• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
happyFish

spyware and malware infections

13 posts in this topic

Hello all. First post here.

 

Recently, my computer was infected with something that keeps sending pop ups and opening the internet and going to websites even when offline. Thinking it was a virus; I used Norton Antivirus 2006, found some Trojan viruses, deleted them, and thought that was the end of it.

However, last night the computer became sluggish, using the fan often, informed me that it had stopped multiple worms and viruses, was already infected, and in danger. I scanned the computer again, and it found two viruses, both called Downloader, and I followed the procedure of disabling system restore, updating definitions, restarting in safe mode and scanning again, restarting once more and deleting these files manually, and clearing internet explorer’s history. This morning, I found a number of pop ups present, and I kept getting a message that said b.exe - Application Error, and in the box it said: The instruction at "0x0040651e" referenced memory at "0x00000004". The memory could not be "read" Click Ok to terminate the program,

 

Norton said the computer was fine, but whenever I went onto the internet pop ups would occur, and when trying to go to a website via google I was redirected to a number of different sites trying to sell me something and I have to re-click the same search result multiple times to get to where I want.

 

The pop ups from what I remember weren’t anything in specific, but I do remember seeing some work at home job sites often. As an experiment I tried going to a page on Wikipedia via google, and I was being directed to other sites, such as MonsterMarketplace, WiseTo, ToseekA, Alibaba.com, WebCrawler, Alfy.Com, encyclopedia.com, and eventually to the wiki article itself. This had happened before when I was trying to find a way to fix my computer, and on sites such as cnet and myspace.

 

In addition, after using Norton and trying to delete viruses, speedisk which comes with Norton does not work. Also, I cannot access the firewall settings on the computer, because it says that an error has occurred.

 

I have read the FAQ on the site and ran Spybot, Malwarebytes’ anti-malware, and HijackThis, and they all found some 30 problems that needed fixing. Although the computer seems fine now, I suspect that there are programs still hidden that will strike at the computer once more, and that Norton antivirus never found them to begin with.

 

Any help would be obviously be greatly appreciated. :techsupport:

 

 

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.38

Database version: 2404

Windows 5.1.2600 Service Pack 3

 

7/10/2009 2:52:19 PM

mbam-log-2009-07-10 (14-52-19).txt

 

Scan type: Quick Scan

Objects scanned: 175324

Time elapsed: 16 minute(s), 32 second(s)

 

Memory Processes Infected: 2

Memory Modules Infected: 3

Registry Keys Infected: 15

Registry Values Infected: 13

Registry Data Items Infected: 2

Folders Infected: 2

Files Infected: 15

 

Memory Processes Infected:

C:\WINDOWS\msa.exe (Trojan.FakeAlert) -> Unloaded process successfully.

C:\Documents and Settings\Owner\Application Data\cft\cft.exe (Trojan.Dropper) -> Unloaded process successfully.

 

Memory Modules Infected:

c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.

C:\Program Files\Mozilla Firefox\components\WWShow.dll (Trojan.BHO) -> Delete on reboot.

C:\Program Files\Mozilla Firefox\components\dfff.dll (Trojan.Agent.V) -> Delete on reboot.

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mjcore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mjcore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\MJCore.dll (Trojan.BHO) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cft (Trojan.Dropper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DigiFast (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pridl (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\Application Data\cft (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Files Infected:

C:\WINDOWS\msa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.

C:\Documents and Settings\Owner\Application Data\cft\cft.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\components\WWShow.dll (Trojan.BHO) -> Delete on reboot.

C:\Program Files\Mozilla Firefox\components\dfff.dll (Trojan.Agent.V) -> Delete on reboot.

c:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\tpsaxyd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\wiwow64.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\6GQFGWIM\w[1].bin (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Owner\Desktop\Free stuff - craigslist.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.

