I got a virus on my hotmail a/c

Microsoft Windows xp professional w/serv...
April 6, 2010 at 12:42:19
Specs: Windows XP
I got a virus on my hotmail a/c when i unknownly opened a message. I was looking at previous messages about what to do to fix the problem in this forum so I've just run a scan with malwarebytes software which found 5 infected files. The following is the text log of what malwarebytes found. Has this cleared the virus or do I have to do more?

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3960

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

06/04/2010 19:55:04
mbam-log-2010-04-06 (19-55-04).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 142292
Time elapsed: 2 hour(s), 25 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bfd16bfb-e9c0-4444-b24e-938c42ab8d6c} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfd16bfb-e9c0-4444-b24e-938c42ab8d6c} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfd16bfb-e9c0-4444-b24e-938c42ab8d6c} (Trojan.Banker) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\javaw.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\asynceql.inf (Malware.Trace) -> Quarantined and deleted successfully.


See More: I got a virus on my hotmail a/c

Report •


#1
April 6, 2010 at 21:45:45
We will need to run a scan or two before we can tell if the virus is gone.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.You may need to post in segments to get all the info to us as the logs may be to large to fit in one post.


Report •

#2
April 7, 2010 at 02:52:59
thanks I'll give this a go and then get back to you.

Report •

#3
April 7, 2010 at 03:19:17
Hi, I've run the DDS.scr and here are the results for the DDS.txt and I'll send the next log as another reply, cheers

DDS (Ver_10-03-17.01) - NTFSx86
Run by Una at 11:09:22.45 on 07/04/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.124 [GMT 1:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\Una\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Una\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ie/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.5.0.127\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [VTTrayp] VTtrayp.exe
mRun: [VTTimer] VTTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Serviço de Rede] c:\windows\system\Curriculum_Vitae.cpl
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\una\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\una\application data\dropbox\bin\Dropbox.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-4-6 30280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1106000.020\symds.sys [2010-4-7 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1106000.020\symefa.sys [2010-4-7 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1106000.020\cchpx86.sys [2010-4-7 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1106000.020\ironx86.sys [2010-4-7 116784]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-4-6 6326848]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.6.0.32\ccsvchst.exe [2010-4-7 126392]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-4-6 53088]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [2010-3-3 5632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-6 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20100402.001\IDSXpx86.sys [2010-4-6 329592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100406.038\NAVENG.SYS [2010-4-7 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100406.038\NAVEX15.SYS [2010-4-7 1324720]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-4-6 24368]

=============== Created Last 30 ================

2010-04-06 16:15:29 0 d-----w- c:\docume~1\una\applic~1\Malwarebytes
2010-04-06 16:15:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 16:15:00 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 16:15:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-06 16:14:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 14:21:01 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-06 14:21:01 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-06 14:21:01 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-06 14:21:01 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-06 14:21:01 0 d-----w- c:\program files\Symantec
2010-04-06 14:21:01 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-06 14:18:16 0 d-----w- c:\windows\system32\drivers\NAV
2010-04-06 14:18:07 0 d-----w- c:\program files\Norton AntiVirus
2010-04-06 14:17:41 0 d-----w- c:\program files\NortonInstaller
2010-04-06 13:22:18 53160 ----a-w- c:\windows\system32\PxSecure.dll
2010-04-06 13:22:12 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-06 13:22:12 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-06 13:22:08 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-06 13:22:06 0 d-----w- c:\program files\Prevx
2010-04-06 13:21:31 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-04-06 13:21:30 46 ----a-w- c:\windows\wininit.ini
2010-04-05 20:51:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll.install_backup
2010-04-05 18:09:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-05 18:03:04 0 d-----w- c:\docume~1\una\applic~1\Uniblue
2010-04-03 13:44:34 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-03 13:44:34 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-03 13:44:34 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-03-30 21:50:15 104 ----a-w- c:\windows\system32\drwtsn32.dll
2010-03-30 21:50:14 0 d-----w- c:\windows\system32\_tmp
2010-03-30 20:13:44 5 ----a-w- c:\windows\system\mkp.dll
2010-03-30 20:09:53 57856 ----a-r- c:\windows\system\Curriculum_Vitae.cpl
2010-03-30 16:02:52 186 ----a-w- c:\documents and settings\una\webct_upload_applet.properties
2010-03-11 14:56:41 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 22:34:11 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-10 22:12:25 0 d-----w- c:\windows\system32\scripting
2010-03-10 22:12:24 0 d-----w- c:\windows\l2schemas
2010-03-10 22:12:22 0 d-----w- c:\windows\system32\en
2010-03-10 22:12:22 0 d-----w- c:\windows\system32\bits
2010-03-10 21:53:32 0 d-----w- c:\windows\EHome
2010-03-10 17:34:47 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-03-10 17:34:47 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-03-10 17:34:31 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

