Author Topic: possible virus? (Read 9663 times)

phillyfan49 · « **on:** May 01, 2010, 01:51:23 PM »

Hi, I am new to these threads and I believe I have a virus on my computer. My computer takes forever to start up, when i click on an icon it takes forever to load up, when i click on a webpage it sometimes doesn't load, and the most annoying is that when i click on a link in Google, it will redirect me to another site.

Dr Jay · « **Reply #1 on:** May 01, 2010, 08:01:37 PM »

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

phillyfan49 · « **Reply #2 on:** May 02, 2010, 09:28:59 AM »

ComboFix 10-05-01.04 - Nick 05/02/2010 11:16:20.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.88 [GMT -4:00]
Running from: c:\documents and settings\Nick\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nick\Application Data\02000000f04aec2e879C.manifest
c:\documents and settings\Nick\Application Data\02000000f04aec2e879O.manifest
c:\documents and settings\Nick\Application Data\02000000f04aec2e879P.manifest
c:\documents and settings\Nick\Application Data\02000000f04aec2e879S.manifest
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\extensions\{89df4429-a3c5-4cc1-85d4-354efc7af1b6}
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\extensions\{89df4429-a3c5-4cc1-85d4-354efc7af1b6}\chrome.manifest
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\extensions\{89df4429-a3c5-4cc1-85d4-354efc7af1b6}\chrome\xulcache.jar
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\extensions\{89df4429-a3c5-4cc1-85d4-354efc7af1b6}\defaults\preferences\xulcache.js
c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\extensions\{89df4429-a3c5-4cc1-85d4-354efc7af1b6}\install.rdf
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\program files\WindowsUpdate
c:\windows\system32\4161385
c:\windows\system32\unrar.exe
c:\windows\Uninstall.ini

