Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi,
I'm in a similar boat as others on this forum. I have run HiJack This. The last thing I did was run SDFix, but I still get the pop-up warning about Sinowal.Trojan from the windows security center. I have logs for both. My computer is off-line (and has been) since I've been seeing the problem. Earlier, I had seen the other posts regarding potential problems with older Java versions, so I have removed all Java runtime versions, but have not re-installed the latest.
Thanks in advance!
Please download and install the latest version of HijackThis v2.0.2:
Download the "HijackThis" Installer from this link:
Hijack This
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
0 
Thanks for the speedy response. Log is copied below.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:47 AM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cimetrix\Comm Products\bin\cimlicense20.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PowerArchiver\PASTARTER.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Documents and Settings\David Owen\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070907
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [GoBoingo] C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe (User 'Default user')
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://sslvpn.ultratech.com/NELX.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ultratech.webex.com/client/T23LSP33EP10/webex/ieatgpc.cab
O16 - DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} (Nsload Control) - https://sslvpn.ultratech.com/vpns/scripts/nsload.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CIMLicense20 - Unknown owner - C:\Program Files\Cimetrix\Comm Products\bin\cimlicense20.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EMService - Cimetrix Incorporated - C:\Program Files\Cimetrix\Comm Products\bin\EMService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe--
End of file - 14580 bytes
0
Please download ComboFix to the desktop from one of the following links:
Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.In your case to run Combofix do the following:
1. Go offline turn off your Nortons antivirus, and any antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.
0
I ran ComboFix and reconnected to network long enough to install the Recovery Console and then disabled network again. Norton turned on antivirous and spyware protection upon reboot. I am yet to see the Sinowal pop-up after ComboFix completed. Here is the log. Continued thanks.
ComboFix 08-12-06.06 - David Owen 2008-12-07 19:48:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2873 [GMT -8:00]
Running from: c:\documents and settings\David Owen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David Owen\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:\documents and settings\David Owen\Application Data\Google\ggqjh22510678.exe
c:\windows\system32\Cache.
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.2008-12-07 08:58 . 2008-12-07 08:58 <DIR> d-------- C:\rsit
2008-12-07 08:58 . 2008-12-07 08:58 <DIR> d-------- c:\program files\trend micro
2008-12-06 09:40 . 2008-12-06 09:40 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-06 09:33 . 2008-12-06 09:34 <DIR> d-------- c:\windows\ERUNT
2008-12-06 09:27 . 2008-12-07 12:13 <DIR> d-------- C:\SDFix
2008-12-05 10:28 . 2008-12-05 10:28 <DIR> d-------- c:\windows\system32\N360_BACKUP
2008-12-05 10:00 . 2008-12-05 10:25 <DIR> d-------- c:\documents and settings\David Owen\Application Data\Symantec
2008-12-05 09:56 . 2008-12-05 09:56 <DIR> d-------- c:\program files\Windows Sidebar
2008-12-05 09:55 . 2008-12-05 12:01 <DIR> d-------- c:\program files\Norton 360
2008-12-05 09:53 . 2008-12-05 10:22 <DIR> d-------- c:\program files\Symantec
2008-12-05 09:53 . 2008-12-06 17:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-12-05 09:53 . 2008-12-05 10:22 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-05 09:53 . 2008-12-05 10:22 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-05 09:53 . 2008-12-05 10:22 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-05 09:53 . 2008-12-05 10:22 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-12-05 09:50 . 2008-12-07 19:51 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-01 07:38 . 2008-12-01 07:38 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-01 07:37 . 2008-12-01 07:37 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-25 10:42 . 2008-11-25 10:43 <DIR> d-------- c:\documents and settings\David Owen\Application Data\Move Networks
2008-11-24 21:50 . 2008-11-24 21:50 <DIR> d-------- c:\documents and settings\David Owen\Application Data\Oakdale Engineering
2008-11-24 21:49 . 2000-10-11 13:50 1,175,552 --a------ c:\windows\system32\TTF16.ocx
2008-11-24 21:49 . 2004-03-09 00:00 662,288 --a------ c:\windows\system32\mscomct2.ocx
2008-11-24 21:49 . 2004-03-09 00:00 224,016 --a------ c:\windows\system32\TABCTL32.OCX
2008-11-24 21:49 . 2004-03-09 00:00 212,240 --a------ c:\windows\system32\RICHTX32.OCX
