Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > pos.tmp, red x on C:, plus proxy...

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

pos.tmp, red x on C:, plus proxy...

Reply to Message Icon

Name: morellib
Date: February 3, 2008 at 23:29:21 Pacific
OS: Windows XP Home SP2
CPU/Ram: AMD 64 / 2.19GHz / 960MB
Product: HP Pavilion a1226n
Comment:

Right, so my parents have been have problems with their computer for ages now. They've been flooded with these pos.tmp files and the C: has been turned into a red X. I've been checking out a few of the forums and some of them have said to update Java files, etc. some have said to download a new spyware killing software, etc. Unfortunately, for whatever reason I'm completely unable to do any of those things because I continue to get errors that refuse to allow me to proceed. I did get HiJackThis, and ComboFix. I have ran them both and have the log files. Prior to that I ran the VundoFix and then the ATF Cleaner. The pos.tmp files seem to have vanished, but I am still having random troubles with things and my proxy settings for some reason don't work now? Plus the C: is still a red X.

If anyone can help I'd greatly appreciate it!

-Ben



Sponsored Link
Ads by Google

Response Number 1
Name: jabuck
Date: February 4, 2008 at 03:26:00 Pacific
Reply:

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Post a new Hijack This log and a new Combofix log please.


0

Response Number 2
Name: morellib
Date: February 4, 2008 at 04:06:35 Pacific
Reply:

Both of these logs are new... If you need the ones I ran last night let me know. Thanks again!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:14 AM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ALCXMNTR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8FAACD4A-1691-434B-B6D9-45E9F48BBE1D} - C:\WINDOWS\system32\pmkhe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: {d362c4a1-7bd2-e1bb-ff54-8f8aa5b2e7ef} - {fe7e2b5a-a8f8-45ff-bb1e-2db71a4c263d} - C:\WINDOWS\system32\tyurcsor.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Multimedia Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.ed...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: bw+0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 22657 bytes


ComboFix 08-02.03.1 - HP_Owner 2008-02-04 6:56:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.454 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-03 23:16 . 2008-02-03 23:16 <DIR> d-------- C:\Program Files\ACW
2008-02-03 22:07 . 2008-02-03 22:41 <DIR> d-------- C:\VundoFix Backups
2008-02-03 22:06 . 2008-02-03 22:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 22:06 . 2008-02-03 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 22:05 . 2008-02-03 22:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 14:40 . 2008-02-03 14:40 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 14:19 . 2008-02-03 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-02 16:30 . 2008-02-03 14:08 354 --ahs---- C:\WINDOWS\system32\rknveqvf.ini
2008-02-01 16:30 . 2008-02-01 16:30 294 --ahs---- C:\WINDOWS\system32\rexkpkru.ini
2008-01-11 17:54 . 2008-01-11 17:54 245,664 --a------ C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-01-11 17:54 . 2008-01-11 17:54 61,856 --a------ C:\WINDOWS\system32\ZuneBusEnum.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 00:08 --------- d-----w C:\Program Files\Zune
2008-02-04 00:05 --------- d-----w C:\Program Files\QuickTime
2008-02-03 23:50 --------- d-----w C:\Program Files\iTunes
2008-02-03 23:49 --------- d-----w C:\Program Files\HP Multimedia Keyboard
2008-02-03 23:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-03 22:51 --------- d-----w C:\Program Files\SymNetDrv
2008-02-03 22:51 --------- d-----w C:\Program Files\LIVEUPDATE
2008-02-03 22:49 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-03 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-03 20:59 --------- d-----w C:\Program Files\FilmLoop Player
2008-02-03 18:33 --------- d-----w C:\Program Files\Christmas Time 3D Screensaver
2008-02-03 02:34 --------- d-----w C:\Program Files\LimeWire
2008-01-11 22:39 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-01-02 00:49 781,264 ----a-w C:\WINDOWS\system32\msb51.exe
2008-01-02 00:49 773,168 ----a-w C:\WINDOWS\system32\p523.exe
2008-01-02 00:47 777,265 ----a-w C:\WINDOWS\system32\bngzb4.exe
2007-12-25 18:22 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-25 18:22 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-12-25 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 17:16 --------- d-----w C:\Program Files\Common Files\Remote Control USB Driver
2007-12-25 17:16 --------- d-----w C:\Program Files\Common Files\Remote Control Software Shared
2007-12-25 17:16 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\InstallShield
2007-12-25 17:06 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-12-25 17:06 --------- d-----w C:\Program Files\Logitech
2007-12-25 05:24 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-30 23:16 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-17 22:55 48,336 ----a-w C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-10-19 20:38 13,824 ----a-w C:\Documents and Settings\HP_Owner\atwbxdet.dll
2006-05-08 00:54 146 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
[code]


