R1 prcmondrv;prcmondrv;C:\WINDOWS\system32\drivers\prcmondrv1041.sys [2006-11-22 18432]
    R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
    R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-31 149864]
    R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
    R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
    R3 USTOR;Silver Crest Memory Adapter;C:\WINDOWS\system32\DRIVERS\UStork.sys [2004-08-17 20218]
    S3 gAGP440p;gAGP440p;C:\DOCUME~1\Quake\LOCALS~1\Temp\gAGP440p.sys [ ]
    S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys [2002-09-11 83456]
    *Newly Created Service* - COMHOST
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    2008-09-01 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Quake.job
    - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19]
    2008-09-19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAF27F77-9F80-4682-BE21-89BC94D91C8E}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
    .
    - - - - ORPHANS REMOVED - - - -
    Notify-WgaLogon - (no file)

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Quake2\Application Data\Mozilla\Firefox\Profiles\ac5g0js1.default\
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-19 23:04:33
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2008-09-19 23:08:52
    ComboFix-quarantined-files.txt 2008-09-19 22:07:48
    Pre-Run: 22,471,032,832 bytes free
    Post-Run: 25,354,948,608 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    211 --- E O F --- 2008-09-10 01:03:08


    ========================================================
     
  5. redsfan2008

    redsfan2008 Thread Starter

    Joined:
    Sep 18, 2008
    Messages:
    10
    =====================================
    3. New HijackThis log
    =====================================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:15:34, on 19/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\Program Files\Maxtor\Utils\SyncServices.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\program files\silver crest memory adapter tools2.93\scma.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\camtool\VideoMonitor\CamTool.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
    O4 - HKLM\..\Run: [SCM] c:\program files\silver crest memory adapter tools2.93\scma.exe sys_auto_run C:\Program Files\Silver Crest Memory Adapter Tools2.93
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: camtool.lnk = C:\Program Files\camtool\VideoMonitor\CamTool.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
    O16 - DPF: KCrypto for Applets - https://www.ros.ie/applets/kcrypto.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120253110609
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O21 - SSODL: System - {323C3B3A-F0F8-48D4-A6DD-E1FF4C71175E} - C:\WINDOWS\system32\system32.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 11900 bytes

    =======================================================
     
  6. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    That's fine. :)


    Step # 1: Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.



    Step # 2 Remove old versions of Java

    While you have the latest version of Java installed, older Java versions have vulnerabilities and need to be removed.

    Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    J2SE Runtime Environment 5.0 Update 9

    J2SE Runtime Environment 5.0 Update 10

    J2SE Runtime Environment 5.0 Update 11

    Java(TM) SE Runtime Environment 6 Update 1

    Java(TM) 6 Update 2

    Java(TM) 6 Update 3

    Java(TM) 6 Update 5


    Reboot your Computer.


    Step # 3 Download and Run Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
    • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location.
    • You can also access the log by doing the following:
    • Click on the Malwarebytes' Anti-Malware icon to launch the program.
    • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open.


    In your next post/reply, I need to see the following:

    1. MalwareBytes' Log
    2. A fresh HiJackThis Log
     
  7. redsfan2008

    redsfan2008 Thread Starter

    Joined:
    Sep 18, 2008
    Messages:
    10
    Hello again. I followed your instructions. Attached are the following:

    1. Malwarebytes Log
    2. New HijackThis log

    Thanks again for all your help!