 

 

 

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:49:10 PM, on 7/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\InterMute\PopSubtract\PopSub.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Owner\Desktop\HiJackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120613348312

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179780767968

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Update Service (gupdate1c9f2ef27701172) (gupdate1c9f2ef27701172) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: SDService - Unknown owner - C:\Program Files\SpywareDetector\SDService.exe (file missing)

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O24 - Desktop Component 0: (no name) - http://www.9healthfair.org/images/top_bg.jpg

 

--

End of file - 11711 bytes

 

----edit----

I took the opportunity to run another scan, this time with BitDefender. The log is as follows:

 

 

 

BitDefender Online Scanner

 

Scan report generated at: Fri, Jul 10, 2009 - 21:41:00

 

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;K:\;

 

Statistics

 

Time

02:13:52

 

Files

831861

 

Folders

12656

 

Boot Sectors

0

 

Archives

18666

 

Packed Files

44359

 

 

Results

 

Identified Viruses

42

 

Infected Files

58

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

112

 

 

 

Engines Info

 

Virus Definitions

3672902

 

Engine build

AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

 

Scan plugins

17

 

Archive plugins

45

 

Unpack plugins

7

 

E-mail plugins

6

 

System plugins

4

 

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

Scanned File

Status

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00A51515.exe=>(Quarantine-2)

Infected with: Trojan.PWS.OnlineGames.AAAW

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00A51515.exe=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00A51515.exe

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F342D77.sys=>(Quarantine-2)

Infected with: Rootkit.TDss.Y

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F342D77.sys=>(Quarantine-2)

Disinfection failed

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F342D77.sys=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F342D77.sys

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F375774.sys=>(Quarantine-2)

Infected with: Rootkit.TDss.Y

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F375774.sys=>(Quarantine-2)

Disinfection failed

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F375774.sys=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F375774.sys

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F10928.inf=>(Quarantine-2)

Infected with: Trojan.Downloader.AEE

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F10928.inf=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F10928.inf

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B871BE8.exe=>(Quarantine-2)

Infected with: Trojan.Generic.1775981

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B871BE8.exe=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B871BE8.exe

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B8D6FE1.exe=>(Quarantine-2)

Infected with: Trojan.Generic.1712611

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B8D6FE1.exe=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B8D6FE1.exe

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FEF70CF.exe=>(Quarantine-2)

Infected with: Trojan.Generic.CJ.DVI

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FEF70CF.exe=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FEF70CF.exe

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FF544C7.exe=>(Quarantine-2)

Infected with: Trojan.Generic.CJ.DVI

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FF544C7.exe=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FF544C7.exe

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\214D7596.dll=>(Quarantine-2)

Infected with: Trojan.Generic.1874086

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\214D7596.dll=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\214D7596.dll

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EB45C8D.exe=>(Quarantine-2)

Infected with: Trojan.CryptRedol.Gen.2

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EB45C8D.exe=>(Quarantine-2)

Disinfection failed

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EB45C8D.exe=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EB45C8D.exe

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34641B66.sys=>(Quarantine-2)

Infected with: Gen:Trojan.Heur.2014EBCACA

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34641B66.sys=>(Quarantine-2)

Disinfection failed

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34641B66.sys=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34641B66.sys

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\346B6F5F.sys=>(Quarantine-2)

Infected with: Rootkit.TDss.Y

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\346B6F5F.sys=>(Quarantine-2)

Disinfection failed

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\346B6F5F.sys=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\346B6F5F.sys

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42CA59FA.cla=>(Quarantine-2)

Infected with: Trojan.Downloader.Java.Openstream.Y

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42CA59FA.cla=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42CA59FA.cla

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AA3405F.htm=>(Quarantine-2)

Infected with: Trojan.Downloader.JS.LN

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AA3405F.htm=>(Quarantine-2)

Disinfection failed

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AA3405F.htm=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AA3405F.htm

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5723227F.tmp=>(Quarantine-2)=>(JAVASCRIPT)

Infected with: Exploit.PDF-JS.Gen

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5723227F.tmp=>(Quarantine-2)=>(JAVASCRIPT)

Disinfection failed

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5723227F.tmp=>(Quarantine-2)=>(JAVASCRIPT)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5723227F.tmp=>(Quarantine-2)

Update failed

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D7A033B=>(Quarantine-2)

Infected with: Trojan.Downloader.Java.Openstream.Y

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D7A033B=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D7A033B

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\727B2DEE.exe=>(Quarantine-2)

Infected with: Trojan.Generic.2094599

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\727B2DEE.exe=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\727B2DEE.exe

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7623067A.exe=>(Quarantine-2)