----a-w            61,440 2008-02-03 19:12:31  C:\hp\KBD\KBD .exe
----a-w           344,064 2008-02-03 19:07:49  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           155,648 2008-02-03 19:07:15  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w           180,269 2008-02-03 19:07:02  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            49,824 2008-02-03 19:06:34  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w         4,923,392 2008-02-03 20:59:17  C:\Program Files\FilmLoop Player\FilmLoop .exe
----a-w            49,152 2008-01-28 20:23:25  C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exe
----a-w            49,152 2008-02-03 19:06:54  C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
----a-w           245,760 2008-02-03 19:07:19  C:\Program Files\HP Multimedia Keyboard\KMaestro .exe
----a-w           267,064 2008-02-03 19:07:59  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2008-02-03 19:07:32  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w            61,440 2008-02-03 19:07:18  C:\Program Files\LIVEUPDATE\LiveUpdate .exe
----a-w            36,864 2008-02-03 19:08:26  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
----a-w         1,694,208 2008-01-23 23:39:41  C:\Program Files\Messenger\msmsgs .exe
----a-w            22,656 2008-02-03 19:06:37  C:\Program Files\Norton Internet Security\UrlLstCk .exe
----a-w           100,056 2008-02-03 19:07:06  C:\Program Files\SymNetDrv\SNDMon .exe
----a-w           204,288 2008-01-29 09:18:46  C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w           166,304 2008-02-03 19:08:00  C:\Program Files\Zune\ZuneLauncher .exe
[/code]


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FAACD4A-1691-434B-B6D9-45E9F48BBE1D}]
C:\WINDOWS\system32\pmkhe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe7e2b5a-a8f8-45ff-bb1e-2db71a4c263d}]
C:\WINDOWS\system32\tyurcsor.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [ ]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ]
"SMSERIAL"="sm56hlpr.exe" [2005-01-23 21:56 544768 C:\WINDOWS\sm56hlpr.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-23 04:16 144896]
"BtcMaestro"="C:\Program Files\HP Multimedia Keyboard\KMaestro.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 57344 C:\WINDOWS\Alcxmntr.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 03:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 01:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 00:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=C:\WINDOWS\pss\VersionTrackerPro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\pmkhe.exe

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1699d45e-5bd3-11db-95ce-0015f20a4716}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47bf4116-4a8b-11db-95ca-0015f20a4716}]
\Shell\AutoRun\command - E:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 19:49:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-21 01:38:11 C:\WINDOWS\Tasks\HPCeeSchedule.job"
- C:\PROGRA~1\EASYIN~1\Ceement\HPCEE.exe
"2008-02-02 03:07:21 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-04 12:00:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 07:00:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-04 7:01:18
ComboFix-quarantined-files.txt 2008-02-04 12:01:15
ComboFix2.txt 2008-02-04 05:05:20
.
2008-01-09 08:05:48 --- E O F ---


0

Response Number 3
Name: morellib
Date: February 4, 2008 at 12:37:51 Pacific
Reply:

Also, I don't know if this helps or changes anything but I've hit on what I'm actually having trouble with as far as browsing goes and it's https websites (so all that are secure). I can't go to any of them. I've tried everything, and I mean absolutely everything to attempt to restore my ability to do so, including using system restore, and every last step of the tutorials that I've read. Don't really know what to do there, but that's probably secondary compared to getting rid of the problem of the red x etc.



0

Response Number 4
Name: jabuck
Date: February 4, 2008 at 14:21:56 Pacific
Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RenV::
----a-w 61,440 2008-02-03 19:12:31 C:\hp\KBD\KBD .exe
----a-w 344,064 2008-02-03 19:07:49 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 155,648 2008-02-03 19:07:15 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w 180,269 2008-02-03 19:07:02 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 49,824 2008-02-03 19:06:34 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 4,923,392 2008-02-03 20:59:17 C:\Program Files\FilmLoop Player\FilmLoop .exe
----a-w 49,152 2008-01-28 20:23:25 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08 .exe
----a-w 49,152 2008-02-03 19:06:54 C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
----a-w 245,760 2008-02-03 19:07:19 C:\Program Files\HP Multimedia Keyboard\KMaestro .exe
----a-w 267,064 2008-02-03 19:07:59 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-02-03 19:07:32 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 61,440 2008-02-03 19:07:18 C:\Program Files\LIVEUPDATE\LiveUpdate .exe
----a-w 36,864 2008-02-03 19:08:26 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
----a-w 1,694,208 2008-01-23 23:39:41 C:\Program Files\Messenger\msmsgs .exe
----a-w 22,656 2008-02-03 19:06:37 C:\Program Files\Norton Internet Security\UrlLstCk .exe
----a-w 100,056 2008-02-03 19:07:06 C:\Program Files\SymNetDrv\SNDMon .exe----a-w 204,288 2008-01-29 09:18:46 C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w 166,304 2008-02-03 19:08:00 C:\Program Files\Zune\ZuneLauncher .exe

File::
C:\WINDOWS\ALCXMNTR.exe
C:\WINDOWS\system32\rknveqvf.ini
C:\WINDOWS\system32\rexkpkru.ini
C:\WINDOWS\system32\msb51.exe
C:\WINDOWS\system32\p523.exe
C:\WINDOWS\system32\bngzb4.exe
C:\WINDOWS\system32\tyurcsor.dll
C:\WINDOWS\system32\pmkhe.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FAACD4A-1691-434B-B6D9-45E9F48BBE1D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe7e2b5a-a8f8-45ff-bb1e-2db71a4c263d}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Post a new Combofix log and a new Hijack This log please.