    Redsfan2008


    Malwarebytes' Anti-Malware 1.28
    Database version: 1182
    Windows 5.1.2600 Service Pack 3
    20/09/2008 22:33:53
    mbam-log-2008-09-20 (22-33-53).txt
    Scan type: Quick Scan
    Objects scanned: 61093
    Time elapsed: 16 minute(s), 49 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 79
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\mso213.doc (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\image-happy_bunny_cowgirl.jpg (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\b8bb_appcompat.txt (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\scanresults.txt (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\SND532unin.txt (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\amex.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\applejacks4.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\apprentice.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\arizonajeans2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\avp.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\badtzmaru.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\billionaire.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\buildabear3.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\butterfinger.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\campbells2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\caprisun.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\chrysler.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\cleanandclear.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\cleanandclear2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\cobalt.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\colgate.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\cottonelle2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\crazygood.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\dakota.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\dat.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\dentyne.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\digordis.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\dreamworks.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\everyoneshero.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\fifamatchcast.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\garnier.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\gatoradefierce.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\gmc2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\h2g2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\harrypotter3.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\holidaygame.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\hondafit.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\hoobastank.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\incredibles.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\invigor8.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\irobot.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\kingArthur.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\kleenex.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\kraft2004.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\kyocera.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\loreal.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\mazing.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\navy.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\nba.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\neopets.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\newlyweds.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\nike.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\nokia.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\oldnavy.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\openseason.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\ortho.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\oxy.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\pd2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\pepsiringtones.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\personals2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\polarexpress.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\ptchocolate.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\re2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\saturn.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\scarymovie3.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\shockwave.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\sims2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\skycaptain.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\spongebob.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\summer.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\suspectzero.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\teamamerica.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\troy.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\walmart.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\winterfresh2.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\wotw.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Local Settings\Temp\wrigley5.bmp (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tim\Desktop\NEWsquad_1024.jpg (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:36:33, on 20/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\Program Files\Maxtor\Utils\SyncServices.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\program files\silver crest memory adapter tools2.93\scma.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\camtool\VideoMonitor\CamTool.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
    O4 - HKLM\..\Run: [SCM] c:\program files\silver crest memory adapter tools2.93\scma.exe sys_auto_run C:\Program Files\Silver Crest Memory Adapter Tools2.93
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: camtool.lnk = C:\Program Files\camtool\VideoMonitor\CamTool.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
    O16 - DPF: KCrypto for Applets - https://www.ros.ie/applets/kcrypto.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120253110609
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab
    O21 - SSODL: System - {323C3B3A-F0F8-48D4-A6DD-E1FF4C71175E} - C:\WINDOWS\system32\system32.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 12046 bytes
     
  8. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Step # 1 Update Adobe Acrobat Reader

    There is a newer version of Adobe Acrobat Reader available. (See Note below)

    • First, go to Add/Remove Programs and uninstall all previous versions.
    • Please go to this link Adobe Acrobat Reader Download Link
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts

    Note: Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 2.3 instead from http://www.foxitsoftware.com/pdf/rd_intro.php



    Step # 2: Remove Hijackthis Entries

    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):


      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    Step # 3: Run Kaspersky Online Scan

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply.


    In your next post/reply, I need to see the following:

    1. Kaspersky Log
    2. A fresh HiJackThis Log
    3. How is your computer doing, any problems?
     
  9. redsfan2008

    redsfan2008 Thread Starter

    Joined:
    Sep 18, 2008
    Messages:
    10
    Hello again,

    I updated Adobe as requested. Then I ran HijackThis and removed the entry requested. I downloaded Kaspersky, and started the scan. It took 13 minutes to hit 2% (8,200 files) so I will run this Monday evening, overnight, and post the logs.

    Overall, the machine is running well, no sign of the original symptoms.
    I did have some problems this evening connecting to my broadband connection, but that might be something else.....

    redsfan2008
     
  10. redsfan2008

    redsfan2008 Thread Starter

    Joined:
    Sep 18, 2008
    Messages:
    10
    Hello again,

    I ran Kaspersky tonight, also HijackThis, logs attached.

    PC appears to be running fine so far.

    Thanks
    redsfan2008


    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Monday, September 22, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Monday, September 22, 2008 19:45:04
    Records in database: 1250911
    --------------------------------------------------------------------------------
    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes
    Scan area - My Computer:
    A:\
    C:\
    D:\
    Scan statistics:
    Files scanned: 115723
    Threat name: 24
    Infected objects: 157
    Suspicious objects: 19
    Duration of the scan: 02:08:02