Infected with: Trojan.FakeAlert.BGR

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7623067A.exe=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7623067A.exe

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E9201FC.exe=>(Quarantine-2)

Detected with: Application.Generic.137581

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E9201FC.exe=>(Quarantine-2)

Disinfection failed

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E9201FC.exe=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E9201FC.exe

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\01507C25=>(Quarantine-2)

Detected with: Application.Adintelligence.Apropostoolbar.C

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\01507C25=>(Quarantine-2)

Disinfection failed

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\01507C25=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\01507C25

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\017C2693=>(Quarantine-2)

Infected with: Trojan.Dropper.Agent.HG

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\017C2693=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\017C2693

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\06D102FB=>(Quarantine-2)

Infected with: Trojan.Downloader.Agent.AM

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\06D102FB=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\06D102FB

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\09370A65=>(Quarantine-2)

Infected with: Trojan.Generic.1689708

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\09370A65=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\09370A65

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\09443256=>(Quarantine-2)

Infected with: Trojan.Downloader.Small.WJ

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\09443256=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\09443256

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\18D41729=>(Quarantine-2)

Infected with: Trojan.Downloader.Agent.AM

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\18D41729=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\18D41729

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DB013D0=>(Quarantine-2)

Infected with: Trojan.Generic.222910

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DB013D0=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DB013D0

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DB33DCD=>(Quarantine-2)

Infected with: Trojan.SecondThought.BF

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DB33DCD=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DB33DCD

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DB667C9=>(Quarantine-2)

Infected with: Trojan.Secondthought.BG

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DB667C9=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DB667C9

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DBA11C5=>(Quarantine-2)

Infected with: Trojan.Downloader.Envolo.A

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DBA11C5=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DBA11C5

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DBD3BC2=>(Quarantine-2)

Detected with: Adware.Apropos

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DBD3BC2=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DBD3BC2

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DC065BE=>(Quarantine-2)

Infected with: Trojan.Downloader.Apropo.O

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DC065BE=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DC065BE

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DC30FBB=>(Quarantine-2)

Infected with: Trojan.Secondthought.BE

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DC30FBB=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\1DC30FBB

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\24682628=>(Quarantine-2)

Infected with: Trojan.Generic.222910

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\24682628=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\24682628

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\28294182=>(Quarantine-2)

Infected with: Dropped:Application.ProcKill.Jk

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\28294182=>(Quarantine-2)

Disinfection failed

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\28294182=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\28294182

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\294C0517=>(Quarantine-2)

Infected with: Trojan.Downloader.Small.WJ

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\294C0517=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\294C0517

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\2B4D448F=>(Quarantine-2)

Infected with: Trojan.Dropper.Agent.HG

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\2B4D448F=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\2B4D448F

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\2FF86227=>(Quarantine-2)

Infected with: Trojan.Secondthought.BA

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\2FF86227=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\2FF86227

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\3B881E25=>(Quarantine-2)

Infected with: Trojan.Downloader.WinU.ST

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\3B881E25=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\3B881E25

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\3C9113FD=>(Quarantine-2)

Detected with: Adware.Generic.33750

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\3C9113FD=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\3C9113FD

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\422C5D6E=>(Quarantine-2)

Infected with: Trojan.Downloader.WinU.ST

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\422C5D6E=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\422C5D6E

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\447C3443=>(Quarantine-2)

Infected with: Trojan.Generic.2025767

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\447C3443=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\447C3443

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\44DB75DB=>(Quarantine-2)

Detected with: Adware.Generic.33750

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\44DB75DB=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\44DB75DB

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\44E81DCD=>(Quarantine-2)

Infected with: Trojan.Dropper.Surfside.A

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\44E81DCD=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\44E81DCD

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\494D2F69=>(Quarantine-2)

Infected with: Trojan.Secondthought.BG

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\494D2F69=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\494D2F69

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\49AF0325=>(Quarantine-2)

Detected with: Dialer.Asianraw.V

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\49AF0325=>(Quarantine-2)

Disinfection failed

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\49AF0325=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\49AF0325

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\59473FEA=>(Quarantine-2)

Infected with: Trojan.Generic.1913007

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\59473FEA=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\59473FEA