==================== Find3M ====================

2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-05 00:00:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-03 12:48:19 191360 ----a-w- c:\windows\system32\drivers\RT2500.sys
2010-03-03 12:38:42 7040 ----a-w- c:\windows\system32\ntsim.sys
2010-03-03 12:38:36 42496 ----a-w- c:\windows\system32\drivers\fetnd5b.sys
2010-03-02 21:07:55 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe

============= FINISH: 11:10:06.05 ===============


Report •

Related Solutions

#4
April 7, 2010 at 03:20:42
here is the Attach.txt log, cheers

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 02/03/2010 21:14:11
System Uptime: 04/07/2010 10:45:34 (-2111 hours ago)

Motherboard: FUJITSU SIEMENS | | AMILO L7300
Processor: Intel(R) Celeron(R) M processor 1.50GHz | Socket 478 | 1496/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 45.887 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0000
Manufacturer: AVG Technologies
Name: Ralink RT2500 Wireless LAN Card - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0000
Service: Avgfwdx

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0001
Manufacturer: AVG Technologies
Name: WAN Miniport (IP) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0001
Service: Avgfwdx

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0002
Manufacturer: AVG Technologies
Name: VIA Rhine II Fast Ethernet Adapter - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0002
Service: Avgfwdx

==== System Restore Points ===================

RP1: 02/03/2010 21:17:32 - System Checkpoint
RP2: 03/03/2010 13:13:01 - Installed Adobe Reader 9.3.
RP3: 03/03/2010 13:34:37 - Software Distribution Service 3.0
RP4: 03/03/2010 13:38:27 - Installed Windows Internet Explorer 8.
RP5: 03/03/2010 13:39:44 - Software Distribution Service 3.0
RP6: 03/03/2010 14:00:30 - Installed Microsoft Office Professional Edition 2003
RP7: 03/03/2010 18:34:11 - Software Distribution Service 3.0
RP8: 03/03/2010 18:51:11 - Installed Vodafone Mobile Connect Lite Huawei.
RP9: 03/03/2010 20:04:34 - Software Distribution Service 3.0
RP10: 03/03/2010 22:35:04 - Removed Vodafone Mobile Connect Lite Huawei.
RP11: 04/03/2010 11:33:03 - Installed Vodafone Mobile Connect Lite Huawei.
RP12: 04/03/2010 17:12:08 - Software Distribution Service 3.0
RP13: 04/03/2010 19:28:20 - Software Distribution Service 3.0
RP14: 04/03/2010 23:30:38 - Software Distribution Service 3.0
RP15: 04/03/2010 23:33:43 - Installed Windows XP KB915865.
RP16: 04/03/2010 23:35:25 - Installed Windows NLSDownlevelMapping.
RP17: 04/03/2010 23:36:58 - Installed Windows IDNMitigationAPIs.
RP18: 04/03/2010 23:41:49 - Installed Windows Internet Explorer 7.
RP19: 05/03/2010 00:00:34 - Installed Java(TM) 6 Update 18
RP20: 05/03/2010 00:33:24 - Software Distribution Service 3.0
RP21: 05/03/2010 15:33:51 - Software Distribution Service 3.0
RP22: 06/03/2010 11:41:51 - Software Distribution Service 3.0
RP23: 06/03/2010 12:35:25 - Software Distribution Service 3.0
RP24: 06/03/2010 12:38:08 - Software Distribution Service 3.0
RP25: 06/03/2010 12:41:28 - Software Distribution Service 3.0
RP26: 06/03/2010 17:53:17 - Software Distribution Service 3.0
RP27: 07/03/2010 23:02:31 - Software Distribution Service 3.0
RP28: 08/03/2010 12:45:58 - Software Distribution Service 3.0
RP29: 09/03/2010 23:05:40 - Software Distribution Service 3.0
RP30: 10/03/2010 21:44:23 - Software Distribution Service 3.0
RP31: 11/03/2010 15:26:16 - Software Distribution Service 3.0
RP32: 13/03/2010 10:50:17 - Software Distribution Service 3.0
RP33: 31/03/2010 22:58:57 - Software Distribution Service 3.0
RP34: 03/04/2010 16:48:08 - System Checkpoint
RP35: 04/04/2010 03:00:21 - Software Distribution Service 3.0
RP36: 04/04/2010 04:50:00 - Software Distribution Service 3.0
RP37: 05/04/2010 19:09:30 - avast! Free Antivirus Setup
RP38: 05/04/2010 20:37:32 - avast! Free Antivirus Setup
RP39: 05/04/2010 21:03:09 - Installed AVG 9.0
RP40: 05/04/2010 21:05:36 - Software Distribution Service 3.0
RP41: 05/04/2010 21:32:22 - Installed AVG 9.0
RP42: 05/04/2010 21:48:17 - Avg8 Update
RP43: 05/04/2010 21:51:33 - Avg Update
RP44: 05/04/2010 23:32:38 - Removed AVG 9.0
RP45: 05/04/2010 23:51:54 - Removed AVG 9.0
RP46: 05/04/2010 23:54:19 - Installed AVG 9.0
RP47: 06/04/2010 14:53:11 - Software Distribution Service 3.0