    File name / Threat name / Threats count
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00AB2613.tmp Infected: Backdoor.Win32.SubSeven.22 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01E96938.wmf Infected: Exploit.Win32.IMG-WMF.c 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\034A5092.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\052C3DD6.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\072158CD.exe Infected: Backdoor.Win32.HacDef.dx 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07426F1D.wmf Infected: Exploit.Win32.IMG-WMF.c 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0933391C.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09982679.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D237882.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DD83E8C.jar Infected: Exploit.Java.ByteVerify 2
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DD83E8C.jar Infected: Trojan-Downloader.Java.OpenConnection.aa 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E4A2983.exe Infected: Backdoor.Win32.Brabot.c 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E614F69.tmp Infected: Exploit.VBS.Phel.i 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F991FCC.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1062233B.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10A33840.js Infected: Trojan-Downloader.JS.Small.ag 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\115C52A2.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\117B2832.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\118908C0.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11CD259C.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12DB3848.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13F30D03.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13F636FF.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13FD0AF8.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\152C4BAA.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15EF0B41.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16BC5067.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16FD17F6.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\170B0DD8.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171F09C2.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17255DBB.cla Infected: Trojan.Java.ClassLoader.Dummy.d 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\172907B7.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17DD7F12.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17E0290F.cla Infected: Trojan.Java.ClassLoader.Dummy.d 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17E0290F.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17E3530B.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19F93C73.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AF55D5E.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B085949.htm Suspicious: Exploit.VBS.Phel 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BD05A6D.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BD95863.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CBD14B8.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CCB3CAA.jar Infected: Exploit.Java.ByteVerify 2
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CCB3CAA.jar Infected: Trojan-Downloader.Java.OpenConnection.aa 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D353731.htm Infected: Trojan-Clicker.JS.Linker.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D3F3526.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D590509.jar Infected: Virus.Win32.Bube.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D590509.jar Infected: Trojan.Java.Femad 4
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EDE2F19.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EE031CE.gif Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FB41C5F.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\204C124A.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2182055F.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26126EFD.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26DA4495.htm Suspicious: Exploit.VBS.Phel 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27C9580D.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\281E1BB0.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\292E3677.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29623B3C.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29797C24.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\298A4E12.cla Infected: Trojan.Java.ClassLoader.Dummy.d 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29A173F9.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DF55B27.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E2226F5.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E32572B.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30042559.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\300C7AC8.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\302C3B9B.htm Infected: Trojan-Clicker.JS.Linker.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\303C7D94.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\306A5957.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\310A62A7.jar Infected: Virus.Win32.Bube.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\310A62A7.jar Infected: Trojan.Java.Femad 4
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\311E4B1F.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313B5871.htm Infected: Virus.Win32.Bube.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36124F78.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\364D3F87.gif Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\364D3F87.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36516D34.jar Infected: Exploit.Java.ByteVerify 2
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36516D34.jar Infected: Trojan-Downloader.Java.OpenConnection.aa 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36F161D6.wmf Infected: Exploit.Win32.IMG-WMF.c 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A171C54.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A211A49.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A2E1B43.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A346F3B.gif Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40B511F0.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\427D305B.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42805A57.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\460E7869.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46140627.htm Suspicious: Exploit.VBS.Phel 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47191102.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48684EC5.gif Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48684EC5.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48D3384F.gif Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48D3384F.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A7B7BFA.exe Infected: Backdoor.Win32.HacDef.dx 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AF41BD5.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D010082.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D017DE4.htm Suspicious: Exploit.VBS.Phel 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FD17CE2.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FD750DB.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FDB7AD7.cla Infected: Trojan.Java.ClassLoader.Dummy.d 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51407BA2.htm Infected: Trojan-Dropper.VBS.Inor.cz 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\515B666C.wmf Infected: Exploit.Win32.IMG-WMF.c 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\541E6279.htm Infected: Trojan-Dropper.VBS.Inor.cz 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56120773.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57837A9E.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5792374E.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57A95D35.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57B60527.cla Infected: Trojan.Java.ClassLoader.Dummy.d 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58CB0B8A.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59D77E63.htm Infected: Trojan-Clicker.JS.Linker.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59ED244A.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A224410.cla Infected: Trojan.Java.ClassLoader.Dummy.d 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A5339DA.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5ABE2364.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B934C7A.jar Infected: Virus.Win32.Bube.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B934C7A.jar Infected: Trojan.Java.Femad 4
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BB37056.htm Infected: Virus.Win32.Bube.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D4A2E37.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DDF51F3.htm Infected: Trojan-Clicker.JS.Linker.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E543972.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E95012A.htm Infected: Virus.Win32.Bube.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EC676F4.jar Infected: Virus.Win32.Bube.k 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EC676F4.jar Infected: Trojan.Java.Femad 4
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\682064F6.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68592039.wmf Infected: Exploit.Win32.IMG-WMF.c 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A2C055B.htm Infected: Exploit.VBS.Phel.a 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DCB195E.gif Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\702E6979.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7318573C.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75025E98.wmf Infected: Exploit.Win32.IMG-WMF.c 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75296057.tmp Infected: Backdoor.Win32.Optix.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75346336.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\753E612B.cla Infected: Trojan.Java.ClassLoader.Dummy.d 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75453524.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\758E2949.exe Infected: Trojan-Downloader.Win32.Tibs.ir 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75A02B44.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78DF22E0.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78F41B16.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78FB6F0F.cla Infected: Trojan.Java.ClassLoader.Dummy.d 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79056D04.cla Infected: Exploit.Java.ByteVerify 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\795802A2.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\799B6000.htm Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A326B5A.jar Infected: Exploit.Java.ByteVerify 2
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A326B5A.jar Infected: Trojan-Downloader.Java.OpenConnection.aa 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CE66022.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D3779C8.gif Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D6155DC.htm Suspicious: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E2E5D09.htm Infected: Trojan-Downloader.JS.Small.bq 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E7020E5.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EBB6692.gif Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FA4231D.gif Infected: Exploit.HTML.Mht 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FA4231D.htm Infected: Trojan-Downloader.JS.Weis.b 1
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\svchost.exe.vir Infected: Trojan-Downloader.Win32.Small.adfx 1
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tdsslog.dll.vir Infected: Backdoor.Win32.Agent.rfv 1
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tdssmain.dll.vir Infected: Backdoor.Win32.Agent.rfw 1
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0004399.DLL Infected: not-a-virus:Downloader.Win32.PopCap.a 1
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000003.exe Infected: Trojan-Downloader.Win32.Small.adfx 1
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000006.dll Infected: Backdoor.Win32.Agent.rfw 1
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000007.dll Infected: Backdoor.Win32.Agent.rfv 1
    The selected area was scanned.
     