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\59511294=>(Quarantine-2)=>/help.htm

Infected with: Trojan.Downloader.Js.J

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\59511294=>(Quarantine-2)=>/help.htm

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\59511294=>(Quarantine-2)

Update failed

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\6A300427=>(Quarantine-2)

Infected with: Trojan.SecondThought.BF

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\6A300427=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\6A300427

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\72521EF2=>(Quarantine-2)

Infected with: Trojan.Generic.544852

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\72521EF2=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\72521EF2

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\726A1DB3=>(Quarantine-2)

Infected with: Trojan.Dropper.Delf.JM

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\726A1DB3=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\726A1DB3

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\74D73580=>(Quarantine-2)

Infected with: Trojan.Bispy.E

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\74D73580=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\74D73580

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\783C5F94=>(Quarantine-2)

Infected with: Trojan.Generic.1913007

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\783C5F94=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\783C5F94

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\78490786=>(Quarantine-2)

Infected with: MemScan:Adware.Adlogix

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\78490786=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\78490786

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\7D834D7C=>(Quarantine-2)

Infected with: MemScan:Adware.Adlogix

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\7D834D7C=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\7D834D7C

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\7D8B4730=>(Quarantine-2)

Infected with: Trojan.Downloader.Agent.AM

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\7D8B4730=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\7D8B4730

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\7E0702A7=>(Quarantine-2)

Infected with: Trojan.Downloader.Agent.AM

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\7E0702A7=>(Quarantine-2)

Deleted

 

C:\Documents and Settings\Isetta\My Documents\Saved disc 2\Norton AntiVirus\Quarantine\7E0702A7

Deleted

 

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{6BE14ADF-BF41-4394-B992-563A028010C1}\Microsoft\Outlook Express\Tracfone.dbx=>(message 2): ONLY 3 DAYS LEFT!=>(JAVASCRIPT 1)

Infected with: Trojan.Script.3733

 

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{6BE14ADF-BF41-4394-B992-563A028010C1}\Microsoft\Outlook Express\Tracfone.dbx=>(message 2): ONLY 3 DAYS LEFT!=>(JAVASCRIPT 1)

Disinfection failed

 

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{6BE14ADF-BF41-4394-B992-563A028010C1}\Microsoft\Outlook Express\Tracfone.dbx=>(message 2): ONLY 3 DAYS LEFT!=>(JAVASCRIPT 1)

Deleted

 

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{6BE14ADF-BF41-4394-B992-563A028010C1}\Microsoft\Outlook Express\Tracfone.dbx=>(message 2): ONLY 3 DAYS LEFT!

Updated

 

C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{6BE14ADF-BF41-4394-B992-563A028010C1}\Microsoft\Outlook Express\Tracfone.dbx

Updated

 

C:\hp\bin\KillWind.exe

Infected with: Virtool.1992

 

C:\hp\bin\KillWind.exe

Deleted

Edited by happyFish

Share this post


Link to post
Share on other sites

Hi,

 

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

5) Restart your computer.

You can reenable TeaTimer once your system is clean.

 

Next:

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

Link 3

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
     
  • Double click on ComboFix.exe & follow the prompts.
     
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

RcAuto1.gif

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

jedi

Share this post


Link to post
Share on other sites

Done! Incidentally, it seems that firefox being redirected to other sites while in google is a common problem, other people on the forum seem to have it as well...

 

Anyway, here is the log that came out:

 

 

ComboFix 09-07-12.03 - Owner 07/12/2009 21:09.1.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1088 [GMT -7:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\bestwiner.stt