0

Response Number 5
Name: morellib
Date: February 4, 2008 at 17:08:20 Pacific
Reply:

Here are the new logs as you requested...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:33 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Multimedia Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.ed...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: bw+0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {00B7E06D-911B-48FF-A97E-C042F183C7AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 21905 bytes


ComboFix 08-02.03.1 - HP_Owner 2008-02-04 19:53:11.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.424 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-04 14:42 . 2008-02-04 14:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 14:42 . 2008-02-04 14:42 <DIR> d-------- C:\Program Files\ACW
2008-02-04 14:25 . 2001-08-17 13:28 771,581 --a------ C:\WINDOWS\system32\dllcache\winacisa.sys
2008-02-04 14:24 . 2001-08-17 13:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-02-04 14:23 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-04 14:22 . 2004-08-04 00:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-04 14:21 . 2001-08-17 14:56 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-02-04 14:20 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-02-04 14:19 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-02-04 14:18 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-04 14:17 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-02-04 14:16 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-04 14:15 . 2004-08-04 00:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-02-04 14:14 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-02-04 14:13 . 2004-08-04 00:56 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-02-04 14:12 . 2004-08-04 00:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-04 14:11 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\system32\dllcache\mgaum.sys
2008-02-04 14:10 . 2004-08-04 00:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-02-04 14:09 . 2004-08-04 00:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-02-04 14:08 . 2004-08-04 00:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-04 14:07 . 2001-08-17 13:28 907,456 --a------ C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-02-04 14:06 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-04 14:05 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-02-04 14:04 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-04 14:03 . 2004-08-04 00:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-04 14:02 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-02-04 14:01 . 2004-08-04 00:56 870,784 --a------ C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-02-04 14:00 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-03 22:07 . 2008-02-03 22:41 <DIR> d-------- C:\VundoFix Backups
2008-02-03 22:06 . 2008-02-03 22:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 22:06 . 2008-02-03 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 14:40 . 2008-02-03 14:40 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 14:19 . 2008-02-03 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 17:54 . 2008-01-11 17:54 245,664 --a------ C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-01-11 17:54 . 2008-01-11 17:54 61,856 --a------ C:\WINDOWS\system32\ZuneBusEnum.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 00:32 --------- d-----w C:\Program Files\Zune
2008-02-05 00:32 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-05 00:32 --------- d-----w C:\Program Files\LIVEUPDATE
2008-02-05 00:32 --------- d-----w C:\Program Files\iTunes
2008-02-05 00:32 --------- d-----w C:\Program Files\HP Multimedia Keyboard
2008-02-05 00:32 --------- d-----w C:\Program Files\FilmLoop Player
2008-02-05 00:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 00:05 --------- d-----w C:\Program Files\QuickTime
2008-02-03 22:51 --------- d-----w C:\Program Files\SymNetDrv
2008-02-03 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-03 18:33 --------- d-----w C:\Program Files\Christmas Time 3D Screensaver
2008-02-03 02:34 --------- d-----w C:\Program Files\LimeWire
2008-01-11 22:39 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2007-12-25 18:22 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-25 18:22 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-12-25 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 17:16 --------- d-----w C:\Program Files\Common Files\Remote Control USB Driver
2007-12-25 17:16 --------- d-----w C:\Program Files\Common Files\Remote Control Software Shared
2007-12-25 17:16 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\InstallShield
2007-12-25 17:06 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-12-25 17:06 --------- d-----w C:\Program Files\Logitech
2007-12-25 05:24 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-30 23:16 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-17 22:55 48,336 ----a-w C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-10-19 20:38 13,824 ----a-w C:\Documents and Settings\HP_Owner\atwbxdet.dll
2006-05-08 00:54 146 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
[code]


----a-w           100,056 2008-02-03 19:07:06  C:\Program Files\SymNetDrv\SNDMon .exe
[/code]


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-03 14:08 36864]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-29 04:18 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-01-28 15:23 49152]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-03 14:06 49824]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ]
"SMSERIAL"="sm56hlpr.exe" [2005-01-23 21:56 544768 C:\WINDOWS\sm56hlpr.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-03 14:07 180269]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-23 04:16 144896]
"BtcMaestro"="C:\Program Files\HP Multimedia Keyboard\KMaestro.exe" [2008-02-03 14:07 245760]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-02-03 14:07 132496]
"AlcxMonitor"="ALCXMNTR.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-03 14:07 267064]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-02-03 14:08 166304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 03:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 01:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 00:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=C:\WINDOWS\pss\VersionTrackerPro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\pmkhe.exe

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1699d45e-5bd3-11db-95ce-0015f20a4716}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47bf4116-4a8b-11db-95ca-0015f20a4716}]
\Shell\AutoRun\command - E:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 19:49:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-21 01:38:11 C:\WINDOWS\Tasks\HPCeeSchedule.job"
- C:\PROGRA~1\EASYIN~1\Ceement\HPCEE.exe
"2008-02-02 03:07:21 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-05 00:50:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 19:53:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-04 19:54:33
ComboFix-quarantined-files.txt 2008-02-05 00:54:25
ComboFix2.txt 2008-02-05 00:36:29
ComboFix3.txt 2008-02-04 12:01:18
ComboFix4.txt 2008-02-04 05:05:20
.
2008-01-09 08:05:48 --- E O F ---

Let me know if you need me to do anything else. Thanks!


0

Related Posts

See More



Response Number 6
Name: jabuck
Date: February 4, 2008 at 19:01:08 Pacific
Reply:

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=...

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe

Exit Hijack This.