  11. redsfan2008

    redsfan2008 Thread Starter

    Joined:
    Sep 18, 2008
    Messages:
    10
    Latest HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:30:48, on 22/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\Program Files\Maxtor\Utils\SyncServices.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\program files\silver crest memory adapter tools2.93\scma.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Documents and Settings\Quake2\Local Settings\Temp\jkos-Quake2\binaries\ScanningProcess.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
    O4 - HKLM\..\Run: [SCM] c:\program files\silver crest memory adapter tools2.93\scma.exe sys_auto_run C:\Program Files\Silver Crest Memory Adapter Tools2.93
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: camtool.lnk = C:\Program Files\camtool\VideoMonitor\CamTool.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
    O16 - DPF: KCrypto for Applets - https://www.ros.ie/applets/kcrypto.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120253110609
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab
    O21 - SSODL: System - {323C3B3A-F0F8-48D4-A6DD-E1FF4C71175E} - C:\WINDOWS\system32\system32.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 11940 bytes
     
  12. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Kaspersky found some infected System Restore points. They are harmless where they are. I'll show you how to remove them and set a new, clean one within in the next few posts. Kaspersky also found some files in the Qoobox folder. That folder is where ComboFix keeps its quarantined files. I'll show you how to remove that folder and ComboFix shortly.


    Reconfigure Windows XP to show hidden files:
    To enable the viewing of Hidden files follow these steps:

    • Close all programs so that you are at your desktop.
    • Double-click on the My Computer icon.
    • Select the Tools menu and click Folder Options.
    • After the new window appears select the View tab.
    • Put a checkmark in the checkbox labeled Display the contents of system folders.
    • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    • Remove the checkmark from the checkbox labeled Hide protected operating system files.
    • Press the Apply button and then the OK button and shutdown My Computer.
    • Now your computer is configured to show all hidden files.


    Using Windows Explorer, delete the contents of the following folder, do not delete the folder itself:

    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine

    Let me know if you have any problems.
     
  13. redsfan2008

    redsfan2008 Thread Starter

    Joined:
    Sep 18, 2008
    Messages:
    10
    Hello,

    I did as you requested and deleted the Norton AntiVirus\Quarantine contents.

    Regards,
    redsfan2008
     
  14. km2357

    km2357

    Joined:
    Aug 9, 2007
    Messages:
    686
    Then if there are no more problems, then you are good to go. :)

    To remove ComboFix, do the following:

    Go to Start > Run - type in ComboFix /u & click OK

    Please take the time to read my All Clean Post.

    Please follow these simple steps in order to keep your computer clean and secure:

    This is a good time to clear your existing system restore points and establish a new clean restore point

    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and Ok it.
    • Next, go to Start > Run and type in cleanmgr
    • Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
    • Select the More options tab
    • Choose the option to clean up system restore and OK it.
    • This will remove all restore points except the new one you just created.
    .

    Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.


    Make your Internet Explorer more secure This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK
    • Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
    • Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
    • Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
      Computer Safety on line Anti Malware
    • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
      • Click the start button on the task bar at the bottom of your screen
      • Click run
      • In the dialog box, type services.msc
      • hit enter, then locate dns client
      • Highlight it, then doubleclick it.
      • On the dropdown box, change the setting from automatic to manual.
      • Click ok..
    • Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    • Please read Tony Klein's excellent article: How I got Infected in the First Place
    • Please read Understanding Spyware, Browser Hijackers, and Dialers
    • Please read Simple and easy ways to keep your computer safe and secure on the Internet
    • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox or
      Opera.
      If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
    • Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
    Follow these steps and your potential for being infected again will reduce dramatically.

    Here's a good website to read about Malware prevention:

    http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

    If your computer is running slow, click here for instructions on how to help speed up your computer.

    Good luck!


    Please reply one last time so that I know you have read my post.
     
  15. redsfan2008

    redsfan2008 Thread Starter

    Joined:
    Sep 18, 2008
    Messages:
    10
    Hello again. Well, everything seems to be working ok now. I am working through the advice and suggested changes you sent me in you last post.

    Thanks again for your excellent support and timely responses - appreciated!

    redsfan2008
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/751042

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice