Jump to content
Sign in to follow this  
Mr Brightside

Please take a look at my HJT log.(Solved)

Recommended Posts

Hi, I hope you can help me out. Quite a few virus' the last few days, and the end result is I have no sound, no wizards and the inability to click "Add Hardware" to get my sound back.

 

Here's the log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:16:45, on 05/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ps2.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {4264A8A1-91E9-43B7-ADD2-3DC03D575C0E} - C:\WINDOWS\system32\gebcd.dll (file missing)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7A5565EF-A594-46E4-AF56-FE71AEAFD7D5} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {9AA57522-2ECD-47DF-BD38-20E7E577A464} - C:\WINDOWS\system32\pmnkihh.dll (file missing)

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s

O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvrir.dll,startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-21-3786382974-3997490384-1086313383-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User '?')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'Default user')

O4 - S-1-5-21-3786382974-3997490384-1086313383-500 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://sappy161.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} - http://webalbum.bonusprint.com/ukipc01/dow...geUploader3.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by115fd.bay115.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{FF44030B-689E-4427-87CD-4AFF01B4D5AD}: NameServer = 194.164.6.112,206.13.30.12

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: pmnkihh - pmnkihh.dll (file missing)

O20 - Winlogon Notify: rqrsqpp - rqrsqpp.dll (file missing)

O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

 

--

End of file - 8003 bytes

 

 

Thanks for taking the time to help.

 

~Mr. Brightside

Share this post


Link to post
Share on other sites

Hi and welcome Mr. Brightside

 

Theres an issue we need to address first.

I can't tell from your log which Antivirus application is resident or there is one you added recently?

 

I see Grisoft\AVG7 antivirus COMODO\Firewall and Symantec/Nortons <--which may also be the security suite, and or is an incomplete uninstall?

 

Never install more than one antivirus scanner or firewall on your system

 

This causes system clashes and instability, and the possibly of false reports with a huge waste of system resources.While this may seem like greater protection, it can cause problems including slowdowns and system hangs.

You can keep both programs, but you must totally disable the real-time component of one AntiVirus, keeping it as an on-demand scanner, while the other AV will provide a real-time protection.

The alternative is to uninstall one AV and keep the other.

 

You make the call and if you need help uninstalling one please let me know.

 

 

 

 

Please visit this webpage for instructions for downloading and running ComboFix. Take your time and read the page completely. If there's anything you don't understand, post back and ask questions first, before proceeding.

How to use ComboFix

 

 

 

In your next reply post:

ComboFix.txt

New HJT log taken after the above scan has run

Share this post


Link to post
Share on other sites

Thank you very much Juliet!

 

I only use AVG-Anti-Virus and Comodo Firewall. My parents bought the Norton Suite, but I disabled all of the settings (just didn't uninstall it - Felt like a waste of money). I am just waiting for the 1 year subscription to run out.

I think the only reason its in the log is because I was fiddling round with some of the startup settings in msconfig (which I thought had caused my problems in the first place), so I believe I was frantically checking and unchecking boxes to try to get my sound back. Evidently, I checked the Norton related ones too.

 

Here is the combofix.txt:

 

ComboFix 08-02.05.3 - Administrator 2008-02-05 21:41:59.1 - NTFSx86

 

Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

.

ADS - system32: deleted 29469 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\_000005_.tmp.dll

C:\WINDOWS\system32\dcbeg.ini

C:\WINDOWS\system32\dcbeg.ini2

C:\WINDOWS\system32\drvrirr.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\winzzc32.dll

 

----- BITS: Possible infected sites -----

 

hxxp://www.download.windowsupdate.com

 

.

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))

.

 

2008-02-05 18:57 . 2008-02-05 18:57 95 --a------ C:\WINDOWS\wininit.ini

2008-02-05 18:25 . 2008-02-05 18:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-02-04 23:20 . 2004-08-04 08:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll

2008-02-04 23:20 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe

2008-02-04 23:20 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe

2008-02-04 23:20 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll

2008-02-04 23:20 . 2004-08-04 06:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys

2008-02-04 23:20 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll

2008-02-04 23:20 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys

2008-02-04 23:20 . 2004-08-04 06:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys

2008-02-04 23:20 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe

2008-02-04 23:18 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll

2008-02-04 23:17 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll

2008-02-04 23:16 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys

2008-02-04 23:15 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys

2008-02-04 23:14 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys

2008-02-04 23:13 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll

2008-02-04 23:12 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll

2008-02-04 23:11 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys

2008-02-04 23:10 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys

2008-02-04 23:09 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys

2008-02-04 23:08 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys

2008-02-04 19:04 . 2008-02-04 19:04 103,936 --a------ C:\WINDOWS\system32\drvrir.dll

2008-02-04 19:04 . 2008-02-04 19:04 145 --a------ C:\WINDOWS\system32\winver.bat

2008-02-03 12:25 . 2008-02-03 12:25 <DIR> d-------- C:\Program Files\Bonjour

2008-02-03 11:45 . 2008-02-03 11:45 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-01-29 14:23 . 2008-02-04 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-01-23 07:29 . 2008-01-23 07:29 896 --a------ C:\WINDOWS\system32\history.aaw

2008-01-21 18:18 . 2008-01-21 18:18 0 --a------ C:\WINDOWS\iPlayer.INI

2008-01-21 18:16 . 2008-01-21 18:22 <DIR> d-------- C:\Program Files\InterActual

2008-01-17 23:56 . 2008-01-17 23:56 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-17 23:56 . 2008-01-17 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-17 23:55 . 2008-01-17 23:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-12 13:37 . 2008-01-12 13:37 <DIR> d-------- C:\Program Files\COMODO

2008-01-12 13:37 . 2008-01-12 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo

2008-01-12 13:37 . 2008-01-12 13:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo

2008-01-12 13:37 . 2008-01-12 13:37 139,008 --a------ C:\WINDOWS\system32\guard32.dll

2008-01-12 13:37 . 2008-01-12 13:37 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys

2008-01-12 13:37 . 2008-01-12 13:37 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-01-06 21:42 . 2008-01-06 21:42 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-01-06 13:21 . 2008-01-06 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0

2008-01-06 13:15 . 2008-01-06 14:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.purple

2008-01-06 11:59 . 2008-01-06 11:59 <DIR> d-------- C:\Program Files\Windows Live

2008-01-06 11:59 . 2008-01-06 12:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-06 11:59 . 2008-01-06 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-01-05 00:50 . 2008-01-05 00:50 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag

2008-01-05 00:50 . 2008-01-05 00:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Auslogics

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-05 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2008-02-05 18:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent

2008-02-05 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-03 22:43 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-03 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan

2008-02-03 12:25 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-02 19:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-02 17:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-27 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-27 19:51 --------- d-----w C:\Program Files\Sony

2008-01-21 18:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss

2008-01-20 00:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Uniblue

2008-01-18 06:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-01-15 09:54 10,537 -c--a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-01-15 05:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-01-13 23:42 --------- d-----w C:\Program Files\Sonic

2008-01-13 23:40 --------- d-----w C:\Program Files\Real

2008-01-12 18:32 23,904 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-01-06 21:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab

2008-01-06 14:55 --------- d-----w C:\Program Files\MSN Messenger

2008-01-06 14:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\.purple

2008-01-06 00:48 34,560 -c--a-w C:\WINDOWS\system32\drivers\SSDefrag.sys

2008-01-02 17:08 --------- d-----w C:\Program Files\DivX

2007-12-25 17:38 --------- d-----w C:\Program Files\Shareaza

2007-12-23 17:31 --------- d-----w C:\Program Files\uTorrent

2007-12-23 16:42 --------- d-----w C:\Program Files\Winamp

2007-12-23 15:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus

2007-12-22 09:44 --------- d-----w C:\Program Files\Norton Internet Security

2007-12-19 15:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft

2007-12-19 15:00 164 ----a-w C:\install.dat

2007-12-19 15:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot

2007-12-19 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx

2007-12-19 12:21 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-12-19 12:03 --------- d-----w C:\Program Files\iPod

2007-12-14 10:11 --------- d-----w C:\Program Files\Bonusprint PhotoBook Editor

2007-12-09 11:20 --------- d-----w C:\Program Files\Google

2007-12-06 23:13 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-06 23:13 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-06 23:13 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-12-06 23:13 --------- d-----w C:\Program Files\Symantec

2007-12-05 07:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Symantec

2007-12-05 07:17 --------- d-----w C:\Program Files\Windows Sidebar

2007-12-05 01:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-11-12 15:21 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2005-09-28 14:11 32 -c--a-r C:\Documents and Settings\All Users\hash.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4264A8A1-91E9-43B7-ADD2-3DC03D575C0E}]

C:\WINDOWS\system32\gebcd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-01-31 07:38 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]

"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe" [2003-10-21 17:42 155648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04 52736]

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-12 13:37 1481472]

"MSDrive"="C:\WINDOWS\system32\drvrir.dll" [2008-02-04 19:04 103936]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"CMSRegOW.exe"="C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [ ]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 23:16 49152 C:\WINDOWS\mididef.exe]

 

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-04-20 17:41:02 2746104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkihh]

pmnkihh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsqpp]

rqrsqpp.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-06-11 16:42 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin200.exe.lnk]

backup=C:\WINDOWS\pss\TrayMin200.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"CTHelper"=CTHELPER.EXE

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

 

*Newly Created Service* - COMHOST

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7FDA5DA0-0C92-E780-F273-B9207984D491}]

C:\WINDOWS\system32:svchost.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-01-28 20:01:49 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

"2008-01-28 13:38:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"

- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

"2007-12-19 13:43:32 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"

- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-05 21:47:58

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll

-> C:\WINDOWS\system32\drvrir.dll

-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

.

**************************************************************************

.

Completion time: 2008-02-05 21:51:50 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-05 21:51:46

.

2008-01-09 23:16:58 --- E O F ---

 

 

 

and here is my new HJT log:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:57:11, on 05/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ps2.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {4264A8A1-91E9-43B7-ADD2-3DC03D575C0E} - C:\WINDOWS\system32\gebcd.dll (file missing)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s

O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvrir.dll,startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-3786382974-3997490384-1086313383-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User '?')

O4 - HKUS\.DEFAULT\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'Default user')

O4 - S-1-5-21-3786382974-3997490384-1086313383-500 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://sappy161.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} - http://webalbum.bonusprint.com/ukipc01/dow...geUploader3.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by115fd.bay115.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{FF44030B-689E-4427-87CD-4AFF01B4D5AD}: NameServer = 194.164.6.112,206.13.30.12

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - Winlogon Notify: pmnkihh - pmnkihh.dll (file missing)

O20 - Winlogon Notify: rqrsqpp - rqrsqpp.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

 

--

End of file - 7271 bytes

 

 

 

~Mr Brightside.

Share this post


Link to post
Share on other sites

Welcome back

 

I can see no reason to leave Nortons on the machine if your not going to use it.

There are services and drivers that will still load and in the long run cause problems.

 

I think you should run the Norton removal tool first to avoid any conflicts with the fixes that follow.

 

Remove Norton AntiVirus:

Here is a guide for uninstalling Norton, including uninstallers. Be sure to use the uninstaller for the version of Norton/Symantec that was installed on your system. http://basconotw.mvps.org/SymRem.htm

 

 

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {4264A8A1-91E9-43B7-ADD2-3DC03D575C0E} - C:\WINDOWS\system32\gebcd.dll (file missing)

O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvrir.dll,startup

O16 - DPF: {DBFECB3F-B78F-442E-AE46-4952E6F17545} - http://webalbum.bonusprint.com/ukipc01/dow...geUploader3.cab

O20 - Winlogon Notify: pmnkihh - pmnkihh.dll (file missing)

O20 - Winlogon Notify: rqrsqpp - rqrsqpp.dll (file missing)

 

 

 

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

 

 

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" including the quotes, and change the "Save as type" to "All Files" and place it on your desktop.

File::
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\drvrir.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4264A8A1-91E9-43B7-ADD2-3DC03D575C0E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSDrive"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkihh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsqpp]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7FDA5DA0-0C92-E780-F273-B9207984D491}]

Posted Image

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

 

 

NEXT

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

 

Click Yes, when prompted to install its ActiveX component.

(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

The program launches and downloads the latest definition files.

  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives

      Scan Mail Bases

  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.

There is no option to clean/disinfect, however, we need to analyze the information on the report.

Posted Image

 

Posted Image

 

 

To obtain the report:

Click on: Save Report As (above - red blinking arrow)

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar

In Save as type, click the drop arrow and select: Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in your reply.

======================================================

 

 

In your next reply post:

ComboFix.txt

Kaspersky log

New HJT log taken after the above scans have run

 

 

I need comments on how things are running now, also please do not use the quote button to reply, use the Posted Image button located at the bottom of the page to reply back. Its easier to read. Thanks

Share this post


Link to post
Share on other sites

I used the Norton Remove Tool, but when the computer restarted, I had no internet. I couldn't fix it, so I did a system restore (You're probably gonna tell me that that was a bad idea ;) ).

 

Here is the ComboFix log:

 

ComboFix 08-02.05.3 - Administrator 2008-02-06 11:51:45.1 - NTFSx86

 

Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

 

FILE

C:\WINDOWS\system32\drvrir.dll

C:\WINDOWS\system32\gebcd.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\_000005_.tmp.dll

C:\WINDOWS\system32\dcbeg.ini

C:\WINDOWS\system32\drvrir.dll

C:\WINDOWS\system32\drvrirr.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\vycdd.ini

C:\WINDOWS\system32\vycdd.ini2

 

.

((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))

.

 

2008-02-06 07:30 . 2008-02-06 07:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7

2008-02-06 00:23 . 2008-02-06 00:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-02-06 00:23 . 2008-02-06 07:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-02-06 00:23 . 2008-02-06 07:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7

2008-02-06 00:21 . 2008-02-06 00:21 <DIR> d-------- C:\Program Files\Norton Internet Security

2008-02-06 00:21 . 2008-02-06 00:21 <DIR> d-------- C:\Program Files\Norton AntiVirus

2008-02-06 00:21 . 2008-02-06 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec

2008-02-06 00:21 . 2008-02-06 00:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec

2008-02-05 23:33 . 2008-02-05 23:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-05 23:33 . 2008-02-05 23:33 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-05 18:57 . 2008-02-05 18:57 95 --a------ C:\WINDOWS\wininit.ini

2008-02-05 18:25 . 2008-02-05 18:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-02-04 23:20 . 2004-08-04 08:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll

2008-02-04 23:20 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe

2008-02-04 23:20 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe

2008-02-04 23:20 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll

2008-02-04 23:20 . 2004-08-04 06:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys

2008-02-04 23:20 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll

2008-02-04 23:20 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys

2008-02-04 23:20 . 2004-08-04 06:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys

2008-02-04 23:20 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe

2008-02-04 23:18 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll

2008-02-04 23:17 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll

2008-02-04 23:16 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys

2008-02-04 23:15 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys

2008-02-04 23:14 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys

2008-02-04 23:13 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll

2008-02-04 23:12 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll

2008-02-04 23:11 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys

2008-02-04 23:10 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys

2008-02-04 23:09 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys

2008-02-04 23:08 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys

2008-02-04 19:04 . 2008-02-04 19:04 145 --a------ C:\WINDOWS\system32\winver.bat

2008-02-03 12:25 . 2008-02-03 12:25 <DIR> d-------- C:\Program Files\Bonjour

2008-02-03 11:45 . 2008-02-03 11:45 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-02-02 18:25 . 2008-02-02 18:25 26,624 --a------ C:\WINDOWS\system32\winzzc32.dll

2008-01-29 14:23 . 2008-02-04 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-01-23 07:29 . 2008-01-23 07:29 896 --a------ C:\WINDOWS\system32\history.aaw

2008-01-21 18:18 . 2008-01-21 18:18 0 --a------ C:\WINDOWS\iPlayer.INI

2008-01-21 18:16 . 2008-01-21 18:22 <DIR> d-------- C:\Program Files\InterActual

2008-01-17 23:56 . 2008-01-17 23:56 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-17 23:56 . 2008-01-17 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-17 23:55 . 2008-01-17 23:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-12 13:37 . 2008-01-12 13:37 <DIR> d-------- C:\Program Files\COMODO

2008-01-12 13:37 . 2008-01-12 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo

2008-01-12 13:37 . 2008-01-12 13:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo

2008-01-12 13:37 . 2008-01-12 13:37 139,008 --a------ C:\WINDOWS\system32\guard32.dll

2008-01-12 13:37 . 2008-01-12 13:37 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys

2008-01-12 13:37 . 2008-01-12 13:37 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-01-06 21:42 . 2008-01-06 21:42 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-01-06 13:21 . 2008-01-06 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0

2008-01-06 13:15 . 2008-01-06 14:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.purple

2008-01-06 11:59 . 2008-01-06 11:59 <DIR> d-------- C:\Program Files\Windows Live

2008-01-06 11:59 . 2008-01-06 12:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-06 11:59 . 2008-01-06 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-06 07:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent

2008-02-06 00:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-02-06 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2008-02-06 00:21 --------- d-----w C:\Program Files\Symantec

2008-02-05 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-03 22:43 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-03 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan

2008-02-03 12:25 --------- d-----w C:\Program Files\Common Files\Adobe

2008-01-27 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-27 19:51 --------- d-----w C:\Program Files\Sony

2008-01-21 18:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss

2008-01-20 00:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Uniblue

2008-01-18 06:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-01-13 23:42 --------- d-----w C:\Program Files\Sonic

2008-01-13 23:40 --------- d-----w C:\Program Files\Real

2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-01-06 21:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab

2008-01-06 14:55 --------- d-----w C:\Program Files\MSN Messenger

2008-01-06 14:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\.purple

2008-01-06 00:48 34,560 -c--a-w C:\WINDOWS\system32\drivers\SSDefrag.sys

2008-01-05 00:50 --------- d-----w C:\Program Files\AusLogics Disk Defrag

2008-01-05 00:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Auslogics

2008-01-02 17:08 --------- d-----w C:\Program Files\DivX

2007-12-25 17:38 --------- d-----w C:\Program Files\Shareaza

2007-12-23 17:31 --------- d-----w C:\Program Files\uTorrent

2007-12-23 16:42 --------- d-----w C:\Program Files\Winamp

2007-12-23 15:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus

2007-12-19 15:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft

2007-12-19 15:00 164 ----a-w C:\install.dat

2007-12-19 15:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot

2007-12-19 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx

2007-12-19 12:21 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-12-19 12:03 --------- d-----w C:\Program Files\iPod

2007-12-14 10:11 --------- d-----w C:\Program Files\Bonusprint PhotoBook Editor

2007-12-09 11:20 --------- d-----w C:\Program Files\Google

2007-12-06 23:13 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-06 23:13 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-06 23:13 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-11-12 15:21 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2005-09-28 14:11 32 -c--a-r C:\Documents and Settings\All Users\hash.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D12FF2A-D5FD-43B3-B06F-F3C07A8480C5}]

C:\WINDOWS\system32\ddcyv.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 03:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-01-31 07:38 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 03:51 316784]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]

"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe" [2003-10-21 17:42 155648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04 52736]

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-12 13:37 1481472]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-02 01:13 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-02 01:13 219136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"CMSRegOW.exe"="C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [ ]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 23:16 49152 C:\WINDOWS\mididef.exe]

 

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-04-20 17:41:02 2746104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsqrr]

tuvsqrr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-06-11 16:42 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32]

winzzc32.dll 2008-02-02 18:25 26624 C:\WINDOWS\system32\winzzc32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin200.exe.lnk]

backup=C:\WINDOWS\pss\TrayMin200.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"CTHelper"=CTHELPER.EXE

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-01-28 20:01:49 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

"2008-01-28 13:38:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"

- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

"2007-12-19 13:43:32 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"

- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-06 11:57:56

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwClose

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\WINDOWS\system32\guard32.dll

-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll

-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

.

**************************************************************************

.

Completion time: 2008-02-06 12:01:54 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-06 12:01:51

ComboFix2.txt 2008-02-05 21:51:50

.

2008-01-09 23:16:58 --- E O F ---

 

 

And here is the Kaspersky Log:

 

 

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, February 06, 2008 3:12:11 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 6/02/2008

Kaspersky Anti-Virus database records: 550719

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

 

Scan Statistics:

Total number of scanned objects: 174116

Number of viruses found: 8

Number of infected objects: 26

Number of suspicious objects: 0

Duration of the scan process: 02:39:36

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\cert8.db Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\history.dat Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\key3.db Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\parent.lock Object is locked skipped

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\sqy84vg1.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008020620080207\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped

C:\Documents and Settings\Administrator\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\143560CD.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\143F5EC2.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14525AAD.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\145F029E.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\378B669C.dll Infected: Backdoor.Win32.Cakl.a skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37956491.dll Infected: Backdoor.Win32.Cakl.d skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37956491.exe Infected: Backdoor.Win32.Cakl.d skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Anytime\SignupLt.exe/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.b skipped

C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Anytime\SignupLt.exe CAB: infected - 1 skipped

C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Reinstall\SignupLt.exe/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.b skipped

C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Reinstall\SignupLt.exe CAB: infected - 1 skipped

C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Standard\SignupLt.exe/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.b skipped

C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Standard\SignupLt.exe CAB: infected - 1 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\drvrir.dll.vir Infected: Trojan.Win32.Dialer.yz skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\winzzc32.dll.vir Infected: Trojan.Win32.Dialer.yz skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP1\A0000148.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.gn skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP1\A0000148.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP1\A0000154.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP1\A0005741.dll Object is locked skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP3\A0011078.dll Object is locked skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP3\A0012627.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP3\A0012628.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP3\A0012629.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP3\A0012630.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP3\A0012631.dll Infected: Backdoor.Win32.Cakl.a skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP3\A0012632.dll Infected: Backdoor.Win32.Cakl.d skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP3\A0012633.exe Infected: Backdoor.Win32.Cakl.d skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP5\A0014570.dll Object is locked skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP5\A0014571.dll Object is locked skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP5\A0014585.exe Infected: not-a-virus:Downloader.Win32.WinFixer.cr skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP5\A0014590.dll Object is locked skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP6\A0014820.exe Object is locked skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP6\A0015010.dll Object is locked skipped

C:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP6\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\winzzc32.dll Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{105D96DC-DFBE-451E-BC78-25868B219AF7}\RP6\change.log Object is locked skipped

 

Scan process completed.

 

 

 

During the scan, AVG was finding quite a few virus', so I put them all in the Virus Vault. So some of the infections that Kaspersky found may have been solved by AVG :S

 

 

And here is the new HJT log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:19:44, on 06/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ps2.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Administrator\My Documents\Chris\Remote Manager\CQ\BFRemoteManager.exe

C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2D12FF2A-D5FD-43B3-B06F-F3C07A8480C5} - C:\WINDOWS\system32\ddcyv.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-21-3786382974-3997490384-1086313383-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User '?')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'Default user')

O4 - S-1-5-21-3786382974-3997490384-1086313383-500 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://sappy161.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by115fd.bay115.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{FF44030B-689E-4427-87CD-4AFF01B4D5AD}: NameServer = 194.164.6.112,206.13.30.12

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: tuvsqrr - tuvsqrr.dll (file missing)

O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

 

--

End of file - 8207 bytes

 

 

I haven't noticed any change in my computer, except that there are less processes running in my task manager :) But I still have no sound/wizards/printer etc

 

~Mr. Brightside

Edited by Mr Brightside

Share this post


Link to post
Share on other sites

Welcome back

 

OK, since the Norton tool had a hiccup we'll try to take out as much as we can with ComboFix

Make sure to check to see if theres an uninstall entry in Add/Remove programs first, if there is do that first.

If not I'll take out files/folders with the next fix.

 

 

I also noticed that you are using some p2p file sharing programs eg.Shareaza

I need to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware. I would recommend that you also remove them.

 

You can find a list of clean P2P programs at http://p2p.malwareremoval.com.

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O2 - BHO: (no name) - {2D12FF2A-D5FD-43B3-B06F-F3C07A8480C5} - C:\WINDOWS\system32\ddcyv.dll (file missing)

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O20 - Winlogon Notify: tuvsqrr - tuvsqrr.dll (file missing)

O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

 

 

 

Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

 

 

Using Windows Explorer (right-click your "Start" button and select "Explore"), please navigate to and delete the following files/folders in bold

(This is to see if AVG found and took care of these)

 

C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Anytime\SignupLt.exe

C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Reinstall\SignupLt.exe

C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Standard\SignupLt.exe

 

 

 

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

 

 

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" including the quotes, and change the "Save as type" to "All Files" and place it on your desktop.

 

 

 

File::
C:\WINDOWS\SYSTEM32\winzzc32.dll
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
C:\WINDOWS\system32\drivers\COH_Mon.sys
C:\WINDOWS\system32\drivers\SYMEVENT.SYS
C:\WINDOWS\system32\ddcyv.dll
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

Folder::
C:\Program Files\Norton Internet Security
C:\Program Files\Norton AntiVirus
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\Administrator\Application Data\Symantec
C:\Program Files\Symantec
C:\Program Files\Common Files\Symantec Shared

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D12FF2A-D5FD-43B3-B06F-F3C07A8480C5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
[-HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsqrr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32]

 

Posted Image

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

ComboFix will disconnect the machine from the internet, this prevents fresh malware from coming in.

The connection shall be restored once ComboFix gets to the Find3M stage.

In the event that ComboFix terminates prematurely you can manually restore the connection by ...

* Going to Control Panel > Network Connections.

* Right click on their Network icons & select "Repair"

 

Posted Image

 

Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

 

Posted Image

 

 

In your next reply post:

ComboFix.txt

New HJT log

 

Let me know if there has been any improvement

Share this post


Link to post
Share on other sites

Thanks. I think this all went successfully. As far as I know any way.

 

However, I still have no sound/wizards, and if my connection had been terminated (thank fook it didn't), I wouldn't have been able to click 'repair', because no connection even shows in my "network connections" via the control panel. Its just a blank page. :(

 

Here's the ComboFix log again:

 

ComboFix 08-02.05.3 - Administrator 2008-02-06 17:16:06.2 - NTFSx86

 

Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

 

FILE

C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

C:\WINDOWS\system32\ddcyv.dll

C:\WINDOWS\system32\drivers\COH_Mon.sys

C:\WINDOWS\system32\drivers\SYMEVENT.SYS

C:\WINDOWS\SYSTEM32\winzzc32.dll

.

The following files were disabled during the run:

C:\WINDOWS\system32\guard32.dll

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrator\Application Data\Symantec

C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\MyProfile.UserProfile

C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Options.VcPref

C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Sessions\20050515180029421.liveReg

C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Sessions\20050524141546437.liveReg

C:\Documents and Settings\All Users\Application Data\Symantec

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Temp\ccdt.ph

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\AppLU.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\AVLUReg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccCmnLuM.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccMSLLuM.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccResLuM.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccRtkLuM.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccSEDLuM.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CFLUReg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\COH32LUR.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\COL32LU.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CW20.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\decluman.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\DRMLUReg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\hnlureg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\HTEC_LU.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\IV20.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUBBReg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUShdsRg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NAVLUReg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NISLUReg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\SymAbLRM.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\SymLTLRM.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\uiLUReg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\VALUReg.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\WA20.dll

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\WP20.dll

C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\patch25.dll

C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.dll

C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.spm

C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

C:\Program Files\Common Files\Symantec Shared

C:\Program Files\Common Files\Symantec Shared\AntiVirus\avCmpCtl.dll

C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVDefMgr.dll

C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll

C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVifc.dll

C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVMail.dll

C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVModule.dll

C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVScan.dll

C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll

C:\Program Files\Common Files\Symantec Shared\AppCore\AppPlg32.dll

C:\Program Files\Common Files\Symantec Shared\AppCore\AppReg32.dll

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSch32.dll

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll

C:\Program Files\Common Files\Symantec Shared\AppCore\AppTrc32.dll

C:\Program Files\Common Files\Symantec Shared\auCOLPwd.dll

C:\Program Files\Common Files\Symantec Shared\ccALEng.dll

C:\Program Files\Common Files\Symantec Shared\ccAlert.dll

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Symantec Shared\ccAppPlg.dll

C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll

C:\Program Files\Common Files\Symantec Shared\ccErrDsp.dll

C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtPlg.dll

C:\Program Files\Common Files\Symantec Shared\ccInst.dll

C:\Program Files\Common Files\Symantec Shared\ccIPC.dll

C:\Program Files\Common Files\Symantec Shared\ccL70.dll

C:\Program Files\Common Files\Symantec Shared\ccL70U.dll

C:\Program Files\Common Files\Symantec Shared\ccLgView.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll

C:\Program Files\Common Files\Symantec Shared\ccProd.dll

C:\Program Files\Common Files\Symantec Shared\ccProSub.dll

C:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcAlert.dll

C:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcApp.dll

C:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcEmlPxy.dll

C:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcErrDsp.dll

C:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcLgView.dll

C:\Program Files\Common Files\Symantec Shared\ccRes\09\01\rcSvcHst.dll

C:\Program Files\Common Files\Symantec Shared\ccRkSn.dll

C:\Program Files\Common Files\Symantec Shared\ccScanW.dll

C:\Program Files\Common Files\Symantec Shared\ccSEBind.dll

C:\Program Files\Common Files\Symantec Shared\ccSet.dll

C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSetPlg.dll

C:\Program Files\Common Files\Symantec Shared\ccSEUPDT.exe

C:\Program Files\Common Files\Symantec Shared\ccSubEng.dll

C:\Program Files\Common Files\Symantec Shared\ccSvc.dll

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll

C:\Program Files\Common Files\Symantec Shared\ccWebWnd.dll

C:\Program Files\Common Files\Symantec Shared\CF\cfEPack.dll

C:\Program Files\Common Files\Symantec Shared\CF\cfLUCbk.dll

C:\Program Files\Common Files\Symantec Shared\CF\cfV2Pack.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\avCFReg.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\cfReg.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\cltCFRg8.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\FWCFReg.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\HNCFReg.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\ISCFReg.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\ISCOReg.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\ISFWReg.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\ISVAReg.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\uiCFReg2.dll

C:\Program Files\Common Files\Symantec Shared\CF\Manifests\VACFReg.dll

C:\Program Files\Common Files\Symantec Shared\CF\PEP2.dll

C:\Program Files\Common Files\Symantec Shared\CF\PEP2S.dll

C:\Program Files\Common Files\Symantec Shared\COH\AHS.dll

C:\Program Files\Common Files\Symantec Shared\COH\COH32.exe

C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg

C:\Program Files\Common Files\Symantec Shared\COH\COHClean.dll

C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg

C:\Program Files\Common Files\Symantec Shared\COH\sesHlp.dll

C:\Program Files\Common Files\Symantec Shared\COH\sH0002.dll

C:\Program Files\Common Files\Symantec Shared\COL\BBIF.dll

C:\Program Files\Common Files\Symantec Shared\COL\COLUpdtr.exe

C:\Program Files\Common Files\Symantec Shared\COL\sesHlp.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coCoreFW.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coFFPlgn.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coFSPCtl.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coFSPReg.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coRegMon.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coUICtlr.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coVisPrx.exe

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\PackMgr.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\Patch25d.dll

C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\WALuCbk.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.0\AcctMgr.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.0\coAcctSv.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.0\COExport.exe

C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.0\coParse.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.0\DSMigrat.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.0\IVPlugin.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.0\rf.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.0\rfpxy.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CW\2.0\coCWPlg.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CW\2.0\coSubmit.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CW\2.0\coSubXLT.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CW\2.0\CWBB.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CW\2.0\CWCon.dll

C:\Program Files\Common Files\Symantec Shared\coShared\CW\2.0\CWWLMgr.dll

C:\Program Files\Common Files\Symantec Shared\coShared\WA\2.0\coWbAuth.dll

C:\Program Files\Common Files\Symantec Shared\coShared\WA\2.0\NPPCCWkr.dll

C:\Program Files\Common Files\Symantec Shared\coShared\WA\2.0\NPPDSMgr.dll

C:\Program Files\Common Files\Symantec Shared\coShared\WP\2.0\coWCID.dll

C:\Program Files\Common Files\Symantec Shared\coShared\WP\2.0\nppw.dll

C:\Program Files\Common Files\Symantec Shared\coShared\WP\2.0\nppwff.dll

C:\Program Files\Common Files\Symantec Shared\CWBlkLst.dll

C:\Program Files\Common Files\Symantec Shared\dec_abi.dll

C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll

C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL

C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

C:\Program Files\Common Files\Symantec Shared\Firewall\FWAgent.dll

C:\Program Files\Common Files\Symantec Shared\Firewall\FwALEIO.dll

C:\Program Files\Common Files\Symantec Shared\Firewall\FWCfg.exe

C:\Program Files\Common Files\Symantec Shared\Firewall\FWCmpCtl.dll

C:\Program Files\Common Files\Symantec Shared\Firewall\FWHelper.dll

C:\Program Files\Common Files\Symantec Shared\Firewall\FwRuleIO.dll

C:\Program Files\Common Files\Symantec Shared\Firewall\FWRulMtn.dll

C:\Program Files\Common Files\Symantec Shared\Firewall\FWSetup.dll

C:\Program Files\Common Files\Symantec Shared\Firewall\ICFMgr.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\CCLGVIEW.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\disable.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\FAQ.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\feat_sum.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\firewall.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\GUZ_004.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\Hlp_supt.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\home_net.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\IDS.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\LU_001.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\LU_002.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\LU_PC.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\LU_sub.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\Msg_Cntr.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NAV_001.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NAV_007.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NAV_dis.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NAV_feat.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NAV_mon.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NAV_opts.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NAV_pvnt.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NCO_cs.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NCO_data.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NCO_feat.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NCO_stat.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NCO_tool.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NIS_002.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NIS_003.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NIS_007.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NIS_dis.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NIS_feat.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NIS_mon.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NIS_opts.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NIS_task.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NIS_unin.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\NPCacct.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\options.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\protect.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\Supt_CPD.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\SYM_cust.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\SYM_FD.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\SYM_IA.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\SYM_mon.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\SYM_resp.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\SymHelp.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\SYMstart.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\unin.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\V_AutoLU.dll

C:\Program Files\Common Files\Symantec Shared\Help\09\01\v_found.dll

C:\Program Files\Common Files\Symantec Shared\Help\symhelp.dll

C:\Program Files\Common Files\Symantec Shared\HomeNet\HNCmpCtl.dll

C:\Program Files\Common Files\Symantec Shared\HomeNet\hncore.dll

C:\Program Files\Common Files\Symantec Shared\HomeNet\hndisco.dll

C:\Program Files\Common Files\Symantec Shared\HomeNet\netmap.dll

C:\Program Files\Common Files\Symantec Shared\HomeNet\nnmgr.dll

C:\Program Files\Common Files\Symantec Shared\HTEC\htec.dll

C:\Program Files\Common Files\Symantec Shared\HTEC\HTECSub.dll

C:\Program Files\Common Files\Symantec Shared\IDS\DefUTDCD.dll

C:\Program Files\Common Files\Symantec Shared\IDS\IDSAux.dll

C:\Program Files\Common Files\Symantec Shared\IDS\IdsInst.exe

C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll

C:\Program Files\Common Files\Symantec Shared\IDS\IPSPlug.dll

C:\Program Files\Common Files\Symantec Shared\IDS\Patch25.dll

C:\Program Files\Common Files\Symantec Shared\IraLsClt.dll

C:\Program Files\Common Files\Symantec Shared\ISArbit.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\Defaults.liveReg

C:\Program Files\Common Files\Symantec Shared\LiveReg\iraDefA2.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe

C:\Program Files\Common Files\Symantec Shared\LiveReg\iraLSCl2.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\iraLSUI.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\IraVcObj.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\LRCtrl.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\LRRes.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\LrResEN.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\LRWebWnd.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\LSCtrl.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\LSPlugin.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\symcsub.exe

C:\Program Files\Common Files\Symantec Shared\LiveReg\VcCleanUp.exe

C:\Program Files\Common Files\Symantec Shared\LiveReg\VcResEN.dll

C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe

C:\Program Files\Common Files\Symantec Shared\MceAddIn\MceEULA.dll

C:\Program Files\Common Files\Symantec Shared\MceAddIn\SymAdLog.dll

C:\Program Files\Common Files\Symantec Shared\MceAddIn\SymMcCmd.dll

C:\Program Files\Common Files\Symantec Shared\MSL\msl.dll

C:\Program Files\Common Files\Symantec Shared\NCOItf.dll

C:\Program Files\Common Files\Symantec Shared\ncwHyPEX\ncwHyPEX.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\Gadget.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\HSLoader.exe

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\hsui.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\npcTray.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\pcStatus.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\suphtml.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\symcert.spc

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiAlert.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiBtPlg.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\UICntnr.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiDataCl.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiGadCtl.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiHost.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiLicPlg.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\WmiClnt.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\WmiData.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\WmiMontr.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\WSCR_Fix.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\WSCRHlpr.dll

C:\Program Files\Common Files\Symantec Shared\NPC\2.0\WSCRMain.dll

C:\Program Files\Common Files\Symantec Shared\NPC\DataPvdr.dll

C:\Program Files\Common Files\Symantec Shared\NPC\isUAC.exe

C:\Program Files\Common Files\Symantec Shared\NPC\npcLU.dll

C:\Program Files\Common Files\Symantec Shared\NPC\npcLUCbk.dll

C:\Program Files\Common Files\Symantec Shared\NPC\npcLUEng.dll

C:\Program Files\Common Files\Symantec Shared\NPC\npcLULdr.exe

C:\Program Files\Common Files\Symantec Shared\NPC\npcLUStb.exe

C:\Program Files\Common Files\Symantec Shared\NPC\NSCPLUG2.dll

C:\Program Files\Common Files\Symantec Shared\NPC\PEPEvnt.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\ActComp.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\clt06PIN.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltBTPgS.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltBTPlg.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltEndPt.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\CLTNetCN.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltPIPlg.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\CLTSComp.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltUAC.exe

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\cltUIStb.exe

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\CUWUtils.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\EULAComp.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\ewoc.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LANG\LcPlgXml.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\LicPlug.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SSAutoRN.exe

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SubComp.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SubStats.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymCAbt.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymHost.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymLCUI.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymLTCOM.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymSubWz.dll

C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SymUIHlp.dll

C:\Program Files\Common Files\Symantec Shared\Options\VTCache.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\AlertEng.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\AlertUi.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\dcGlobal.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\dcmhSvar.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\dcProd.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\mhSched.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\mhUpgr.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\PifEng.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\PifPep06.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\PifPep07.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\PollMgr.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertUi.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcGlobal.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcmhSvar.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcProd.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhSched.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhUpgr.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\nlc.ico

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep06.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep07.dll

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollMgr.dll

C:\Program Files\Common Files\Symantec Shared\QBackup.dll

C:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCMGR32.dll

C:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.exe

C:\Program Files\Common Files\Symantec Shared\SEVINST.EXE

C:\Program Files\Common Files\Symantec Shared\SMNLnch.exe

C:\Program Files\Common Files\Symantec Shared\SNDSvc.dll

C:\Program Files\Common Files\Symantec Shared\SNDunin.dll

C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll

C:\Program Files\Common Files\Symantec Shared\SPBBC\ccTrstPc.dll

C:\Program Files\Common Files\Symantec Shared\SPBBC\ShlData.spm

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCCli.dll

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.CAT

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.inf

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPLVPlug.dll

C:\Program Files\Common Files\Symantec Shared\SPBBC\TProcPlg.dll

C:\Program Files\Common Files\Symantec Shared\SPBBC\UpdMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPManifests\AlertEng.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\AlesXml.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\AppCore.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\AV.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\BHOFrame.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ccCmn70.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ccOEH.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\cfLUCbk.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\CIDS.SPM

C:\Program Files\Common Files\Symantec Shared\SPManifests\CLTNetCn.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\COHCfg.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\COL_1-1.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\comHost.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\dec_abi.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\DRMCOMMD.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\FWInst.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\fwPlugin.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\HomeNet.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\HTECInst.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\HtmlHelp.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\IDSDefs.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ISArbit.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ISCUWReg.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ISGlobal.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ISLAlert.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ISLUClbk.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ISMCEAdd.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ISNmObj.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\isPwd.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ISSTE.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\MainUI.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\MsgCntr.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\MSLight.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\NAV.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\NAV_Dirs.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\NAV_Krnl.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\NAVEvent.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\navlucbk.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\NAVParen.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\NAVPatch.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\NAVUI.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\Navw32.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ncwHyPEX.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\npc2008.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\OpenCmd.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\osCheck.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\PassMan.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\PEP2.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\PifCore.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\PtchInst.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\Scnrs.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\ShrdRent.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\SMNLnch.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\Snd.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\SPBBC.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\SPLVPlug.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\srt.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\SyKnAppS.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\SymCAbt.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\symcleng.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\Symcuw.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\SymDlBrg.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM

C:\Program Files\Common Files\Symantec Shared\SPManifests\SymHtml.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMLCUI.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\symsetup.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\SymSHAx.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\SymTheme.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\VA.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\VTCache.spm

C:\Program Files\Common Files\Symantec Shared\SPManifests\WPWALU.spm

C:\Program Files\Common Files\Symantec Shared\SRTSP\SavRT32.dll

C:\Program Files\Common Files\Symantec Shared\SRTSP\Srtsp32.dll

C:\Program Files\Common Files\Symantec Shared\SRTSP\srtUnin.dll

C:\Program Files\Common Files\Symantec Shared\Support Controls\ssCmdTar.ini

C:\Program Files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll

C:\Program Files\Common Files\Symantec Shared\Support Controls\ssctlln.dll

C:\Program Files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll

C:\Program Files\Common Files\Symantec Shared\Support Controls\sshelper.exe

C:\Program Files\Common Files\Symantec Shared\Support Controls\SymAData.dll

C:\Program Files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll

C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll

C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlsi.dll

C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlsr.dll

C:\Program Files\Common Files\Symantec Shared\Support Controls\tgctlss.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\IDS9xx86.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\IDSVia64.cat

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\IDSVia64.INF

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\IDSviA64.sys

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\IDSVix86.cat

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\IDSVix86.INF

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\IDSvix86.sys

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\IDSxpx86.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\Scxpx86.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\SymIDSCo.sys

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\SymIDSCo.vxd

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080129.005\SymIDSI.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\IDS9xx86.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\IDSVia64.cat

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\IDSVia64.INF

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\IDSviA64.sys

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\IDSVix86.cat

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\IDSVix86.INF

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\IDSvix86.sys

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\IDSxpx86.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\Scxpx86.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\SymIDSCo.sys

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\SymIDSCo.vxd

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20080131.003\SymIDSI.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\ids9xx86.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\IDSVia64.CAT

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\IDSVia64.INF

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\IDSvia64.sys

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\IDSVix86.CAT

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\IDSVix86.INF

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\IDSvix86.sys

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\idsxpx86.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\scxpx86.dll

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\symidsco.sys

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\symidsco.vxd

C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\BinHub\SymIDSI.dll

C:\Program Files\Common Files\Symantec Shared\SymHTML\2.0\SymHTML.dll

C:\Program Files\Common Files\Symantec Shared\SymHTML\shtmbase.dll

C:\Program Files\Common Files\Symantec Shared\SymNetDrv\symIM.cat

C:\Program Files\Common Files\Symantec Shared\SymNetDrv\SymIM.sys

C:\Program Files\Common Files\Symantec Shared\SymNetDrv\SymIM_m.inf

C:\Program Files\Common Files\Symantec Shared\SymNetDrv\SymIM_p.inf

C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe

C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Support\Remover\Remover.exe

C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Support\Reporter\Reporter.exe

C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Support\VCRedist\redist32.exe

C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\SymHTML.dll

C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\SymTheme.dll

C:\Program Files\Common Files\Symantec Shared\SymSHAx.dll

C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll

C:\Program Files\Common Files\Symantec Shared\SymTheme\sthmbase.dll

C:\Program Files\Common Files\Symantec Shared\TModule.dat

C:\Program Files\Common Files\Symantec Shared\TParent.dat

C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

C:\Program Files\Common Files\Symantec Shared\VAScanner\SAM.dll

C:\Program Files\Common Files\Symantec Shared\VAScanner\VACmpCtl.dll

C:\Program Files\Common Files\Symantec Shared\VAScanner\VACtrl.dll

C:\Program Files\Common Files\Symantec Shared\VAScanner\VAEngn.dll

C:\Program Files\Common Files\Symantec Shared\VAScanner\VAEngnPS.dll

C:\Program Files\Common Files\Symantec Shared\VAScanner\VAMngr.dll

C:\Program Files\Common Files\Symantec Shared\VAScanner\VAMngrPS.dll

C:\Program Files\Common Files\Symantec Shared\VAScanner\VAScanPS.dll

C:\Program Files\Norton AntiVirus

C:\Program Files\Norton Internet Security

C:\Program Files\Norton Internet Security\CLTVault.dll

C:\Program Files\Norton Internet Security\coDataPr.dll

C:\Program Files\Norton Internet Security\fwAlert.dll

C:\Program Files\Norton Internet Security\fwEvent.dll

C:\Program Files\Norton Internet Security\fwMCPlug.dll

C:\Program Files\Norton Internet Security\fwPlugin.dll

C:\Program Files\Norton Internet Security\IDSDefs\IDS9xx86.dll

C:\Program Files\Norton Internet Security\IDSDefs\IDSVia64.cat

C:\Program Files\Norton Internet Security\IDSDefs\IDSVia64.INF

C:\Program Files\Norton Internet Security\IDSDefs\IDSviA64.sys

C:\Program Files\Norton Internet Security\IDSDefs\IDSVix86.cat

C:\Program Files\Norton Internet Security\IDSDefs\IDSVix86.INF

C:\Program Files\Norton Internet Security\IDSDefs\IDSvix86.sys

C:\Program Files\Norton Internet Security\IDSDefs\IDSxpx86.dll

C:\Program Files\Norton Internet Security\IDSDefs\Scxpx86.dll

C:\Program Files\Norton Internet Security\IDSDefs\SymIDSCo.sys

C:\Program Files\Norton Internet Security\IDSDefs\SymIDSCo.vxd

C:\Program Files\Norton Internet Security\IDSDefs\SymIDSI.dll

C:\Program Files\Norton Internet Security\IDSUI.dll

C:\Program Files\Norton Internet Security\IMCfg.dll

C:\Program Files\Norton Internet Security\isAbout.dll

C:\Program Files\Norton Internet Security\isBTPlg.dll

C:\Program Files\Norton Internet Security\ISBTPlgS.dll

C:\Program Files\Norton Internet Security\isCfgCmp.dll

C:\Program Files\Norton Internet Security\isCfgXml.dll

C:\Program Files\Norton Internet Security\ISDataCl.dll

C:\Program Files\Norton Internet Security\ISDataSv.dll

C:\Program Files\Norton Internet Security\isError.dll

C:\Program Files\Norton Internet Security\ISLAlert.dll

C:\Program Files\Norton Internet Security\ISPrdCtl.dll

C:\Program Files\Norton Internet Security\ISProd.dll

C:\Program Files\Norton Internet Security\isPwd.dll

C:\Program Files\Norton Internet Security\isStatus.dll

C:\Program Files\Norton Internet Security\ISWrkSv.dll

C:\Program Files\Norton Internet Security\NISLUCBK.DLL

C:\Program Files\Norton Internet Security\NisLVPlg.dll

C:\Program Files\Norton Internet Security\nisOpts.dll

C:\Program Files\Norton Internet Security\nisoptui.exe

C:\Program Files\Norton Internet Security\NisTray.dll

C:\Program Files\Norton Internet Security\nmapapp.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVPAPP32.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVPSVC32.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\avScanUI.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\avScnTsk.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVSubmit.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\DefUDply.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\ISProd.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\MUI\muis.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVEvent.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVLogV.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVLUCBK.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShcom.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShcPS.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVTskWz.dll

C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe

C:

Edited by Mr Brightside

Share this post


Link to post
Share on other sites

C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL

C:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL

C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL

C:\Program Files\Symantec\S32EVNT1.DLL

C:\Program Files\Symantec\SYMEVENT.CAT

C:\Program Files\Symantec\SYMEVENT.INF

C:\Program Files\Symantec\SYMEVENT.SYS

C:\WINDOWS\system32\drivers\COH_Mon.sys

C:\WINDOWS\system32\drivers\SYMEVENT.SYS

C:\WINDOWS\SYSTEM32\winzzc32.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))

.

 

2008-02-06 12:05 . 2008-02-06 12:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-02-06 12:05 . 2008-02-06 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-02-06 07:30 . 2008-02-06 07:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7

2008-02-06 00:34 . 2004-08-04 07:56 388,608 --a------ C:\kmd.exe

2008-02-06 00:23 . 2008-02-06 00:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7

2008-02-06 00:23 . 2008-02-06 07:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7

2008-02-06 00:23 . 2008-02-06 07:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7

2008-02-05 23:33 . 2008-02-05 23:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-05 23:33 . 2008-02-05 23:33 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-05 18:57 . 2008-02-05 18:57 95 --a------ C:\WINDOWS\wininit.ini

2008-02-05 18:25 . 2008-02-05 18:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-02-04 23:20 . 2004-08-04 08:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll

2008-02-04 23:20 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe

2008-02-04 23:20 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe

2008-02-04 23:20 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll

2008-02-04 23:20 . 2004-08-04 06:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys

2008-02-04 23:20 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll

2008-02-04 23:20 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys

2008-02-04 23:20 . 2004-08-04 06:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys

2008-02-04 23:20 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe

2008-02-04 23:18 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll

2008-02-04 23:17 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll

2008-02-04 23:16 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys

2008-02-04 23:15 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys

2008-02-04 23:14 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys

2008-02-04 23:13 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll

2008-02-04 23:12 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll

2008-02-04 23:11 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys

2008-02-04 23:10 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys

2008-02-04 23:09 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys

2008-02-04 23:08 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys

2008-02-04 19:04 . 2008-02-04 19:04 145 --a------ C:\WINDOWS\system32\winver.bat

2008-02-03 12:25 . 2008-02-03 12:25 <DIR> d-------- C:\Program Files\Bonjour

2008-02-03 11:45 . 2008-02-03 11:45 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-01-29 14:23 . 2008-02-04 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-01-23 07:29 . 2008-01-23 07:29 896 --a------ C:\WINDOWS\system32\history.aaw

