Computer Hope
Software => Computer viruses and spyware => Topic started by: MKR148 on March 29, 2009, 04:11:27 PM
-
Can any one help me I have a nasty virus on my computer that Norton has nothing for! The error says svchost.exe and I can only click ok! The instruction at "0x75606eb5" referenced memory at "0x00000008”. It killed my sound card except for windows sounds! It hijacks my web searches to a Google page. It wont let me update anything and it pops up all the time! Norton wants to charge me another $100! I already paid $70 for their anti virus that does not do crap! I really do not want to give them any more of my money!
I started the steps laid out by evilfantasy to remove Malware. Step one did not apply to me and step 2 went fine. I tried to download Superantispyware for step 3 but I think that virus is not allowing me to do so. I get to the download page and click on download then I get directed to windows explorer error page. I have tried like 20 times with the same results. I moved on to step 4 and downloaded and installed Malwarebytes to my desktop. But when I click on the short cut to start the program nothing happens at all. What should I do now?
-
Try this please.
* Download the following tool: RootRepeal - Rootkit Detector (http://rootrepeal.googlepages.com/)
* Direct download link is here: RootRepeal.rar (http://rootrepeal.googlepages.com/RootRepeal.rar)
* If you don't already have a program to open a .RAR compressed file you can download: 7-Zip (http://www.7-zip.org/) which is free and open it.
* Extract the program file to a new folder such as C:RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as your_name_rootrepeal.txt - where your_name is your forum name
* This makes it more easy to track who the log belongs to.
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.
-
I opened root repeal and I got the following error message: "Could not find kernel file on disk (C:\windows\system32\ntoskrnl.exe)!" I click ok and below is what I got when I ran the scan.
ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/03/29 18:54
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF8555000 Size: 57344 File Visible: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF84E6000 Size: 187776 File Visible: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189184 File Visible: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEB856000 Size: 138496 File Visible: -
Status: -
Name: agp440.sys
Image Path: agp440.sys
Address: 0xF85B5000 Size: 42368 File Visible: -
Status: -
Name: AN983.sys
Image Path: C:\WINDOWS\System32\DRIVERS\AN983.sys
Address: 0xF86D5000 Size: 36224 File Visible: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF8478000 Size: 96512 File Visible: -
Status: -
Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000 Size: 393216 File Visible: -
Status: -
Name: ati2mtag.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
Address: 0xF8210000 Size: 737280 File Visible: -
Status: -
Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF072000 Size: 1245184 File Visible: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF8BA2000 Size: 3072 File Visible: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF8A83000 Size: 4224 File Visible: -
Status: -
Name: BHDrvx86.sys
Image Path: C:\WINDOWS\system32\drivers\NAV\1005000.086\BHDrvx86.sys
Address: 0xBA60A000 Size: 270336 File Visible: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8945000 Size: 12288 File Visible: -
Status: -
Name: ccHPx86.sys
Image Path: C:\WINDOWS\system32\drivers\NAV\1005000.086\ccHPx86.sys
Address: 0xBA64C000 Size: 503808 File Visible: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF8695000 Size: 63744 File Visible: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF8715000 Size: 62976 File Visible: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF8595000 Size: 53248 File Visible: -
Status: -
Name: cmaudio.sys
Image Path: C:\WINDOWS\system32\drivers\cmaudio.sys
Address: 0xF7FC5000 Size: 377280 File Visible: -
Status: -
Name: COMMONFX.SYS
Image Path: C:\WINDOWS\System32\drivers\COMMONFX.SYS
Address: 0xEBBAE000 Size: 110592 File Visible: -
Status: -
Name: ctac32k.sys
Image Path: C:\WINDOWS\System32\drivers\ctac32k.sys
Address: 0xEBBC9000 Size: 638976 File Visible: -
Status: -
Name: ctaud2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctaud2k.sys
Address: 0xF817B000 Size: 525696 File Visible: -
Status: -
Name: CTAUDFX.SYS
Image Path: C:\WINDOWS\System32\drivers\CTAUDFX.SYS
Address: 0xEBB23000 Size: 569344 File Visible: -
Status: -
Name: ctoss2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctoss2k.sys
Address: 0xF8100000 Size: 212992 File Visible: -
Status: -
Name: ctprxy2k.sys
Image Path: C:\WINDOWS\System32\drivers\ctprxy2k.sys
Address: 0xF884D000 Size: 32768 File Visible: -
Status: -
Name: CTSBLFX.SYS
Image Path: C:\WINDOWS\System32\drivers\CTSBLFX.SYS
Address: 0xEBA95000 Size: 581632 File Visible: -
Status: -
Name: ctsfm2k.sys
Image Path: C:\WINDOWS\System32\drivers\ctsfm2k.sys
Address: 0xEBC65000 Size: 167936 File Visible: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF8585000 Size: 36352 File Visible: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF8490000 Size: 153344 File Visible: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF8A3B000 Size: 5888 File Visible: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF86C5000 Size: 61440 File Visible: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBA5F2000 Size: 98304 File Visible: No
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A8D000 Size: 8192 File Visible: No
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF7DFB000 Size: 12288 File Visible: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8C74000 Size: 4096 File Visible: -
Status: -
Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xBA6E4000 Size: 385024 File Visible: -
Status: -
Name: emupia2k.sys
Image Path: C:\WINDOWS\System32\drivers\emupia2k.sys
Address: 0xEBC8E000 Size: 192512 File Visible: -
Status: -
Name: EraserUtilRebootDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0xBA6C7000 Size: 118784 File Visible: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF8865000 Size: 27392 File Visible: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF8665000 Size: 44544 File Visible: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF88BD000 Size: 20480 File Visible: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF8458000 Size: 129792 File Visible: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8A81000 Size: 7936 File Visible: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF84B6000 Size: 125056 File Visible: -
Status: -
Name: gameenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\gameenum.sys
Address: 0xF8A05000 Size: 10624 File Visible: -
Status: -
Name: gaopdxaljsxckkenrsvmpjyuydvixmloyxjtke. sys
Image Path: C:\WINDOWS\system32\drivers\gaopdxaljsxckkenrsvmpjyuydvixmloyxjtke.sys
Address: 0xEB9C2000 Size: 77824 File Visible: -
Status: Hidden from Windows API!