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts

c:\program files\AskSearch\bin\DefaultSearch.dll

c:\recycler\NPROTECT

c:\windows\Install.txt

c:\windows\Installer\1b8f44.msi

c:\windows\Installer\1c5eb.msi

c:\windows\Installer\1cb805.msi

c:\windows\Installer\1cb80e.msi

c:\windows\Installer\31e989.msi

c:\windows\Installer\3360bc.msp

c:\windows\Installer\34251.msi

c:\windows\Installer\364fe3.msi

c:\windows\Installer\364fe9.msi

c:\windows\Installer\364fef.msi

c:\windows\Installer\364ff5.msi

c:\windows\Installer\364ffb.msi

c:\windows\Installer\365001.msi

c:\windows\Installer\365007.msi

c:\windows\Installer\3b674.msi

c:\windows\Installer\3b67c.msi

c:\windows\Installer\3b683.msi

c:\windows\Installer\3b689.msi

c:\windows\Installer\4de22.msp

c:\windows\Installer\4deeb.msp

c:\windows\Installer\888e0.msi

c:\windows\Installer\9eae5.msi

c:\windows\Installer\a20eeb.msp

c:\windows\Installer\a694e.msi

c:\windows\Installer\aa8ee.msi

c:\windows\Installer\aa8f5.msi

c:\windows\Installer\f2ed9.msi

c:\windows\jestertb.dll

c:\windows\Microsoft.NET\bdsii.bak2

c:\windows\Microsoft.NET\bdsii.ini

c:\windows\Microsoft.NET\bdsii.ini2

c:\windows\security\logs\lldrvs.bak1

c:\windows\security\logs\lldrvs.ini

c:\windows\system32\disk.dll

c:\windows\system32\drivers\hjgruiqcgrvtlo.sys

c:\windows\system32\hjgruiblkrddov.dll

c:\windows\system32\hjgruidqkydttm.dll

c:\windows\system32\hjgruikbirqlem.dat

c:\windows\system32\hjgruipkayansb.dat

c:\windows\system32\NX.exe

D:\Autorun.inf

d:\recycled\NPROTECT\NPROTECT.LOG

d:\recycled\NPROTECT\NPROTECT.LOG . . . . failed to delete

 

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_hjgruiaqcxstpv

-------\Legacy_MSNCACHE

-------\Legacy_SOPIDKC

 

 

((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))

.

 

2009-07-13 04:18 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe

2009-07-13 04:18 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

2009-07-11 02:21 . 2009-07-11 05:06 -------- d-----w- c:\windows\BDOSCAN8

2009-07-11 00:47 . 2009-07-11 00:47 -------- d-----w- c:\program files\Trend Micro

2009-07-10 21:32 . 2009-07-10 21:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2009-07-10 21:32 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-10 21:32 . 2009-07-10 21:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-10 21:32 . 2009-07-10 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-10 21:32 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-10 20:44 . 2009-07-10 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-07-10 20:44 . 2009-07-10 20:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-07-06 19:13 . 2009-07-06 19:13 -------- d-----w- c:\program files\MSXML 4.0

2009-07-06 01:23 . 2005-01-12 22:18 82432 ----a-w- c:\windows\system32\msxml4r.dll

2009-07-06 01:23 . 2005-01-12 22:18 44544 ----a-w- c:\windows\system32\msxml4a.dll

2009-07-05 19:01 . 2007-06-06 22:51 60680 ----a-w- c:\windows\system32\CloseAll.exe

2009-06-22 04:18 . 2009-06-22 04:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2009-06-22 04:08 . 2009-06-22 04:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-10 21:44 . 2004-04-03 08:05 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-07-10 21:25 . 2007-07-04 20:57 -------- d-----w- c:\program files\SpywareDetector

2009-07-10 19:08 . 2004-09-05 18:50 -------- d-----w- c:\program files\Google

2009-07-10 19:00 . 2009-02-12 04:59 -------- d-----w- c:\program files\Morgan

2009-07-10 02:22 . 2008-12-16 22:12 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent

2009-07-08 06:11 . 2007-02-28 19:06 -------- d-----w- c:\program files\Norton SystemWorks

2009-07-04 04:24 . 2004-09-03 20:52 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM

2009-07-01 19:38 . 2009-05-29 23:43 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss

2009-06-16 17:33 . 2004-09-19 19:17 83776 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-16 05:33 . 2004-04-02 09:49 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-16 05:32 . 2005-09-08 01:44 -------- d-----w- c:\program files\TLI

2009-05-07 15:32 . 2004-04-29 23:03 345600 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:46 . 2004-01-22 07:16 666624 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:46 . 2005-06-18 05:57 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-04-20 14:57 . 2009-04-20 14:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe

2009-04-17 12:26 . 2004-04-02 06:52 1847168 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:51 . 2005-06-18 05:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2007-02-28 18:21 . 2007-02-28 18:21 5043712 ----a-w- c:\program files\SymADataWeb.msi

2007-02-18 16:59 . 2007-02-18 16:58 58769094 ----a-w- c:\program files\NSWS06902.exe

2007-01-28 14:13 . 2007-01-28 14:13 667753 ----a-w- c:\program files\RNPatch67.exe

2005-05-13 23:12 . 2005-05-13 23:12 217073 -csha-r- c:\windows\meta4.exe

2005-10-24 17:13 . 2005-10-24 17:13 66560 -csha-r- c:\windows\MOTA113.exe

2005-10-14 03:27 . 2005-10-14 03:27 422400 -csha-r- c:\windows\x2.64.exe

2004-09-05 01:26 . 2004-09-05 00:26 0 -csha-w- c:\windows\SMINST\HPCD.sys

2005-06-26 21:32 . 2005-06-26 21:32 616448 --sha-r- c:\windows\system32\cygwin1.dll

2006-05-03 10:06 . 2009-01-22 04:58 163328 --sh--r- c:\windows\system32\flvDX.dll

2004-01-25 06:00 . 2004-01-25 06:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

2007-02-21 11:47 . 2009-01-22 04:58 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 . 2009-01-22 04:58 216064 --sh--r- c:\windows\system32\nbDX.dll

2006-04-27 16:24 . 2006-04-27 16:24 2945024 --sha-r- c:\windows\system32\Smab.dll

2004-01-25 06:00 . 2004-01-25 06:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-09-30 00:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-19 200704]

"Simple Star PhotoShow Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2006-01-13 233472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-02-24 3026944]

"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-09 53096]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-02-24 753664]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

 

c:\documents and settings\Isetta\Start Menu\Programs\Startup\

PowerReg Scheduler V3.exe [2005-2-2 225280]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

PopSubtract.lnk - c:\program files\InterMute\PopSubtract\PopSub.exe [2004-8-31 233472]

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\o:\0sdearlydelete\0SDEarlyDelete \??\c:\program files\SpywareDetector\0autocheck autochk *

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~2\NPROTECT.EXE [11/3/2005 7:08 PM 95832]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 11:15 AM 101936]

S2 gupdate1c9f2ef27701172;Google Update Service (gupdate1c9f2ef27701172);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2009 9:08 PM 133104]

S2 mrtRate;mrtRate; [x]

S2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe --> c:\program files\SpywareDetector\SDService.exe [?]

S3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [6/18/2005 12:29 PM 685952]

S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [9/6/2004 10:50 AM 30984]

S3 SDActMon;SDActMon;\??\c:\program files\SpywareDetector\SDActMon.sys --> c:\program files\SpywareDetector\SDActMon.sys [?]

.

Contents of the 'Scheduled Tasks' folder

 

2009-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

 

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 04:08]

 

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 04:08]

 

2009-07-11 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Isettadnv.job

- c:\progra~1\NORTON~2\NORTON~1\Navw32.exe [2005-09-24 19:13]

 

2009-07-06 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job

- c:\program files\Norton SystemWorks\OBC.exe [2006-08-03 03:05]

 

2009-07-12 c:\windows\Tasks\Symantec Drmc.job

- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-27 02:48]

 

2009-07-08 c:\windows\Tasks\Wednesday night total checkup.job

- c:\program files\Norton SystemWorks\OBC.exe [2006-08-03 03:05]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-SDActiveMonitor - c:\program files\SpywareDetector\SDActiveMonitor.exe

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=presario&pf=desktop

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

LSP: SpSubLSP.dll

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\6x017lpl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-12 21:31

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-3808588222-517768609-2165525081-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BANDAI NAMCO GAMES\€’³lñ‚Ä–O¬Š *SOšHr]

"Order"=hex:08,00,00,00,02,00,00,00,f8,01,00,00,01,00,00,00,04,00,00,00,74,00,

00,00,00,00,00,00,66,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,54,00,32,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(936)

c:\windows\system32\nView.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE

c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE

c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

c:\program files\Common Files\Symantec Shared\SNDSrvc.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE

c:\program files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE

c:\windows\system32\nvsvc32.exe

c:\progra~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.exe

c:\windows\system32\rundll32.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\windows\system32\HPZipm12.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

c:\program files\Messenger\msmsgs.exe

.