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RenV::
----a-w 100,056 2008-02-03 19:07:06 C:\Program Files\SymNetDrv\SNDMon .exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Post a new Combofix log.


0

Response Number 7
Name: morellib
Date: February 4, 2008 at 22:36:50 Pacific
Reply:

Ok, I followed the instructions exactly and here are the ComboFix Log, and the KScan log...


ComboFix 08-02.03.1 - HP_Owner 2008-02-04 23:27:28.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.541 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-04 14:42 . 2008-02-04 14:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 14:42 . 2008-02-04 14:42 <DIR> d-------- C:\Program Files\ACW
2008-02-04 14:25 . 2001-08-17 13:28 771,581 --a------ C:\WINDOWS\system32\dllcache\winacisa.sys
2008-02-04 14:24 . 2001-08-17 13:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-02-04 14:23 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-04 14:22 . 2004-08-04 00:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-04 14:21 . 2001-08-17 14:56 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-02-04 14:20 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-02-04 14:19 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-02-04 14:18 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-04 14:17 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-02-04 14:16 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-04 14:15 . 2004-08-04 00:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-02-04 14:14 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-02-04 14:13 . 2004-08-04 00:56 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-02-04 14:12 . 2004-08-04 00:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-04 14:11 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\system32\dllcache\mgaum.sys
2008-02-04 14:10 . 2004-08-04 00:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-02-04 14:09 . 2004-08-04 00:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-02-04 14:08 . 2004-08-04 00:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-04 14:07 . 2001-08-17 13:28 907,456 --a------ C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-02-04 14:06 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-04 14:05 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-02-04 14:04 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-04 14:03 . 2004-08-04 00:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-04 14:02 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-02-04 14:01 . 2004-08-04 00:56 870,784 --a------ C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-02-04 14:00 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-03 22:07 . 2008-02-03 22:41 <DIR> d-------- C:\VundoFix Backups
2008-02-03 22:06 . 2008-02-03 22:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 22:06 . 2008-02-03 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 14:40 . 2008-02-03 14:40 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 14:19 . 2008-02-03 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 17:54 . 2008-01-11 17:54 245,664 --a------ C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-01-11 17:54 . 2008-01-11 17:54 61,856 --a------ C:\WINDOWS\system32\ZuneBusEnum.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 04:27 --------- d-----w C:\Program Files\SymNetDrv
2008-02-05 00:32 --------- d-----w C:\Program Files\Zune
2008-02-05 00:32 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-05 00:32 --------- d-----w C:\Program Files\LIVEUPDATE
2008-02-05 00:32 --------- d-----w C:\Program Files\iTunes
2008-02-05 00:32 --------- d-----w C:\Program Files\HP Multimedia Keyboard
2008-02-05 00:32 --------- d-----w C:\Program Files\FilmLoop Player
2008-02-05 00:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 00:05 --------- d-----w C:\Program Files\QuickTime
2008-02-03 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-03 18:33 --------- d-----w C:\Program Files\Christmas Time 3D Screensaver
2008-02-03 02:34 --------- d-----w C:\Program Files\LimeWire
2008-01-11 22:39 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2007-12-25 18:22 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-25 18:22 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-12-25 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 17:16 --------- d-----w C:\Program Files\Common Files\Remote Control USB Driver
2007-12-25 17:16 --------- d-----w C:\Program Files\Common Files\Remote Control Software Shared
2007-12-25 17:16 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\InstallShield
2007-12-25 17:06 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-12-25 17:06 --------- d-----w C:\Program Files\Logitech
2007-12-25 05:24 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-30 23:16 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-17 22:55 48,336 ----a-w C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-10-19 20:38 13,824 ----a-w C:\Documents and Settings\HP_Owner\atwbxdet.dll
2006-05-08 00:54 146 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-03 14:08 36864]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-29 04:18 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-01-28 15:23 49152]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-03 14:06 49824]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ]
"SMSERIAL"="sm56hlpr.exe" [2005-01-23 21:56 544768 C:\WINDOWS\sm56hlpr.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-03 14:07 180269]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-23 04:16 144896]
"BtcMaestro"="C:\Program Files\HP Multimedia Keyboard\KMaestro.exe" [2008-02-03 14:07 245760]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-02-03 14:07 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-03 14:07 267064]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-02-03 14:08 166304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 03:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 01:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 00:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=C:\WINDOWS\pss\VersionTrackerPro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:00 15360 C:\WINDOWS\system32\ctfmon.exe

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1699d45e-5bd3-11db-95ce-0015f20a4716}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47bf4116-4a8b-11db-95ca-0015f20a4716}]
\Shell\AutoRun\command - E:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 19:49:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-21 01:38:11 C:\WINDOWS\Tasks\HPCeeSchedule.job"
- C:\PROGRA~1\EASYIN~1\Ceement\HPCEE.exe
"2008-02-02 03:07:21 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-05 04:30:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 23:31:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-04 23:31:51
ComboFix-quarantined-files.txt 2008-02-05 04:31:49
ComboFix2.txt 2008-02-05 00:54:33
ComboFix3.txt 2008-02-05 00:36:29
ComboFix4.txt 2008-02-04 12:01:18
ComboFix5.txt 2008-02-04 05:05:20
.
2008-01-09 08:05:48 --- E O F ---


---------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 1:34:10 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 548987
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 108309
Number of viruses found: 11
Number of infected objects: 47
Number of suspicious objects: 0
Duration of the scan process: 01:35:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012008020420080205\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Zune\ZuneNSSStore.sdf Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12890294.cab/elite.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.h skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12890294.cab CAB: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12890294.cab CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\13D54C6B.htm Infected: Trojan-Downloader.HTML.Agent.ad skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2F8813C4.htm Infected: Trojan-Downloader.HTML.Agent.ad skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3A6A314C.cab/elite.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.h skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3A6A314C.cab CAB: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3A6A314C.cab CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61C95D3D.htm Infected: Trojan-Downloader.HTML.Agent.ad skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\642E3B5B.htm Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\763E017D.cab/elite.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.h skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\763E017D.cab CAB: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\763E017D.cab CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77746667.cab/elite.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.h skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77746667.cab CAB: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77746667.cab CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79497D1E.htm Infected: Trojan-Downloader.HTML.Agent.ad skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79520E42.cab/elite.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.h skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79520E42.cab CAB: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79520E42.cab CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0556NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0760NAV~.TMP Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll.vir Infected: not-a-virus:AdWare.Win32.Comet.ac skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\742828.exe.vir Infected: Trojan-Clicker.Win32.Agent.rc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\leeowsdr.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wyiiecao.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP779\change.log Object is locked skipped
C:\VundoFix Backups\bsaeqgid.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\fwksrbau.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\gdnsohlo.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\hqoexffa.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\ibuhremd.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\iifeecd.dll.bad Infected: Trojan-Downloader.Win32.Small.hje skipped
C:\VundoFix Backups\ldtminoj.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\leeowsdr.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\liktafpw.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\llnndstv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pmkhe.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\pxdsdars.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\ramxyguh.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\soshtner.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\spucmefj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\tyurcsor.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\VundoFix Backups\vbwqlvil.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\xmicwapy.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\yqchjgid.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{163EA55F-6E58-4341-84BD-09CD08E6CF06}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\I386\Apps\APP03535\src\HPSummer2005.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
D:\I386\Apps\APP03535\src\HPSummer2005.exe WiseSFX: infected - 1 skipped
D:\I386\Apps\APP03535\src\HPSummer2005.exe WiseSFXDropper: infected - 1 skipped
D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP779\change.log Object is locked skipped

Scan process completed.


0

Response Number 8
Name: jabuck
Date: February 5, 2008 at 03:30:41 Pacific
Reply:

Navigate to and delete the contents of this folder but not the folder itself:

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine

Open Notepad and copy/paste everything between the X"s into it and make sure "Folder::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Folder::
C:\VundoFix Backups
C:\QooBox

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Lets see if bitdefender will remove the baddie on your D: drive.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.


0

Response Number 9
Name: morellib
Date: February 5, 2008 at 06:14:54 Pacific
Reply:

The scanner said that our computer is still infected, although the number of viruses found has certainly gone down. Here is the scan report:

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">

<span style="font-size:14pt;">BitDefender
Online Scanner</span></p>
</td>
<td width="40%">

</p>
</td>
<td width="10%">

</p>
</td>
</tr>
<tr>
<td colspan="3" width="912">

<span style="font-size:11pt;">Scan report generated
at: Tue, Feb 05, 2008 - 08:20:27</span></p>
</td>
</tr>

<tr>
<td width="458">

<span style="font-size:11pt;"> </span></p>
</td>
<td width="40%">

</p>
</td>
<td width="10%">

</p>
</td>
</tr>

<tr>
<td width="458">

<span style="font-size:11pt;">Scan
path: </span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;</span></p>
</td>
<td width="40%">

</p>
</td>
<td width="10%">

</p>
</td>
</tr>

<tr>
<td width="458">

<span style="font-size:11pt;"> </span></p>
</td>
<td width="40%">

</p>
</td>
<td width="10%">

</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">

Statistics</p>
</td>
</tr>
<tr>
<td width="57%">

Time</p>
</td>
<td width="43%" align="right">

01:04:30</p>
</td>
</tr>
<tr>
<td width="57%">

Files</p>
</td>
<td width="43%" align="right">

447442</p>
</td>
</tr>
<tr>
<td width="57%">

Folders</p>
</td>
<td width="43%" align="right">

10311</p>
</td>
</tr>
<tr>
<td width="57%">

Boot Sectors</p>
</td>
<td width="43%" align="right">

3</p>
</td>
</tr>
<tr>
<td width="57%">

Archives</p>
</td>
<td width="43%" align="right">

14905</p>
</td>
</tr>
<tr>
<td width="57%">

Packed Files</p>
</td>
<td width="43%" align="right">

21676</p>
</td>
</tr>
</table>
</td>
<td width="40%">

</p>
</td>
<td width="10%">

</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">

Results</p>
</td>
</tr>
<tr>
<td width="57%">

Identified Viruses </p>
</td>
<td width="43%" align="right">

3</p>
</td>
</tr>
<tr>
<td width="57%">

Infected Files </p>
</td>
<td width="43%" align="right">

8</p>
</td>
</tr>
<tr>
<td width="57%">

Suspect Files </p>
</td>
<td width="43%" align="right">

0</p>
</td>
</tr>
<tr>
<td width="57%">

Warnings</p>
</td>
<td width="43%" align="right">

0</p>
</td>
</tr>
<tr>
<td width="57%">

Disinfected</p>
</td>
<td width="43%" align="right">

0</p>
</td>
</tr>
<tr>
<td width="57%">

Deleted Files</p>
</td>
<td width="43%" align="right">

8</p>
</td>
</tr>
</table>
</td>
<td width="40%">

</p>
</td>
<td width="10%">

</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">

Engines Info</p>
</td>
</tr>
<tr>
<td width="57%">

Virus Definitions</p>
</td>
<td width="43%" align="right">

978997</p>
</td>
</tr>
<tr>
<td width="57%">

Engine build</p>
</td>
<td width="43%" align="right">

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</p>
</td>
</tr>
<tr>
<td width="57%">