Name: ha10kx2k.sys
Image Path: C:\WINDOWS\system32\drivers\ha10kx2k.sys
Address: 0xEBCBD000 Size: 1089536 File Visible: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: -
Status: -
Name: HCF_MSFT.sys
Image Path: C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys
Address: 0xF8022000 Size: 907456 File Visible: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Address: 0xF7F56000 Size: 36864 File Visible: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Address: 0xF891D000 Size: 28672 File Visible: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xF7E79000 Size: 10368 File Visible: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB9BBF000 Size: 264832 File Visible: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF86E5000 Size: 52480 File Visible: -
Status: -
Name: IDSxpx86.sys
Image Path: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090318.001\IDSxpx86.sys
Address: 0xEB8A0000 Size: 294912 File Visible: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF8705000 Size: 42112 File Visible: -
Status: -
Name: intelide.sys
Image Path: intelide.sys
Address: 0xF8A39000 Size: 5504 File Visible: -
Status: -
Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF86B5000 Size: 36352 File Visible: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xBA76A000 Size: 152832 File Visible: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xEB9AF000 Size: 75264 File Visible: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF8535000 Size: 37248 File Visible: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF885D000 Size: 24576 File Visible: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8A35000 Size: 8192 File Visible: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB91C6000 Size: 172416 File Visible: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xF8134000 Size: 143360 File Visible: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF83E0000 Size: 92288 File Visible: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8A85000 Size: 4224 File Visible: -
Status: -
Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF8855000 Size: 30080 File Visible: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF888D000 Size: 23040 File Visible: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xF7E75000 Size: 12160 File Visible: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF8565000 Size: 42368 File Visible: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xBA062000 Size: 180608 File Visible: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xBA790000 Size: 455296 File Visible: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF88D5000 Size: 19072 File Visible: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF8765000 Size: 35072 File Visible: -
Status: -
Name: msmpu401.sys
Image Path: C:\WINDOWS\system32\drivers\msmpu401.sys
Address: 0xF8BA1000 Size: 2944 File Visible: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF8A2D000 Size: 15488 File Visible: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF830C000 Size: 105344 File Visible: -
Status: -
Name: NAVENG.SYS
Image Path: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090329.021\NAVENG.SYS
Address: 0xB91F1000 Size: 82400 File Visible: -
Status: -
Name: NAVEX15.SYS
Image Path: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090329.021\NAVEX15.SYS
Address: 0xB9206000 Size: 869440 File Visible: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF8326000 Size: 182656 File Visible: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF8A15000 Size: 10112 File Visible: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xBA4D6000 Size: 14592 File Visible: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF7F76000 Size: 91520 File Visible: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF8795000 Size: 40576 File Visible: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF8635000 Size: 34688 File Visible: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xEB878000 Size: 162816 File Visible: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF88DD000 Size: 30848 File Visible: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF8353000 Size: 574976 File Visible: -
Status: -
Name: NTIDrvr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
Address: 0xF8A57000 Size: 6016 File Visible: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189184 File Visible: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8C00000 Size: 2944 File Visible: -
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF8545000 Size: 61696 File Visible: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF7FB1000 Size: 80128 File Visible: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF87BD000 Size: 19712 File Visible: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF8A4F000 Size: 6784 File Visible: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF84D5000 Size: 68224 File Visible: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF87B5000 Size: 28672 File Visible: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189184 File Visible: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF8157000 Size: 147456 File Visible: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF7EC5000 Size: 69120 File Visible: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF887D000 Size: 17792 File Visible: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF85A5000 Size: 35712 File Visible: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF89CD000 Size: 8832 File Visible: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF8735000 Size: 51328 File Visible: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF8745000 Size: 41472 File Visible: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF8755000 Size: 48384 File Visible: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF8885000 Size: 16512 File Visible: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189184 File Visible: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xEB82B000 Size: 175744 File Visible: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8A87000 Size: 4224 File Visible: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xF7E95000 Size: 196224 File Visible: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF8725000 Size: 57600 File Visible: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9848000 Size: 45056 File Visible: No