**************************************************************************

.

Completion time: 2009-07-13 21:36 - machine was rebooted

ComboFix-quarantined-files.txt 2009-07-13 04:36

 

Pre-Run: 47,698,886,656 bytes free

Post-Run: 48,928,489,472 bytes free

 

275 --- E O F --- 2009-07-06 19:14

Share this post


Link to post
Share on other sites

Hi again,

 

How is the PC running now? Any continuing issues?

 

jedi

Share this post


Link to post
Share on other sites

Pretty well, actually. Google searches on Firefox aren't redirected, and programs that didn't work before like Norton speed disk work now. I can access the computer's firewall now as well, which I haven't been able to do for months. The only problem is that dragging icons inside various windows does nothing, but this has happened before and is fixed after a restart. Aside from that, all is good. :thumbsup:

Share this post


Link to post
Share on other sites

Hi again,

 

I'd just like to run one more on-line scan to pick up any leftovers:

 

Please run the eTrust online scan here:

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Allow the ActiveX control to load, and follow the prompts to run the scan. If it finds anything select - Delete Files - when the scan has finished.

 

Please post the scan results here

 

jedi

Share this post


Link to post
Share on other sites

Hello again,

 

I've been trying to run the online scan shown, but for some reason it does not work. After I press the 'start scan' button on the first page and answer positively on the second, the third page does not finish loading. Looking at the scanner help page on the site, it says that the scanner should download after reading and agreeing to the End-User License Agreement, but I end up on the Threat Scanner page immediately. I try pressing the start 'scan button' on that page, but nothing happens. I do keep on getting an 'Error on page' message on the bottom of the screen, and something on the left-hand side of the screen, beneath the 'scanner' and 'scanner results' tabs and above the 'Check to send results anonymously to CA' box, does not load, and only has a red x instead.

 

I made sure to check my security settings and lower the ones regarding ActiveX, and I did turn of spybot's teatimer, but the page still seems to refuse to load completely, and am at a loss to fix the problem. :scratchhead:

 

Do you have any idea what is happening?

Edited by happyFish

Share this post


Link to post
Share on other sites

Hi again,

 

OK not to worry, let's try a different one:

 

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

jedi

Share this post


Link to post
Share on other sites

Hello once more,

 

I tried that program and it worked perfectly.

It seems that the computer is working fine now.

Here is the log as requested:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=6

# IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.5886

# api_version=3.0.2

# EOSSerial=d7c982d3eac99f48a931373c96ce3731

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-07-16 11:05:35

# local_time=2009-07-16 04:05:35 (-0700, Mountain Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=3586 21 100 88 291791562500

# scanned=168497

# found=9

# cleaned=9

# scan_time=9711

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\BackWeb\BackWeb Client\6.2.3.66L\Program\runner.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\Microsoft.NET\bdsii.bak2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\Microsoft.NET\bdsii.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\Microsoft.NET\bdsii.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\security\logs\lldrvs.bak1.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\security\logs\lldrvs.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Share this post


Link to post
Share on other sites

Hi again,

 

It seems that the computer is working fine now.

Your logs look clean too. :)

 

In order to be better protected in the future, I recommend the following programs:

 

SpywareBlaster protects against bad ActiveX.

http://www.javacoolsoftware.com/spywareblaster.html

 

SpywareGuard stops Spyware from being installed.

http://www.javacoolsoftware.com/spywareguard.html

 

Also install the MVPS hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

which blocks innocent looking sites that are not so innocent.

 

All three are very small free programs that you run once, and then just occasionally to check for updates.

 

Also see

How did I get Infected?

 

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking

here http://v4.windowsupdate.microsoft.com/

and following the prompts.

 

jedi

Share this post


Link to post
Share on other sites

Hello once more,

 

I've let the computer run for some time now, and all problems have been fixed and solved. In addition, I have downloaded those other programs in order to better protect my computer, and they are proving to be very useful.

 

Also, thank you very much! :) This really saved me a lot of trouble! :yahoo:

Share this post


Link to post
Share on other sites

You're very welcome. Glad I could help. :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0