Scan plugins</p>
</td>
<td width="43%" align="right">

16</p>
</td>
</tr>
<tr>
<td width="57%">

Archive plugins</p>
</td>
<td width="43%" align="right">

41</p>
</td>
</tr>
<tr>
<td width="57%">

Unpack plugins</p>
</td>
<td width="43%" align="right">

7</p>
</td>
</tr>
<tr>
<td width="57%">

E-mail plugins</p>
</td>
<td width="43%" align="right">

6</p>
</td>
</tr>
<tr>
<td width="57%">

System plugins</p>
</td>
<td width="43%" align="right">

5</p>
</td>
</tr>
</table>
</td>
<td width="40%">

</p>
</td>
<td width="10%">

</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">

Scan Settings</p>
</td>
</tr>
<tr>
<td width="57%">

First Action</p>
</td>
<td width="43%" align="right">

Disinfect</p>
</td>
</tr>
<tr>
<td width="57%">

Second Action</p>
</td>
<td width="43%" align="right">

Delete</p>
</td>
</tr>
<tr>
<td width="57%">

Heuristics</p>
</td>
<td width="43%" align="right">

Yes</p>
</td>
</tr>
<tr>
<td width="57%">

Enable Warnings</p>
</td>
<td width="43%" align="right">

Yes</p>
</td>
</tr>
<tr>
<td width="57%">

Scanned Extensions</p>
</td>
<td width="43%" align="right">

*;</p>
</td>
</tr>

<tr>
<td width="57%">

Exclude Extensions</p>
</td>
<td width="43%" align="right">

</p>
</td>
</tr>
<tr>
<td width="57%">

Scan Emails</p>
</td>
<td width="43%" align="right">

Yes</p>
</td>
</tr>
<tr>
<td width="57%">

Scan Archives</p>
</td>
<td width="43%" align="right">

Yes</p>
</td>
</tr>
<tr>
<td width="57%">

Scan Packed</p>
</td>
<td width="43%" align="right">

Yes</p>
</td>
</tr>
<tr>
<td width="57%">

Scan Files</p>
</td>
<td width="43%" align="right">

Yes</p>
</td>
</tr>
<tr>
<td width="57%">

Scan Boot</p>
</td>
<td width="43%" align="right">

Yes</p>
</td>
</tr>
</table>
</td>
<td width="40%">

</p>
</td>
<td width="10%">

</p>
</td>
</tr>

<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">

Scanned File</p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"> Status</p>
</td>
</tr>
<tr>
<td width="57%">

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008</p>
</td>
<td width="43%" align="left">

Detected with: Adware.AWS.A</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008</p>
</td>
<td width="43%" align="left">

Deleted</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\AIM\Sysfiles\WxBug.EXE</p>
</td>
<td width="43%" align="left">

Update failed</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)=>wise0008</p>
</td>
<td width="43%" align="left">

Detected with: Adware.AWS.A</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)=>wise0008</p>
</td>
<td width="43%" align="left">

Deleted</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>(Embedded EXE r)</p>
</td>
<td width="43%" align="left">

Update failed</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll</p>
</td>
<td width="43%" align="left">

Detected with: Adware.AWS.A</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll</p>
</td>
<td width="43%" align="left">

Deleted</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\WebEx\ieatgpc.dll</p>
</td>
<td width="43%" align="left">

Detected with: Adware.Webex.A</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\WebEx\ieatgpc.dll</p>
</td>
<td width="43%" align="left">

Deleted</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\WebEx\ieatgpc.tmp=>ieatgpc.dll</p>
</td>
<td width="43%" align="left">

Detected with: Adware.Webex.A</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\WebEx\ieatgpc.tmp=>ieatgpc.dll</p>
</td>
<td width="43%" align="left">

Deleted</p>
</td>
</tr><tr>
<td width="57%">

C:\Program Files\WebEx\ieatgpc.tmp</p>
</td>
<td width="43%" align="left">

Updated</p>
</td>
</tr><tr>
<td width="57%">

C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP780\A0054861.dll</p>
</td>
<td width="43%" align="left">

Detected with: Adware.AWS.A</p>
</td>
</tr><tr>
<td width="57%">

C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP780\A0054861.dll</p>
</td>
<td width="43%" align="left">

Deleted</p>
</td>
</tr><tr>
<td width="57%">

C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP780\A0054862.dll</p>
</td>
<td width="43%" align="left">

Detected with: Adware.Webex.A</p>
</td>
</tr><tr>
<td width="57%">

C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP780\A0054862.dll</p>
</td>
<td width="43%" align="left">