2008-11-24 21:48 . 2008-11-24 21:49 7,696,655 --a------ c:\temp\datafit.zip
2008-11-24 20:24 . 2008-11-24 20:24 717,496 --a------ c:\temp\curvefitter.zip
2008-11-21 14:39 . 2008-11-21 14:39 <DIR> d-------- c:\temp\The Unscrambler 9.8
2008-11-21 14:39 . 2008-11-21 14:39 33,217,409 --a------ c:\temp\UnscramblerTrial.zip
2008-11-12 03:24 . 2008-09-04 09:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 03:24 . 2008-10-24 03:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 03:41 --------- d-----w c:\documents and settings\David Owen\Application Data\TeraCopy
2008-12-08 00:06 --------- d-----w c:\documents and settings\David Owen\Application Data\skypePM
2008-12-07 08:30 --------- d-----w c:\documents and settings\David Owen\Application Data\Wave Systems Corp
2008-12-07 01:32 --------- d-----w c:\program files\Java
2008-12-07 01:27 --------- d-----w c:\program files\Sun
2008-12-06 17:24 --------- d-----w c:\documents and settings\David Owen\Application Data\Skype
2008-12-05 17:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 17:42 --------- d-----w c:\program files\Yahoo!
2008-12-05 17:40 --------- d-----w c:\program files\Common Files\Real
2008-12-05 17:36 --------- d-----w c:\program files\Lavasoft
2008-12-05 04:49 --------- d-----w c:\documents and settings\David Owen\Application Data\uTorrent
2008-12-02 22:03 --------- d-----w c:\documents and settings\All Users\Application Data\pdf995
2008-11-27 02:29 --------- d-----w c:\program files\PowerArchiver
2008-11-12 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-31 13:45 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Wave Systems Corp
2008-10-28 19:07 --------- d-----w c:\program files\MATLAB
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 14:45 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-18 15:59 --------- d-----w c:\program files\iTunes
2008-10-18 15:59 --------- d-----w c:\program files\iPod
2008-10-18 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-08 11:26 --------- d-----w c:\documents and settings\David Owen\Application Data\Yahoo!
2008-04-11 14:07 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-08-30 16:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083020080831\index.dat
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-11 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.exe" [2007-11-30 140328]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-24 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2007-01-30 102400]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-09 29744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"GoBoingo"="c:\program files\Boingo\GoBoingo\GoBoingo.lnk" [2008-12-07 2155]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2008-01-16 562608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"nwiz"="nwiz.exe" [2007-05-31 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-05-31 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-18 c:\windows\stsystra.exe]
"WD Button Manager"="WDBtnMgr.exe" [2008-08-01 c:\windows\system32\WDBtnMgr.exe]c:\documents and settings\David Owen\Start Menu\Programs\Startup\
Belkin Network USB Hub Control Center.lnk - c:\program files\Belkin\Network USB Hub Control Center\Connect.exe [2008-07-31 790651]c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-09-07 50688][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Belkin\\Network USB Hub Control Center\\Connect.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTPR0 CorLog;CorLog;c:\windows\system32\Drivers\corlog.sys [2007-11-29 3520]
R0 CorMem;CorMem;c:\windows\system32\Drivers\cormem.sys [2007-11-29 25586]
R0 CorPci;CorPci;c:\windows\system32\Drivers\corpci.sys [2007-11-29 10112]
R1 CorSerial;CorSerial;c:\windows\system32\Drivers\corserial.sys [2007-11-29 45880]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe" -service [2006-12-19 79432]
R2 CIMLicense20;CIMLicense20;"c:\program files\Cimetrix\Comm Products\bin\cimlicense20.exe" [2005-04-21 86016]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2008-07-31 79232]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe /Processid:{BDFEFE06-0F3F-44F4-984D-3BF2A1CA8D75} [2004-08-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-05 99376]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2008-01-16 19376]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
S3 EMService;EMService;c:\program files\Cimetrix\Comm Products\bin\EMService.exe [2005-05-12 319488]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-07 29744]
S3 SecureStorageService;SecureStorageService;"c:\program files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-01-29 487424]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2006-09-07 10112][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8a7f9a5-2747-11dd-9c63-c73ed615c7af}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0e90a65-01b2-11dd-9c40-001a6b8a1eff}]
\Shell\AutoRun\command - "E:\Install FreeAgent Tools.exe" /run*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]2008-08-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 11:01]
.