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.1
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Dropbox
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Java Auto Updater
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 6 Service Pack 2 (KB973686)
Norton AntiVirus
Prevx
Realtek AC'97 Audio
S3 S3Chromo
S3 S3Config3D
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3TrayPlus
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
UniChrome Pro IGP Display Driver and Utilities
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.5
Vodafone Mobile Connect Lite Huawei
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 7
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

31/03/2010 22:15:32, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
06/04/2010 19:58:06, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
06/04/2010 19:57:50, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: uagp35
05/04/2010 23:49:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG9IDSAgent service to connect.
05/04/2010 23:49:09, error: Service Control Manager [7000] - The AVG9IDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/04/2010 23:49:09, error: Service Control Manager [7000] - The AVG Firewall service failed to start due to the following error: The system cannot find the file specified.
05/04/2010 21:03:05, error: PSched [14107] - QoS [Adapter NDISWANIP]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
04/04/2010 15:58:43, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/04/2010 15:14:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
04/04/2010 15:14:23, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:14:23, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:14:23, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:14:23, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
04/04/2010 15:13:36, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
04/04/2010 14:42:29, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

==== End Of File ===========================


Report •

#5
April 7, 2010 at 03:49:22
There are remnant on two other antivirus programs other than Norton's, AVG and Avast. You should run the AVG unintall tool (just google for it) and delete this folder:

c:\documents and settings\allusers\applications\Alwil Software

You can run this online scaner for a double check:

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.

Delete the DDS icon from your desktop.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#6
April 7, 2010 at 08:37:48
Hi there, I've done everything that you suggested, cheers, thanks

here are the results from the bitdefender online scanner:
BitDefender Online Scanner

Scan report generated at: Wed, Apr 07, 2010 - 15:32:18





Scan path: C:\;D:\;E:\;F:\;







Statistics

Time
01:24:20

Files
114140

Folders
3697

Boot Sectors
0

Archives
1422

Packed Files
5238




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
5595434

Engine build
AVCORE v2.1 Windows/i386 11.0.0.33 (Feb 25 2010)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{4AC3B74E-B8E2-423C-880F-EF7BEEC4EAB0}\RP43\A0010364.cpl
Infected with: Trojan.Generic.3592393

C:\System Volume Information\_restore{4AC3B74E-B8E2-423C-880F-EF7BEEC4EAB0}\RP43\A0010364.cpl
Deleted


Report •

#7
April 7, 2010 at 19:21:24
Looks clean. Is the computer operating properly?

Report •

#8
April 9, 2010 at 02:57:37
hi there, sorry I didn't get back to you, I downloaded the spywareblaster and I'm thinking that the computer didn't have the memory to run it cos the laptop went REALLY slow. So I uninstalled it but the computer is still running slow, any suggestions?,

Report •

#9
April 9, 2010 at 12:08:44
Norton's antivirus uses up a lot of resources and may be slowing your system down.

Looks like you had AVG installed on your computer, run the following AVG removal tool if you have not already done so to make sure it was all removed from your system. Its the first download on the Tool list.


AVG Removal Tool

Then run Combofix as follows:


Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your Nortons antivirus, Windows Defender, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#10
April 13, 2010 at 11:34:34
Sorry it took me so long to reply, the computer has been giving trouble, I've eventually been able to run the combofix and here are the results, thanks, sorry again, anne

ComboFix 10-04-13.02 - Una 13/04/2010 19:01:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.446.153 [GMT 1:00]
Running from: c:\documents and settings\Una\Desktop\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\inf\asynceql.inf
c:\windows\Media\lsass.cpl
c:\windows\system\mkp.dll
c:\windows\system32\drwtsn32.dll
c:\windows\system32\javaw.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-13 to 2010-04-13 )))))))))))))))))))))))))))))))
.