Deleted</p>
</td>
</tr><tr>
<td width="57%">

C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf</p>
</td>
<td width="43%" align="left">

Detected with: Application.MWS</p>
</td>
</tr><tr>
<td width="57%">

C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf</p>
</td>
<td width="43%" align="left">

Deleted</p>
</td>
</tr>
</table>
</td>

<td width="10%">

</p>
</td>
</tr>

<tr>
<td width="458">

<span style="font-size:11pt;"> </span></p>
</td>
<td width="40%">

</p>
</td>
<td width="10%">

</p>
</td>
</tr>

<tr>
<td width="458">

<span style="font-size:11pt;"> </span></p>
</td>
<td width="40%">

</p>
</td>
<td width="10%">

</p>
</td>
</tr>

</table>

</p>

</body>
</html>

ComboFix 08-02.03.1 - HP_Owner 2008-02-05 9:03:41.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.405 [GMT -5:00]Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-05 07:11 . 2008-02-05 08:20 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-04 23:34 . 2008-02-04 23:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-04 23:34 . 2008-02-04 23:34 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-04 23:34 . 2008-02-04 23:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-04 14:42 . 2008-02-04 14:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 14:42 . 2008-02-04 14:42 <DIR> d-------- C:\Program Files\ACW
2008-02-04 14:25 . 2001-08-17 13:28 771,581 --a------ C:\WINDOWS\system32\dllcache\winacisa.sys
2008-02-04 14:24 . 2001-08-17 13:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-02-04 14:23 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-04 14:22 . 2004-08-04 00:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-02-04 14:21 . 2001-08-17 14:56 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-02-04 14:20 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-02-04 14:19 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-02-04 14:18 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-04 14:17 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-02-04 14:16 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-04 14:15 . 2004-08-04 00:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-02-04 14:14 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-02-04 14:13 . 2004-08-04 00:56 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-02-04 14:12 . 2004-08-04 00:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-04 14:11 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\system32\dllcache\mgaum.sys
2008-02-04 14:10 . 2004-08-04 00:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-02-04 14:09 . 2004-08-04 00:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-02-04 14:08 . 2004-08-04 00:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-04 14:07 . 2001-08-17 13:28 907,456 --a------ C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-02-04 14:06 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-04 14:05 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-02-04 14:04 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-04 14:03 . 2004-08-04 00:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-02-04 14:02 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-02-04 14:01 . 2004-08-04 00:56 870,784 --a------ C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-02-04 14:00 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-02-03 22:06 . 2008-02-03 22:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-03 22:06 . 2008-02-03 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 14:40 . 2008-02-03 14:40 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 14:19 . 2008-02-03 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 17:54 . 2008-01-11 17:54 245,664 --a------ C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-01-11 17:54 . 2008-01-11 17:54 61,856 --a------ C:\WINDOWS\system32\ZuneBusEnum.exe
2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 12:53 --------- d-----w C:\Program Files\WebEx
2008-02-05 04:27 --------- d-----w C:\Program Files\SymNetDrv
2008-02-05 00:32 --------- d-----w C:\Program Files\Zune
2008-02-05 00:32 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-05 00:32 --------- d-----w C:\Program Files\LIVEUPDATE
2008-02-05 00:32 --------- d-----w C:\Program Files\iTunes
2008-02-05 00:32 --------- d-----w C:\Program Files\HP Multimedia Keyboard
2008-02-05 00:32 --------- d-----w C:\Program Files\FilmLoop Player
2008-02-05 00:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 00:05 --------- d-----w C:\Program Files\QuickTime
2008-02-03 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-03 18:33 --------- d-----w C:\Program Files\Christmas Time 3D Screensaver
2008-02-03 02:34 --------- d-----w C:\Program Files\LimeWire
2008-01-11 22:39 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2007-12-25 18:22 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-25 18:22 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-12-25 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 17:16 --------- d-----w C:\Program Files\Common Files\Remote Control USB Driver
2007-12-25 17:16 --------- d-----w C:\Program Files\Common Files\Remote Control Software Shared
2007-12-25 17:16 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\InstallShield
2007-12-25 17:06 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-12-25 17:06 --------- d-----w C:\Program Files\Logitech
2007-12-25 05:24 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-30 23:16 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-17 22:55 48,336 ----a-w C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-10-19 20:38 13,824 ----a-w C:\Documents and Settings\HP_Owner\atwbxdet.dll
2006-05-08 00:54 146 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-02-03 14:08 36864]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-29 04:18 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2008-01-28 15:23 49152]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-03 14:06 49824]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ]
"SMSERIAL"="sm56hlpr.exe" [2005-01-23 21:56 544768 C:\WINDOWS\sm56hlpr.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-03 14:07 180269]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-23 04:16 144896]
"BtcMaestro"="C:\Program Files\HP Multimedia Keyboard\KMaestro.exe" [2008-02-03 14:07 245760]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-02-03 14:07 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-03 14:07 267064]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-02-03 14:08 166304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 03:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 01:23:26 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 00:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=C:\WINDOWS\pss\VersionTrackerPro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:00 15360 C:\WINDOWS\system32\ctfmon.exe

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
S3 PortlUSB;PortlUSB;C:\WINDOWS\system32\DRIVERS\SiriusUSB.sys []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1699d45e-5bd3-11db-95ce-0015f20a4716}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47bf4116-4a8b-11db-95ca-0015f20a4716}]
\Shell\AutoRun\command - E:\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 19:49:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-21 01:38:11 C:\WINDOWS\Tasks\HPCeeSchedule.job"
- C:\PROGRA~1\EASYIN~1\Ceement\HPCEE.exe
"2008-02-02 03:07:21 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-05 14:05:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 09:07:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 9:08:30
ComboFix2.txt 2008-02-05 11:57:40
.
2008-01-09 08:05:48 --- E O F ---


I really think we're getting close now haha. Thanks for all your help so far!