- - - - ORPHANS REMOVED - - - -HKCU-Run-vidxhp - c:\documents and settings\David Owen\Application Data\Google\ggqjh22510678.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = ;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\biolsp.dllc:\windows\Downloaded Program Files\NELaunchX.dll - O16 -: {6EEFD7B1-B26C-440D-B55A-1EC677189F30}
hxxps://sslvpn.ultratech.com/NELX.cab
c:\windows\Downloaded Program Files\NELaunchX.infc:\windows\Downloaded Program Files\nsload.ocx - O16 -: {FD7C00A9-E676-11D6-A08E-00E09878F0CF}
hxxps://sslvpn.ultratech.com/vpns/scripts/nsload.ocx
.**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 19:52:11
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'lsass.exe'(1400)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
r Running Proce
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Boingo\GoBoingo\GoBoingo.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-07 19:59:33 - machine was rebooted [David Owen]
ComboFix-quarantined-files.txt 2008-12-08 03:59:26Pre-Run: 26,551,984,128 bytes free
Post-Run: 39,119,241,216 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect271 --- E O F --- 2008-11-12 15:59:13
0
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Run an online scan with Kaspersky from the following link:
Kaspersky Online ScannerNote: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
0
Quick update:
1) Ran ATF cleaner and got a message that no files were deleted.
2) Re-installed the latest Java to get Kapersky to run.
3) Kapersky is currently running.
4) Windows Security Center pop-up warning regarding Sinowal.Trojan has yet to re-appear after running ComboFix.
0
Kaspersky completed scan - log is below. Still no Sinowal.Trojan pop-up. Continued thanks!
----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 02:49:44
Records in database: 1443282
----------------------Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yesScan area - My Computer:
C:\
D:\
E:\Scan statistics:
Files scanned: 126619
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:25:14
File name / Threat name / Threats count
C:\Documents and Settings\David Owen\My Documents\Demos and Data\TI fingerprinting lot\JD_NMP_LK_MV_topo_range_correlation_matrix.mat Infected: Virus.DOS.WildThing.567 1The selected area was scanned.
0
Kaspersky completed scan - log is below. Still no Sinowal.Trojan pop-up. Continued thanks!
----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 02:49:44
Records in database: 1443282
----------------------Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yesScan area - My Computer:
C:\
D:\
E:\Scan statistics:
Files scanned: 126619
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:25:14
File name / Threat name / Threats count
C:\Documents and Settings\David Owen\My Documents\Demos and Data\TI fingerprinting lot\JD_NMP_LK_MV_topo_range_correlation_matrix.mat Infected: Virus.DOS.WildThing.567 1The selected area was scanned.
0
You computer appears to be clean with the exception of he file found by kaspersky that is probably may be a false positive. If it something that can be deleted without damaging a program go ahead and delete it otherwise just leave it alone for now.
Go to start> run> combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.Go to start> control panel> add/remove programs and uninstall these programs:
Hijack This
Malwarebytes
Kaspersky
You should keep AFT Cleaner and run it weekly.
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link SpywareblasterJust download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
How is the computer operating?
0
The computer has been operating just fine for the last 24 hrs (post combofix). The file that Kaspersky flagged is easily reinstated from a backup, so I've deleted it. All the other 'clean-up' steps have been completed. Many thanks for the help - computing.net has been an invaluable resource.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