.
((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-01 23:36 . 2010-02-03 23:01   84912   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\NAVENG.SYS
2010-05-01 23:36 . 2010-02-03 23:01   1324720   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\NAVEX15.SYS
2010-05-01 23:36 . 2010-02-01 21:05   177520   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\NAVENG32.DLL
2010-05-01 23:36 . 2010-02-01 21:05   1647984   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\NAVEX32A.DLL
2010-05-01 23:36 . 2010-02-01 21:05   371248   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\EECTRL.SYS
2010-05-01 23:36 . 2010-02-01 21:05   2747440   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\CCERASER.DLL
2010-05-01 23:36 . 2010-02-01 21:05   259440   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\ECMSVR32.DLL
2010-05-01 23:36 . 2010-02-01 21:05   102448   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100501.018\ERASER.SYS
2010-04-27 01:12 . 2009-10-28 21:37   343088   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSvix86.sys
2010-04-27 01:12 . 2009-10-28 21:37   329592   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSXpx86.sys
2010-04-27 01:12 . 2009-10-28 21:37   811896   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\Scxpx86.dll
2010-04-27 01:12 . 2009-10-28 21:37   488312   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSxpx86.dll
2010-04-27 01:12 . 2009-10-28 21:37   466992   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSviA64.sys
2010-04-27 00:50 . 2010-04-27 00:52   23109   ----a-w-   c:\windows\hpqins15.dat
2010-04-27 00:46 . 2010-04-27 00:46   --------   d-----w-   c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-04-27 00:44 . 2010-04-27 00:47   77348   ----a-w-   c:\windows\hpqins05.dat
2010-04-26 23:18 . 2007-01-17 16:37   16496   ----a-r-   c:\windows\system32\drivers\HPZipr12.sys
2010-04-26 23:18 . 2007-01-17 16:37   49920   ----a-r-   c:\windows\system32\drivers\HPZid412.sys
2010-04-26 23:17 . 2007-11-07 02:10   271704   ----a-r-   c:\windows\system32\hpzids01.dll
2010-04-26 23:16 . 2007-01-17 16:37   364544   ----a-r-   c:\windows\system32\hppldcoi.dll
2010-04-26 23:16 . 2007-01-17 16:37   309760   ----a-r-   c:\windows\system32\difxapi.dll
2010-04-26 23:16 . 2007-10-31 10:35   729088   ----a-r-   c:\windows\system32\hpwwiax4.dll
2010-04-26 23:16 . 2007-10-31 10:35   593920   ----a-r-   c:\windows\system32\hpwtscl3.dll
2010-04-26 23:16 . 2007-01-17 16:32   294912   ----a-r-   c:\windows\system32\hpovst11.dll
2010-04-26 22:52 . 2010-04-26 22:52   --------   d-----w-   c:\program files\Common Files\HP
2010-04-26 22:52 . 2010-04-26 22:52   --------   d-----w-   c:\program files\Hewlett-Packard
2010-04-26 22:36 . 2010-04-26 23:37   178364   ----a-w-   c:\windows\hpwins20.dat
2010-04-26 22:36 . 2008-01-08 12:42   2428   ----a-r-   c:\windows\hpwmdl20.dat
2010-04-25 00:59 . 2010-04-25 00:59   52224   ----a-w-   c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-25 00:59 . 2010-04-25 00:59   117760   ----a-w-   c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-25 00:57 . 2010-04-25 00:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-25 00:56 . 2010-04-25 00:56   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-04-25 00:56 . 2010-04-25 00:56   --------   d-----w-   c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com
2010-04-25 00:56 . 2010-04-25 00:56   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-04-24 20:00 . 2010-04-24 20:00   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2010-04-24 19:54 . 2010-04-25 01:22   15944   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2010-04-24 19:53 . 2010-04-24 19:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-24 19:53 . 2010-04-24 19:53   --------   d-----w-   c:\program files\Hitman Pro 3.5
2010-04-21 02:38 . 2010-04-21 02:38   --------   d-----w-   c:\documents and settings\Nick\Application Data\Malwarebytes
2010-04-21 02:38 . 2010-04-21 02:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-04-21 02:38 . 2010-04-21 02:38   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-16 21:53 . 2009-10-28 21:37   343088   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-16 21:53 . 2009-10-28 21:37   329592   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-16 21:53 . 2009-10-28 21:37   811896   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-16 21:53 . 2009-10-28 21:37   488312   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-16 21:53 . 2009-10-28 21:37   466992   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 19:51 . 2009-12-20 02:25   37464   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-04-27 19:43 . 2009-12-19 00:31   40144   ----a-w-   c:\documents and settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-27 17:19 . 2010-03-27 17:19   --------   d-----w-   c:\documents and settings\Nick\Application Data\Revolver Preferences
2010-03-25 23:29 . 2010-02-01 20:46   786800   ----a-r-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
2010-03-24 20:38 . 2010-03-24 20:38   536112   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38   201616   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38   1407888   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38   678960   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38   611216   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-10 06:15 . 1980-01-01 04:00   420352   ----a-w-   c:\windows\system32\vbscript.dll
2010-03-09 01:03 . 2010-03-09 01:03   --------   d-----w-   c:\program files\DivX
2010-03-07 20:09 . 2010-03-07 20:09   --------   d-----w-   c:\program files\SpeedBit Video Accelerator
2010-03-04 20:06 . 2010-03-04 20:06   --------   d-----w-   c:\program files\CCleaner
2010-02-25 06:24 . 1980-01-01 04:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-02-24 12:31 . 1980-01-01 04:00   454016   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:19 . 1980-01-01 04:00   2181376   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 02:59   2058368   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 1980-01-01 04:00   100864   ----a-w-   c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 1980-01-01 04:00   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys
2010-02-01 23:51 . 2010-02-01 23:51   72488   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-01 20:45 . 2010-02-01 20:45   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2010-02-01 20:45 . 2010-02-01 20:45   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2008-06-30 17:44 . 2009-12-18 19:32   324976   ----a-w-   c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-03-07 1607272]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 88358]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-02-22 180224]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-02-22 2889216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2005-03-14 466944]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 16:38   3951976   ----a-w-   c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 20:31   80896   ----a-w-   c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 23:16   141608   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\setup\\HPZNUI01.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [3/31/2010 7:05 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [3/31/2010 7:05 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/24/2010 4:38 PM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [3/31/2010 7:05 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [3/31/2010 7:05 PM 116784]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [12/16/2009 5:38 PM 375296]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [3/31/2010 6:52 PM 126392]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/2/2010 3:31 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100422.002\IDSXpx86.sys [4/26/2010 9:12 PM 329592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Nick.job
- c:\program files\Norton Internet Security\Engine\17.6.0.32\navw32.exe [2010-03-31 23:51]