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF8A09000 Size: 15744 File Visible: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF86F5000 Size: 64512 File Visible: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF8446000 Size: 73472 File Visible: -
Status: -
Name: SRTSP.SYS
Image Path: C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSP.SYS
Address: 0xB9A02000 Size: 335872 File Visible: -
Status: -
Name: SRTSPX.SYS
Image Path: C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS
Address: 0xF8655000 Size: 36992 File Visible: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB9F20000 Size: 333952 File Visible: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF8A59000 Size: 4352 File Visible: -
Status: -
Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF83F7000 Size: 323584 File Visible: No
Status: -
Name: SYMEVENT.SYS
Image Path: C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Address: 0xEB8FD000 Size: 151552 File Visible: -
Status: -
Name: SYMFW.SYS
Image Path: C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMFW.SYS
Address: 0xEB8E8000 Size: 83072 File Visible: -
Status: -
Name: SYMIDS.SYS
Image Path: C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMIDS.SYS
Address: 0xF88ED000 Size: 28032 File Visible: -
Status: -
Name: SymIM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SymIM.sys
Address: 0xF8895000 Size: 29696 File Visible: -
Status: -
Name: SYMNDIS.SYS
Image Path: C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMNDIS.SYS
Address: 0xF88E5000 Size: 30592 File Visible: -
Status: -
Name: SYMTDI.SYS
Image Path: C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMTDI.SYS
Address: 0xEB922000 Size: 210688 File Visible: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xBA2CA000 Size: 60800 File Visible: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xEB956000 Size: 361600 File Visible: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF8875000 Size: 20480 File Visible: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF8775000 Size: 40704 File Visible: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF7E0F000 Size: 384768 File Visible: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF8A5B000 Size: 8192 File Visible: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF8785000 Size: 59520 File Visible: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF7F8D000 Size: 147456 File Visible: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Address: 0xF890D000 Size: 26368 File Visible: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF886D000 Size: 20608 File Visible: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF88CD000 Size: 20992 File Visible: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xF81FC000 Size: 81920 File Visible: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF8575000 Size: 52352 File Visible: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF8675000 Size: 34560 File Visible: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF8925000 Size: 20480 File Visible: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xBA17D000 Size: 83072 File Visible: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF8A37000 Size: 8192 File Visible: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189184 File Visible: -
Status: -
-
Sorry I did not follow you directions close enough! That was the drivers report I posted before. I redid want you wanted me to do and Root report crashed! Below is the crash report:
ROOTREPEAL CRASH REPORT
-------------------------
Exception Code: 0xc0000005
Exception Address: 0x0042425b
Attempt to read from address: 0x00000008
-
Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.
Download SDFix by AndyManchesta (http://download.bleepingcomputer.com/andymanchesta/SDFix.exe) and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with Administrative rights
* Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
* A window will now open showing SDFix being extracted into the C:\SDFix folder.
* Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
* DO NOT use it just yet.
Reboot your computer in Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
When your computer has started in safe mode, and you see the desktop, close all open Windows.
* Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK button.
C:\SDFix\RunThis.bat
* SDFix window will open containing some brief info and a disclaimer on the use of the tool.
* Type Y on your keyboard and then press Enter to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log (from normal boot mode).
-
I did what you said then tried to start in safe mode. I hit enter in safe mode I even hit enter in safe mode with comand prompt. It just went to a screen full of text about system 32 drivers and no where else.
-
OK try this please.
Running SDFix in Normal Mode
- Open the SDFix folder and double-click RunThis.bat to start the script or go to Start > Run and type: C:\SDFix\RunThis.bat, then press Ok.
- Type S, then press Enter to switch to the safe mode menu screen.
- Type Y to begin the cleanup process.
- Please be patient as the scan may take up to 20 minutes to complete.
- SDFix will remove any Trojan services or registry entries found, then prompt you to "press any key..." to Reboot.
- At this point, Press any key to continue and restart the computer.
- When the computer restarts, the tool will run again to complete the removal process.
- When the script is complete, it will display Finished...press any key...
- Again, Press any key to end the script and load your desktop icons.
- Once the desktop icons load, The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
- Please copy and paste the contents of Report.txt in your next reply.
-
I believe that this is what you wanted. SDfix crashed my computer after it ran. I did a search for it in folder finder after I restarted and found this report.