0

Response Number 10
Name: jabuck
Date: February 5, 2008 at 18:05:19 Pacific
Reply:

Navigate to and delete this file if found:

D:\I386\Apps\APP03535\src\HPSummer2005.exe

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run the Kaspersky scan again and post it's log.

The Bitdefender info did not make any since to me.


0

Response Number 11
Name: morellib
Date: February 5, 2008 at 20:14:53 Pacific
Reply:

Alright, just ran the Kaspersky again and it came up with 1 virus this time (it says 3 infected files though...). I had a job trying to get into the D: drive (as it's the recovery stuff and it refused to allow me in so I got some program called Total Commander which allowed me to view, explore, and edit the files in D: as I wished).

Things seem to be shaping up better with each time I follow your instructions although the C: is still a red X, and I am still completely unable to access secure websites, the computer is running more smoothly than it ever has. I really appreciate all the help!

Here's the scan log as you requested:


---------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 11:10:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 550336
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 105888
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 01:36:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-05_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Aim\YourEarSmells\cert8.db Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Aim\YourEarSmells\key3.db Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9kvrqeyy.default\cert8.db Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9kvrqeyy.default\history.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9kvrqeyy.default\key3.db Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9kvrqeyy.default\parent.lock Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9kvrqeyy.default\search.sqlite Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\9kvrqeyy.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\9kvrqeyy.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\9kvrqeyy.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\9kvrqeyy.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\9kvrqeyy.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012008020520080206\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Zune\ZuneNSSStore.sdf Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0556NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0760NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP781\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C7342485-B41A-4359-8182-2F2DCC100159}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP781\change.log Object is locked skipped
D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP781\A0054920.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP781\A0054920.exe WiseSFX: infected - 1 skipped
D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP781\A0054920.exe WiseSFXDropper: infected - 1 skipped

Scan process completed.


0

Response Number 12
Name: jabuck
Date: February 6, 2008 at 03:30:31 Pacific
Reply:

In system restore look for an option to empty drive D:, as it appears that it is not being emptied, go to start>control panel>system>system restore tab> look for a way to select drive D:> check the box beside "turn off system restore> apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

This should fix the red X.

Go to start> run> type in notepad > ok. Copy paste the following into notepad making [autorun] the very top line:

[autorun]

ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8

Click "save as"> then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.

Next type "C:\autorun.inf" (you must use the quotes) in the file name window> click save.

Restart the computer.

Let us know the reults please.


0

Response Number 13
Name: morellib
Date: February 6, 2008 at 04:45:00 Pacific
Reply:

It looks like everything's fixed! Thank you so much for all your help!

I am curious though, any ideas on why the secure site ability was lost at all?

I am also concerned about the vast number of viruses that were found in initial scans. Do you recommend that I pay to renew my Norton Anti-virus? I had not at first on this computer and realized my parents had no virus scanner so I picked up a freeware scanner: Avira AntiVir, but wasn't sure about its reliability...

And lastly, what about that final random object that was found by the kaspersky scan last night, is it something that ought to be deleted or no?

Once again, brilliant work, thanks so much!


0

Response Number 14
Name: jabuck
Date: February 6, 2008 at 14:43:32 Pacific
Reply:

If you are now able to access the secure sites that you previously could not access I suspect that the sites that you were able to detect the infections on your computer and locked you out.

I use the free version of AVG, you can download it at this link:
AVG Free Antivirus

You should consider adding "Spywareblaster" to your arsenol of antispyware tools as just and antivirus is simply not enough protection, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

On kaspersky and the final random object: I suppose you are talking about the items in D: system restore, if not let me know, but the directions in my last post sould have cleaned all but change.log.

If there are any Java versions on your computer older than 1.6.0.0_3 they need to be removed. Go to start> control panel> add/remove programs and look, if found uninstall them. While in add/remove program I would uninstall LimeWire as it is known to house trojans.


0

Response Number 15
Name: morellib
Date: February 6, 2008 at 18:55:36 Pacific
Reply:

Right, everything's all done. I just wanted to thank you again for all the help you've given us. The computer is running better than it has in months now thanks to you. I've got those programs running, old versions of Java deleted and limewire is slated for eviction soon as well.

I really can't thank you enough for everything!


0

Response Number 16
Name: jabuck
Date: February 6, 2008 at 19:07:01 Pacific
Reply:

Glad we could help.


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: pos.tmp, red x on C:, plus proxy...
red x on c: and pos.tmp.files. www.computing.net/answers/security/red-x-on-c-and-postmpfiles/22409.html

pos.tmp files, red x on c:/ www.computing.net/answers/security/postmp-files-red-x-on-c/22196.html

Red x on C + pos files www.computing.net/answers/security/red-x-on-c-pos-files/22337.html