2010-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
TCP: {38456A0E-8136-4D07-A64D-05342814BBD4} = 204.186.0.201,207.44.0.1
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5yb6uw8x.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.csnphilly.com/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=_ZYDCV9KMvUsvlyDb3CujA&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce82db&searchfor=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
HKLM-Run-hpqSRMon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 11:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1000)
c:\progra~1\SPEEDB~2\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll
.
Completion time: 2010-05-02 11:24:05
ComboFix-quarantined-files.txt 2010-05-02 15:24

Pre-Run: 49,340,088,320 bytes free
Post-Run: 49,318,395,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4EDF2F790520DE75535A9F5035B186C1

Dr Jay · « **Reply #3 on:** May 02, 2010, 12:36:29 PM »

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

phillyfan49 · « **Reply #4 on:** May 02, 2010, 02:56:07 PM »

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/2/2010 4:40:22 PM
mbam-log-2010-05-02 (16-40-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 173882
Time elapsed: 50 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009711.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009713.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009716.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009720.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009721.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009723.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009724.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009727.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009728.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009729.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009730.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009731.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009732.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009733.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009734.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009735.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009736.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009737.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009738.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009739.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009740.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009741.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009742.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009743.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0010536.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0010537.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0010538.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0010539.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0010555.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012350.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012351.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012352.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012353.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012354.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012355.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP85\A0012360.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

Dr Jay · « **Reply #5 on:** May 02, 2010, 10:27:00 PM »

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

phillyfan49 · « **Reply #6 on:** May 03, 2010, 03:53:18 PM »

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5ff682590ab9504aa58875785e7a1499
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-05-03 09:46:11
# local_time=2010-05-03 05:46:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=55980
# found=15
# cleaned=15
# scan_time=6405
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP53\A0006542.RBF   Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP53\A0006543.RBF   Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009714.DLL   Win32/Adware.FunWeb application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009715.DLL   Win32/Adware.FunWeb application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009717.DLL   Win32/Adware.FunWeb application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009718.DLL   Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009719.DLL   Win32/Adware.FunWeb application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009722.DLL   Win32/Adware.FunWeb application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009725.DLL   Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP65\A0009726.DLL   Win32/FunWeb application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP88\A0012435.dll   Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP92\A0013634.exe   Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{163BF652-8FE5-403C-9832-C137B4FC7455}\RP92\A0013635.dll   Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir   Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir   Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
ESETSmartInstaller@High as downloader log:
all ok

Dr Jay · « **Reply #7 on:** May 03, 2010, 09:16:21 PM »

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

phillyfan49 · « **Reply #8 on:** May 04, 2010, 03:06:52 PM »

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Norton Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 15
Out of date Java installed!
Adobe Flash Player 10.0.42.34
Adobe Reader 9.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Dr Jay · « **Reply #9 on:** May 04, 2010, 08:15:30 PM »

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

====

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: http://www.geekpolice.net/operating-systems-f20/windows-xp-service-pack-3-information-t16956.htm

===========

See this page for more info about malware and prevention.

Do you have any more questions?

phillyfan49 · « **Reply #10 on:** May 05, 2010, 08:45:39 AM »

Nope, thank you!

Dr Jay · « **Reply #11 on:** May 05, 2010, 05:31:50 PM »

You're welcome.

Computer Hope Forum

News:

Author Topic: possible virus? (Read 9663 times)

phillyfan49

possible virus?

Dr Jay

Re: possible virus?

phillyfan49

Re: possible virus?

Dr Jay

Re: possible virus?

phillyfan49

Re: possible virus?

Dr Jay

Re: possible virus?

phillyfan49

Re: possible virus?

Dr Jay

Re: possible virus?

phillyfan49

Re: possible virus?

Dr Jay

Re: possible virus?

phillyfan49

Re: possible virus?

Dr Jay

Re: possible virus?