SDFix: Version 1.240
Run by Matt Kirar on Sun 03/29/2009 at 08:26 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\autorun.inf - Deleted
C:\WINDOWS\system32\TFTP2188 - Deleted
C:\WINDOWS\system32\TFTP2300 - Deleted
C:\WINDOWS\system32\TFTP2716 - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 20:33:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Matt Kirar\ntuser.dat, 0
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\ie.exe"="C:\\WINDOWS\\ie.exe:*:Enabled:ie.exe"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Documents and Settings\\Matt Kirar\\Application Data\\mjusbsp\\magicJack.exe"="C:\\Documents and Settings\\Matt Kirar\\Application Data\\mjusbsp\\magicJack.exe:*:Enabled:magicJack"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 10 Mar 2009 19,456 ..SHR --- "C:\RECYCLER\S-2-1-59-100004973-100001810-100018176-2629.com"
Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sat 28 Aug 2004 116 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Sun 19 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 15 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 27 Nov 2001 20,992 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL0285.tmp"
Mon 7 May 2001 19,456 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL0860.tmp"
Mon 7 May 2001 19,456 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL0905.tmp"
Tue 27 Nov 2001 22,016 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL1045.tmp"
Mon 7 May 2001 25,600 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL1122.tmp"
Mon 7 May 2001 15,360 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL2034.tmp"
Mon 26 Nov 2001 21,504 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL2053.tmp"
Tue 27 Nov 2001 22,528 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL2138.tmp"
Mon 26 Nov 2001 20,992 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL2444.tmp"
Tue 27 Nov 2001 23,040 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL2740.tmp"
Mon 7 May 2001 15,360 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL3072.tmp"
Wed 6 Dec 2000 20,480 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL3405.tmp"
Mon 26 Nov 2001 22,528 A..H. --- "C:\Documents and Settings\Matt Kirar\My Documents\Word\~WRL3435.tmp"
Tue 27 Jan 2004 19,456 A..H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL0004.tmp"
Tue 8 May 2007 21,504 ...H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL0005.tmp"
Thu 5 Jun 2008 19,456 ...H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL0006.tmp"
Tue 8 May 2007 25,600 ...H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL0096.tmp"
Tue 8 May 2007 26,624 ...H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL0712.tmp"
Tue 27 Jan 2004 19,968 A..H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL0718.tmp"
Tue 8 May 2007 24,576 ...H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL2093.tmp"
Tue 8 May 2007 27,648 ...H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL2512.tmp"
Tue 8 May 2007 25,600 ...H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL3325.tmp"
Tue 27 Jan 2004 21,504 A..H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL3350.tmp"
Tue 8 May 2007 23,552 ...H. --- "C:\Documents and Settings\Matt Kirar\Application Data\Microsoft\Word\~WRL3614.tmp"
Wed 17 Dec 2008 723,120 A..H. --- "C:\Documents and Settings\Matt Kirar\Application Data\mjusbsp\ar00000\install.exe"
Wed 17 Dec 2008 6,529,320 A..H. --- "C:\Documents and Settings\Matt Kirar\Application Data\mjusbsp\in00000\setup.exe"
Wed 17 Dec 2008 723,120 A..H. --- "C:\Documents and Settings\Matt Kirar\Application Data\mjusbsp\Upgrade\install1.exe"
Wed 17 Dec 2008 6,529,320 A..H. --- "C:\Documents and Settings\Matt Kirar\Application Data\mjusbsp\Upgrade\setup1.exe"
Finished!
-
Go to Start > Run and type notepad.exe then click OK
Copy and paste the below into Notepad and save as fixme.reg to Your Desktop
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\ie.exe"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.
Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.
Delete the fixme.reg from the Desktop.
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Below is what I got. Thanks for all your help!
ComboFix 09-04-01.01 - Matt Kirar 2009-04-03 16:31:12.1 - NTFSx86
Running from: c:\documents and settings\Matt Kirar\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Matt Kirar\Start Menu\Programs\WatchFree
c:\recycler\S-2-1-59-100004973-100001810-100018176-2629.com
c:\windows\system32\drivers\gaopdxaljsxckkenrsvmpjyuydvixmloyxjtke.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxnboiboeiowkoxvnxvaqcxljoydltgkat.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 16:22 . 2009-04-03 16:22 <DIR> drahs---- C:\cmdcons
2009-04-03 16:22 . 2009-04-03 16:22 <DIR> drahs---- C:\cmdcons
2009-04-03 16:22 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2009-04-03 16:22 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2009-04-03 16:22 . 2009-03-15 18:28 210 --a------ C:\Boot.bak
2009-04-03 16:22 . 2009-03-15 18:28 210 --a------ C:\Boot.bak
2009-04-03 16:19 . 2009-04-03 16:39 <DIR> d-------- C:\ComboFix
2009-04-03 16:19 . 2009-04-03 16:39 <DIR> d-------- C:\ComboFix
2009-03-29 20:25 . 2009-03-29 20:25 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-29 19:40 . 2009-03-29 20:33 <DIR> d-------- C:\SDFix
2009-03-29 19:40 . 2009-03-29 20:33 <DIR> d-------- C:\SDFix
2009-03-29 19:40 . 2009-03-29 20:33 <DIR> d-------- C:\SDFix
2009-03-29 18:46 . 2009-03-29 18:46 <DIR> d-------- c:\program files\7-Zip