2008-01-21 18:18 . 2008-01-21 18:18 0 --a------ C:\WINDOWS\iPlayer.INI

2008-01-21 18:16 . 2008-01-21 18:22 <DIR> d-------- C:\Program Files\InterActual

2008-01-17 23:56 . 2008-01-17 23:56 <DIR> d-------- C:\Program Files\Lavasoft

2008-01-17 23:56 . 2008-01-17 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-17 23:55 . 2008-01-17 23:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-01-12 13:37 . 2008-01-12 13:37 <DIR> d-------- C:\Program Files\COMODO

2008-01-12 13:37 . 2008-01-12 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo

2008-01-12 13:37 . 2008-01-12 13:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Comodo

2008-01-12 13:37 . 2008-01-12 13:37 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir

2008-01-12 13:37 . 2008-01-12 13:37 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys

2008-01-12 13:37 . 2008-01-12 13:37 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-01-06 21:42 . 2008-01-06 21:42 <DIR> d-------- C:\Program Files\SystemRequirementsLab

2008-01-06 13:21 . 2008-01-06 14:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0

2008-01-06 13:15 . 2008-01-06 14:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.purple

2008-01-06 11:59 . 2008-01-06 11:59 <DIR> d-------- C:\Program Files\Windows Live

2008-01-06 11:59 . 2008-01-06 12:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-06 11:59 . 2008-01-06 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-06 07:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent

2008-02-06 00:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2008-02-05 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-02-03 22:43 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-03 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan

2008-02-03 12:25 --------- d-----w C:\Program Files\Common Files\Adobe

2008-01-27 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-27 19:51 --------- d-----w C:\Program Files\Sony

2008-01-21 18:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\dvdcss

2008-01-20 00:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Uniblue

2008-01-18 06:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-01-13 23:42 --------- d-----w C:\Program Files\Sonic

2008-01-13 23:40 --------- d-----w C:\Program Files\Real

2008-01-06 21:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab

2008-01-06 14:55 --------- d-----w C:\Program Files\MSN Messenger

2008-01-06 14:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\.purple

2008-01-06 00:48 34,560 -c--a-w C:\WINDOWS\system32\drivers\SSDefrag.sys

2008-01-05 00:50 --------- d-----w C:\Program Files\AusLogics Disk Defrag

2008-01-05 00:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Auslogics

2008-01-02 17:08 --------- d-----w C:\Program Files\DivX

2007-12-25 17:38 --------- d-----w C:\Program Files\Shareaza

2007-12-23 17:31 --------- d-----w C:\Program Files\uTorrent

2007-12-23 16:42 --------- d-----w C:\Program Files\Winamp

2007-12-23 15:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus

2007-12-19 15:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft

2007-12-19 15:00 164 ----a-w C:\install.dat

2007-12-19 15:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot

2007-12-19 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx

2007-12-19 12:21 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-12-19 12:03 --------- d-----w C:\Program Files\iPod

2007-12-14 10:11 --------- d-----w C:\Program Files\Bonusprint PhotoBook Editor

2007-12-09 11:20 --------- d-----w C:\Program Files\Google

2007-12-06 23:13 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-06 23:13 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2007-11-12 15:21 127,034 -c----r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe

2005-09-28 14:11 32 -c--a-r C:\Documents and Settings\All Users\hash.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]

"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe" [2003-10-21 17:42 155648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57 81920]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04 52736]

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-12 13:37 1481472]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-02 01:13 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-02 01:13 219136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"CMSRegOW.exe"="C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [ ]

"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 23:16 49152 C:\WINDOWS\mididef.exe]

 

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-04-20 17:41:02 2746104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-06-11 16:42 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin200.exe.lnk]

backup=C:\WINDOWS\pss\TrayMin200.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"CTHelper"=CTHELPER.EXE

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\AUTORUN.EXE

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-01-28 20:01:49 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

"2008-01-28 13:38:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"

- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

"2007-12-19 13:43:32 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"

- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-06 17:25:00

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\WINDOWS\system32\guard32.dll

 

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]

-> C:\WINDOWS\system32\guard32.dll

-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll

-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

.

**************************************************************************

.

Completion time: 2008-02-06 17:28:30 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-06 17:28:26

ComboFix2.txt 2008-02-06 12:01:55

ComboFix3.txt 2008-02-05 21:51:50

.

2008-01-09 23:16:58 --- E O F ---

 

 

 

And the new HJT log:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:35:10, on 06/02/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ps2.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/blueyonder/index.jsp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-21-3786382974-3997490384-1086313383-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User '?')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'Default user')

O4 - S-1-5-21-3786382974-3997490384-1086313383-500 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://sappy161.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - http://by115fd.bay115.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{FF44030B-689E-4427-87CD-4AFF01B4D5AD}: NameServer = 194.164.6.112,206.13.30.12

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

--

End of file - 6925 bytes

 

 

 

Thanks,

~Mr. Brightside

Share this post


Link to post
Share on other sites

OK, heres what I want you to do next

 

Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

 

Using Windows Explorer (right-click your "Start" button and select "Explore"), please navigate to and delete the following files/folders in bold

 

C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan

 

 

 

Your logs are clean now, good job!

 

The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix.

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.

     

    Example below

    Posted Image

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

 

For these issues

I still have no sound/wizards

Not sure whats going on there, it might be a hardware problem.

 

What we can do from here since you machine is clean now, send you over to our User to User forum found Here

Members there will try to help resolve the problem.

Start a new Topic and be descriptive as possible.

 

 

 

If there are no more issues other then the ones mentioned above, your good to go!

 

 

Below are recommendations to protect your computer.

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 2.0 The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

 

How to prevent Malware: Created by Miekiemoes

 

Read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

 

Slow Computer? Check here first; it may not be malware

http://www.castlecops.com/postitle175256-0-0-.html

Free Antivirus-AntiSpyware-Firewall Software

Share this post


Link to post
Share on other sites

Thank you very much Juliet!

 

Although it was a pleasure going through this with someone who knows what they're doing, I hope never to have to come back to this section of the forum :)

 

I will make sure that I make a new topic regarding my sound. Pr0n just isn't the same without it :lol:

 

Seriously; I miss my music soooo much.

 

Thanks again

 

Edit: During all this, a folder called "backups" was left on my desktop. Can this be deleted? It contains 15 files.

Edited by Mr Brightside

Share this post


Link to post
Share on other sites

Thank you very much Juliet!

 

Your very welcome!

Although it was a pleasure going through this with someone who knows what they're doing, I hope never to have to come back to this section of the forum.

If you come back there is a penalty...you have to pay with chocolate!

Actually, we don't want you to experience infection again, we want you to enjoy safe surfing.

I will make sure that I make a new topic regarding my sound. Pr0n just isn't the same without it

:yikes:

During all this, a folder called "backups" was left on my desktop. Can this be deleted? It contains 15 files

I'm pretty sure you can, locate the folder and right click.....select open with notepad

Tell me whats inside?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...