2009-03-29 15:32 . 2009-03-29 15:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-29 15:32 . 2009-03-29 15:31 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-29 15:22 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-29 15:22 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 15:21 . 2009-03-29 15:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-29 15:21 . 2009-03-29 15:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-29 11:26 . 2009-03-29 11:26 <DIR> d-------- c:\program files\CCleaner
2009-03-28 16:41 . 2009-04-03 16:28 29,100 --a------ c:\windows\system32\BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-03-28 16:41 . 2009-04-03 16:28 29,100 --a------ c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-03-28 16:41 . 2009-04-03 16:28 11,564 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-03-28 16:40 . 2000-12-05 09:11 4,174,814 --------- c:\windows\system32\CT4MGM.SF2
2009-03-27 17:52 . 2008-04-14 05:42 1,306,624 --------- c:\windows\system32\msxml6.dll
2009-03-27 17:52 . 2008-04-14 05:42 1,306,624 -----c--- c:\windows\system32\dllcache\msxml6.dll
2009-03-27 17:52 . 2008-04-14 05:40 102,912 -----c--- c:\windows\system32\dllcache\dpcdll.dll
2009-03-27 17:52 . 2008-04-13 22:57 79,872 --------- c:\windows\system32\msxml6r.dll
2009-03-27 17:52 . 2008-04-13 22:57 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll
2009-03-27 17:45 . 2008-04-13 22:06 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2009-03-27 17:45 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2009-03-26 15:25 . 2009-04-03 16:38 <DIR> d-------- C:\Qoobox
2009-03-26 15:25 . 2009-04-03 16:38 <DIR> d-------- C:\Qoobox
2009-03-24 17:33 . 2009-03-24 17:35 <DIR> d-------- C:\483f9be7031adc42d3
2009-03-24 17:33 . 2009-03-24 17:35 <DIR> d-------- C:\483f9be7031adc42d3
2009-03-24 17:33 . 2009-03-24 17:35 <DIR> d-------- C:\483f9be7031adc42d3
2009-03-23 16:07 . 2009-03-23 16:07 <DIR> dra------ c:\program files\Norton Support
2009-03-23 15:46 . 2009-03-23 15:45 36,400 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-03-23 15:45 . 2009-03-23 15:45 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-23 15:45 . 2009-03-23 15:45 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-03-23 15:45 . 2009-03-23 15:45 7,386 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-23 15:45 . 2009-03-23 15:45 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-03-23 15:44 . 2009-03-23 15:44 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-03-23 15:44 . 2009-03-23 15:44 <DIR> d-------- c:\program files\Windows Sidebar
2009-03-23 15:42 . 2009-03-23 15:42 <DIR> d-------- c:\program files\NortonInstaller
2009-03-23 15:42 . 2009-03-23 15:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-23 15:42 . 2009-03-23 15:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-03-23 15:38 . 2009-03-23 15:38 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files
2009-03-17 16:25 . 2009-03-17 16:25 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-03-17 16:24 . 2009-03-29 11:14 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-03-17 16:24 . 2009-03-17 16:24 <DIR> d-------- c:\documents and settings\Matt Kirar\Application Data\TuneUp Software
2009-03-17 16:24 . 2009-03-17 16:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-17 16:24 . 2009-03-17 16:24 <DIR> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-17 16:01 . 805,306,368 C:\pagefile.sys
2009-03-17 16:01 . 805,306,368 C:\pagefile.sys
2009-03-16 18:25 . 2009-03-16 18:29 <DIR> d-------- c:\documents and settings\Matt Kirar\Application Data\mjusbsp
2009-03-16 06:08 . 2009-03-28 16:38 444,952 --a------ c:\windows\system32\wrap_oal.dll
2009-03-16 06:08 . 2009-04-03 16:28 30,648 --a------ c:\windows\system32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-03-16 06:08 . 2009-04-03 16:28 30,648 --a------ c:\windows\system32\BMXState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-03-16 05:50 . 2009-03-28 16:40 <DIR> d-------- c:\windows\system32\Defaults
2009-03-16 05:50 . 1998-01-07 12:00 1,048,576 --------- c:\windows\system32\SFMAN.DAT
2009-03-16 05:50 . 1998-06-04 13:00 84,992 --------- c:\windows\system32\SFCVRT32.DLL
2009-03-16 05:50 . 1995-08-29 13:02 82,432 --------- c:\windows\system32\CTWFLT32.DLL
2009-03-16 05:50 . 1995-07-12 13:01 26,768 --------- c:\windows\system32\CTL3D.DLL
2009-03-16 05:49 . 2002-07-18 22:07 319,488 --a------ c:\windows\system32\CTDEVCON.DLL
2009-03-16 05:49 . 2009-03-28 16:38 109,080 --a------ c:\windows\system32\OpenAL32.dll
2009-03-16 05:49 . 2002-07-18 21:43 65,536 --a--c--- c:\windows\system32\dllcache\a3d.dll
2009-03-16 05:49 . 2002-07-19 00:09 37,727 --a------ c:\windows\system32\Emu10kx.ini
2009-03-16 04:51 . 2009-03-16 04:51 <DIR> d-------- c:\documents and settings\Matt Kirar\Application Data\Norton Utilities 14
2009-03-16 04:42 . 2009-04-03 16:19 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-16 04:42 . 2009-03-16 04:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton Installer
2009-03-16 04:41 . 2009-03-16 18:05 <DIR> d-------- c:\program files\Norton Utilities 14
2009-03-15 22:07 . 2009-03-15 22:07 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-03-15 15:53 . 2008-04-14 00:15 60,032 --a------ c:\windows\system32\drivers\usbaudio.sys
2009-03-15 15:53 . 2008-04-14 00:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-08 18:23 . 2009-03-08 18:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 20:31 --------- d-----w c:\program files\Java
2009-03-28 21:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 21:38 --------- d-----w c:\documents and settings\Matt Kirar\Application Data\Creative
2009-03-24 02:47 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-23 20:48 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-23 20:45 --------- d-----w c:\program files\Symantec
2009-03-23 20:45 --------- d-----w c:\program files\Norton AntiVirus
2009-03-16 22:54 --------- d-----w c:\program files\Creative
2009-03-15 23:11 --------- d-----w c:\program files\Yahoo!
2009-03-15 23:09 --------- d-----w c:\program files\Google
2009-02-14 00:27 --------- d-----w c:\program files\SolidWorks
1998-08-24 19:09 10,000 ----a-w c:\windows\inf\unregpn.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2009-01-27 3831144]
"cdloader"="c:\documents and settings\Matt Kirar\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"FRYHIGHRES"="c:\program files\ATI Technologies\Fire GL Control Panel\atipmogl.dll" [2003-12-11 401408]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 148888]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-03 c:\windows\system32\Ati2mdxx.exe]
"WINDVDPatch"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
backup=c:\windows\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Matt Kirar^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Popup Defence Updater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskBar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskTray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTStartup]
--------- 2001-12-20 01:00 28672 c:\program files\Creative\Splash Screen\CTEaxSpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 11:06 110592 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 05:42 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 05:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-03 22:24 28672 c:\windows\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 19:00 1818624 c:\windows\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2002-02-06 17:32 344064 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2008-06-27 17:24 19456 c:\windows\system32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"gusvc"=3 (0x3)
"FreezeScreenSaver"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Matt Kirar\\Application Data\\mjusbsp\\magicJack.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [2009-03-23 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [2009-03-23 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [2009-03-23 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090331.007\IDSXpx86.sys [2009-04-03 276344]
R2 FGLRYUtil;FGLRYUTIL;c:\program files\ATI Technologies\Fire GL Control Panel\atiisrgl.exe [2006-04-20 49152]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-03-23 115560]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-23 101936]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\autorun.exe
\Shell\phone\command - H:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72956ba7-0aa6-11de-a9bb-00036d1b4bde}]
\Shell\AutoRun\command - H:\autorun.exe
\Shell\phone\command - H:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-03 c:\windows\Tasks\User_Feed_Synchronization-{1F868B2D-1567-4A11-A014-F82660AA4F01}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aol.com\free
Trusted Zone: musicmatch.com\online
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - hxxps://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 16:38:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-04-03 16:46:25
ComboFix-quarantined-files.txt 2009-04-03 21:46:16
Pre-Run: 11,520,589,824 bytes free
Post-Run: 11,529,412,608 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
266
-
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
KillAll::
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72956ba7-0aa6-11de-a9bb-00036d1b4bde}]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
(http://i154.photobucket.com/albums/s258/evilfantasy69/CFScript-1.gif)
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
-
Sorry for the delay between my posts. I have been traveling for work and away from my computer. Below is the log after following your latest instructions:
ComboFix 09-04-13.A2 - Matt Kirar 2009-04-13 16:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.219 [GMT -5:00]
Running from: c:\documents and settings\Matt Kirar\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matt Kirar\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.
2009-03-30 01:25 . 2009-03-30 01:25 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-03-30 01:23 . 2009-03-30 01:23 -------- d-----w c:\windows\ERUNT
2009-03-30 00:41 . 2009-04-13 21:49 3162278 ----a-w c:\windows\{00000002-00000000-00000000-00001102-00000004-00511102}.BAK
2009-03-30 00:40 . 2009-03-30 01:33 -------- d-----w C:\SDFix
2009-03-29 23:46 . 2009-03-29 23:46 -------- d-----w c:\program files\7-Zip
2009-03-29 20:32 . 2009-03-29 20:31 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-03-29 20:32 . 2009-03-29 20:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-29 20:22 . 2009-03-26 21:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-29 20:22 . 2009-03-26 21:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-29 20:21 . 2009-03-29 20:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-29 20:21 . 2009-03-29 20:21 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-29 16:26 . 2009-03-29 16:26 -------- d-----w c:\program files\CCleaner
2009-03-28 21:41 . 2009-04-13 21:47 29100 ----a-w c:\windows\system32\BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-03-28 21:41 . 2009-04-13 21:47 29100 ----a-w c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-03-28 21:41 . 2009-04-13 21:47 11564 ----a-w c:\windows\system32\DVCState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-03-28 21:40 . 2000-12-05 14:11 4174814 ------w c:\windows\system32\CT4MGM.SF2
2009-03-28 21:39 . 2009-04-13 21:49 3162278 ----a-w c:\windows\{00000002-00000000-00000000-00001102-00000004-00511102}.CDF
2009-03-27 22:52 . 2008-04-14 10:42 1306624 -c----w c:\windows\system32\dllcache\msxml6.dll
2009-03-27 22:52 . 2008-04-14 03:57 79872 -c----w c:\windows\system32\dllcache\msxml6r.dll
2009-03-27 22:52 . 2008-04-14 03:57 79872 ------w c:\windows\system32\msxml6r.dll
2009-03-27 22:52 . 2008-04-14 10:42 1306624 ------w c:\windows\system32\msxml6.dll
2009-03-27 22:52 . 2008-04-14 10:40 102912 -c----w c:\windows\system32\dllcache\dpcdll.dll
2009-03-27 22:45 . 2008-04-14 03:06 144384 ------w c:\windows\system32\drivers\hdaudbus.sys
2009-03-27 22:45 . 2008-04-14 05:10 10240 ------w c:\windows\system32\drivers\sffp_mmc.sys
2009-03-27 22:42 . 2006-12-29 05:31 19569 ----a-w c:\windows\006983_.tmp
2009-03-26 19:37 . 2006-12-29 05:31 19569 ----a-w c:\windows\003495_.tmp
2009-03-24 23:25 . 2006-12-29 05:31 19569 ----a-w c:\windows\003494_.tmp
2009-03-24 23:03 . 2006-12-29 05:31 19569 ----a-w c:\windows\005897_.tmp
2009-03-24 22:33 . 2009-03-24 22:35 -------- d-----w C:\483f9be7031adc42d3
2009-03-23 21:07 . 2009-03-23 21:07 -------- d---a-r c:\program files\Norton Support
2009-03-23 21:06 . 2009-03-23 21:06 -------- d-----w c:\documents and settings\Matt Kirar\Local Settings\Application Data\Symantec
2009-03-23 20:46 . 2009-03-23 20:45 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-03-23 20:45 . 2009-03-23 20:45 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-23 20:45 . 2009-03-23 20:45 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-23 20:45 . 2009-03-23 20:45 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-23 20:45 . 2009-03-23 20:45 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-23 20:44 . 2009-03-23 20:44 -------- d-----w c:\windows\system32\drivers\NAV
2009-03-23 20:44 . 2009-03-23 20:44 -------- d-----w c:\program files\Windows Sidebar
2009-03-23 20:42 . 2009-03-23 20:44 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-03-23 20:42 . 2009-03-23 20:42 -------- d-----w c:\program files\NortonInstaller
2009-03-23 20:42 . 2009-03-23 20:42 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-23 20:38 . 2009-03-23 20:38 -------- d-----w c:\documents and settings\All Users\Symantec Temporary Files
2009-03-17 21:25 . 2009-03-17 21:25 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-03-17 21:24 . 2009-03-17 21:24 -------- d-----w c:\documents and settings\Matt Kirar\Application Data\TuneUp Software
2009-03-17 21:24 . 2009-03-17 21:24 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-17 21:24 . 2009-03-29 16:14 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-17 21:24 . 2009-03-17 21:24 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-16 23:25 . 2009-03-16 23:29 -------- d-----w c:\documents and settings\Matt Kirar\Application Data\mjusbsp
2009-03-16 11:08 . 2009-04-13 21:47 30648 ----a-w c:\windows\system32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-03-16 11:08 . 2009-04-13 21:47 30648 ----a-w c:\windows\system32\BMXState-{00000002-00000000-00000000-00001102-00000004-00511102}.rfx
2009-03-16 11:08 . 2009-03-28 21:38 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-16 10:50 . 2000-05-11 06:00 90112 ------w c:\windows\Updreg.EXE
2009-03-16 10:50 . 1999-01-14 06:04 231 ------w c:\windows\AC3API.INI
2009-03-16 10:50 . 1996-05-22 18:24 24976 ------w c:\windows\CTRES.DLL
2009-03-16 10:50 . 1998-06-04 18:00 84992 ------w c:\windows\system32\SFCVRT32.DLL
2009-03-16 10:50 . 1998-01-07 17:00 1048576 ------w c:\windows\system32\SFMAN.DAT
2009-03-16 10:50 . 1995-08-29 18:02 82432 ------w c:\windows\system32\CTWFLT32.DLL
2009-03-16 10:50 . 1995-07-12 18:01 26768 ------w c:\windows\system32\CTL3D.DLL
2009-03-16 10:50 . 1994-12-04 19:11 53552 ------w c:\windows\CTCCW.DLL
2009-03-16 10:50 . 2009-03-28 21:40 -------- d-----w c:\windows\system32\Defaults
2009-03-16 10:49 . 2002-07-19 05:09 37727 ----a-w c:\windows\system32\Emu10kx.ini
2009-03-16 10:49 . 2009-03-28 21:38 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-16 10:49 . 2002-01-14 06:42 61440 ----a-w c:\windows\MIDIDEF.EXE
2009-03-16 10:49 . 2002-07-19 03:08 94208 ----a-w c:\windows\DEVREG.DLL
2009-03-16 10:49 . 2002-07-19 03:08 184320 ----a-w c:\windows\PSCONV.EXE
2009-03-16 10:49 . 2002-07-19 03:07 176128 ----a-w c:\windows\READREG.EXE
2009-03-16 10:49 . 2002-07-19 03:07 319488 ----a-w c:\windows\system32\CTDEVCON.DLL
2009-03-16 10:49 . 2002-07-02 06:35 3373917 ----a-w c:\windows\CTDV10K1.CDF
2009-03-16 10:49 . 2002-07-19 02:43 65536 -c--a-w c:\windows\system32\dllcache\a3d.dll
2009-03-16 09:51 . 2009-03-16 09:51 -------- d-----w c:\documents and settings\Matt Kirar\Application Data\Norton Utilities 14
2009-03-16 09:42 . 2009-03-16 09:42 -------- d-----w c:\documents and settings\All Users\Application Data\Norton Installer
2009-03-16 09:42 . 2009-04-13 21:49 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-16 09:41 . 2009-03-16 23:05 -------- d-----w c:\program files\Norton Utilities 14
2009-03-16 03:07 . 2009-03-16 03:07 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-15 23:11 . 2009-03-15 23:11 11 ----a-w c:\windows\SA2003.ini
2009-03-15 23:05 . 2009-03-15 23:05 -------- d-----w c:\documents and settings\Matt Kirar\Local Settings\Application Data\tjnet
2009-03-15 20:53 . 2008-04-14 05:15 60032 ----a-w c:\windows\system32\drivers\usbaudio.sys
2009-03-15 20:53 . 2008-04-14 05:15 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 20:31 . 2005-01-03 23:42 -------- d-----w c:\program files\Java
2009-03-28 21:39 . 2002-12-02 04:53 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 21:38 . 2004-11-03 00:41 -------- d-----w c:\documents and settings\Matt Kirar\Application Data\Creative
2009-03-27 23:16 . 2009-03-27 23:16 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009032720090328\index.dat
2009-03-27 22:56 . 2006-11-13 14:42 86665 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-03-27 22:44 . 2001-08-23 12:00 250048 --sha-r C:\ntldr
2009-03-24 02:47 . 2002-07-06 21:47 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-23 20:48 . 2002-07-06 21:47 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-23 20:45 . 2004-12-14 01:07 -------- d-----w c:\program files\Symantec
2009-03-23 20:45 . 2004-12-14 01:07 -------- d-----w c:\program files\Norton AntiVirus
2009-03-16 22:54 . 2002-07-06 04:37 -------- d-----w c:\program files\Creative
2009-03-15 23:11 . 2007-05-28 17:22 -------- d-----w c:\program files\Yahoo!
2009-03-15 23:09 . 2006-07-31 21:52 -------- d-----w c:\program files\Google
2009-03-08 23:23 . 2009-03-08 23:23 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Spyware
2009-02-14 00:27 . 2005-01-10 01:21 -------- d-----w c:\program files\SolidWorks
2006-11-16 02:49 . 2003-02-24 00:48 48384 ----a-w c:\documents and settings\Matt Kirar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2009-01-27 3831144]
"cdloader"="c:\documents and settings\Matt Kirar\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"FRYHIGHRES"="c:\program files\ATI Technologies\Fire GL Control Panel\atipmogl.dll" [2003-12-11 401408]
"Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 148888]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-03 c:\windows\system32\Ati2mdxx.exe]
"WINDVDPatch"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"1"="c:\windows\System32\BCHal.dll" [1999-04-07 68096]
"2"="c:\windows\System32\BlstCtrl.dll" [1999-04-26 101888]
"3"="c:\windows\System32\BCInfo.dll" [1999-04-07 85504]
"4"="c:\windows\System32\BCMon.dll" [1999-05-25 95744]
"5"="c:\windows\System32\BCColor.dll" [1999-04-26 109056]
"6"="c:\windows\System32\BCDesk.dll" [1999-04-27 104448]
"20"="c:\windows\System32\BCPref.dll" [1999-04-15 94720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
backup=c:\windows\pss\Image Transfer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Matt Kirar^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTStartup]
--------- 2001-12-20 01:00 28672 c:\program files\Creative\Splash Screen\CTEaxSpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 11:06 110592 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 05:42 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 05:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-03 22:24 28672 c:\windows\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 19:00 1818624 c:\windows\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2002-02-06 17:32 344064 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2008-06-27 17:24 19456 c:\windows\system32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"gusvc"=3 (0x3)
"FreezeScreenSaver"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Matt Kirar\\Application Data\\mjusbsp\\magicJack.exe"=
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [2009-03-23 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [2009-03-23 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\ccHPx86.sys [2009-03-23 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090408.002\IDSxpx86.sys [2009-03-23 276344]
S2 FGLRYUtil;FGLRYUtil;c:\program files\ATI Technologies\Fire GL Control Panel\atiisrgl.exe [2003-12-11 49152]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-03-23 115560]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-23 101936]
.
Contents of the 'Scheduled Tasks' folder
2009-04-13 c:\windows\Tasks\User_Feed_Synchronization-{1F868B2D-1567-4A11-A014-F82660AA4F01}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aol.com\free
Trusted Zone: musicmatch.com\online
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - hxxps://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 16:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1392)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-13 16:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-13 21:55
ComboFix2.txt 2009-04-03 21:46
Pre-Run: 11,454,083,072 bytes free
Post-Run: 11,444,260,864 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
258
-
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
- The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Download
ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your Desktop.
Alternate download link (http://majorgeeks.com/ATF_Cleaner_d4949.html)
Note: Vista users must use Run As Administrator (http://vistasupport.mvps.org/run_as_administrator.htm)
- Under Main: Select Files to Delete choose: Select All.
- Click the Empty Selected button.
- If you use Firefox browser click Firefox at the top and choose: Select All
- Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
- If you use Opera browser click Opera at the top and choose: Select All
- Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
- Click Exit on the Main menu to close the program.
.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.
----------
Download OTCleanIt.exe (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to your Desktop.
- Double-click OTCleanIt.exe.
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it yourself.
Important: Restart the computer before continuing.
-=---------
Use the ESET Online Antivirus Scanner (http://www.eset.com/onlinescan/index.php)
This scanner requires Internet Explorer
1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.
-
Below is what I got from Eset online scanner:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4004 (20090413)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=876ce336a8469742b6d4bab9596758fa
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-13 11:57:11
# local_time=2009-04-13 06:57:11 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=269093
# found=6
# scan_time=5014
C:\Documents and Settings\Matt Kirar\My Documents\marine2free.exe Win32/Adware.NdotNet application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Matt Kirar\My Documents\marine2free.exe »WISE »NNFRZA638.exe Win32/Adware.NdotNet application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Matt Kirar\My Documents\Drivers\iMeshV2.exe Win32/Adware.TimeSink application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Matt Kirar\My Documents\Drivers\iMeshV2.exe »WISE »tsad.dll Win32/Adware.TimeSink application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\6F0B847B-5610-449A-B1BC-CF7397.asq Win32/TrojanDropper.Small.UE trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Microsoft AntiSpyware\Quarantine\C1E0875E-75DA-4E6A-951F-C88A01\58114146-5F4B-43E0-BC9B-3AB853 Win32/Stupen.C joke (unable to clean - deleted) 00000000000000000000000000000000
-
How is the computer running now?
-
Man your good!!!!! No more error messages and my sound card is working again! Thanks Sooooo much for all your help! So did I have a virus that was causing all of my problems and will Norton be able to protect my system in the future?
-
No antivirus is bulletproof so anything can happen. Just be careful what you download.
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.