2010-04-13 17:55 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\Scxpx86.dll
2010-04-13 17:55 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\IDSvix86.sys
2010-04-13 17:55 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\IDSxpx86.dll
2010-04-13 17:55 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\IDSXpx86.sys
2010-04-13 17:55 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\IDSviA64.sys
2010-04-13 17:48 . 2010-04-13 17:48 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100413.005\navex15.sys
2010-04-13 17:48 . 2010-04-13 17:48 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100413.005\naveng.sys
2010-04-13 17:48 . 2010-04-13 17:48 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100413.005\eeCtrl.sys
2010-04-13 17:48 . 2010-04-13 17:48 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100413.005\eraser.sys
2010-04-13 17:48 . 2010-04-13 17:48 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100413.005\navex32a.dll
2010-04-13 17:48 . 2010-04-13 17:48 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100413.005\ecmsvr32.dll
2010-04-13 17:48 . 2010-04-13 17:48 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100413.005\naveng32.dll
2010-04-13 17:48 . 2010-04-13 17:48 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100413.005\cceraser.dll
2010-04-07 15:27 . 2010-04-08 13:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-07 12:56 . 2010-04-07 14:34 -------- d-----w- c:\windows\BDOSCAN8
2010-04-06 16:15 . 2010-04-06 16:15 -------- d-----w- c:\documents and settings\Una\Application Data\Malwarebytes
2010-04-06 16:15 . 2010-04-06 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-06 16:14 . 2010-04-12 13:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 14:28 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys
2010-04-06 14:28 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys
2010-04-06 14:28 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\Scxpx86.dll
2010-04-06 14:28 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSxpx86.dll
2010-04-06 14:28 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSviA64.sys
2010-04-06 14:21 . 2009-08-30 00:16 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
2010-04-06 14:21 . 2010-04-06 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-06 14:21 . 2010-04-06 14:21 -------- d-----w- c:\program files\Symantec
2010-04-06 14:21 . 2010-04-06 14:21 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-06 14:21 . 2010-04-06 14:21 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-06 14:18 . 2009-08-26 22:13 900464 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\OCS\hsplayer.dll
2010-04-06 14:18 . 2009-09-01 09:02 893296 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\CLT\cltLMSx.dll
2010-04-06 14:18 . 2010-04-07 12:21 -------- d-----w- c:\windows\system32\drivers\NAV
2010-04-06 14:18 . 2010-04-06 14:18 -------- d-----w- c:\program files\Norton AntiVirus
2010-04-06 14:17 . 2010-04-06 14:17 -------- d-----w- c:\program files\NortonInstaller
2010-04-06 13:22 . 2010-04-06 13:22 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-06 13:22 . 2010-04-06 13:22 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-06 13:22 . 2010-04-06 13:22 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-05 23:07 . 2010-04-05 23:07 -------- d-----w- c:\program files\Windows Sidebar
2010-04-05 18:09 . 2010-04-05 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-05 18:03 . 2010-04-05 18:03 -------- d-----w- c:\documents and settings\Una\Application Data\Uniblue
2010-04-03 13:44 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-03 13:44 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-02 21:26 . 2010-04-02 21:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-30 21:50 . 2010-03-30 21:50 -------- d-----w- c:\windows\system32\_tmp
2010-03-24 19:40 . 2010-03-24 19:40 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 19:40 . 2010-03-24 19:40 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-24 19:40 . 2010-03-24 19:40 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 19:40 . 2010-03-24 19:40 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 19:40 . 2010-03-24 19:40 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHEngine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 17:40 . 2010-03-05 15:10 -------- d-----w- c:\documents and settings\Una\Application Data\Dropbox
2010-04-12 15:35 . 2010-03-03 12:56 -------- d-----w- c:\program files\VideoLAN
2010-04-06 14:21 . 2010-04-06 14:21 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-06 14:21 . 2010-04-06 14:21 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-06 14:18 . 2010-03-03 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-06 14:17 . 2010-03-03 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-05 20:15 . 2010-03-03 18:52 40144 ----a-w- c:\documents and settings\Una\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-04 15:45 . 2010-03-05 00:00 -------- d-----w- c:\program files\Java
2010-03-14 17:58 . 2010-03-14 17:58 89831 ----a-w- c:\documents and settings\Una\Application Data\Dropbox\bin\Uninstall.exe
2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2010-03-03 13:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 22:16 . 2010-03-02 21:10 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-06 12:46 . 2010-03-06 12:46 -------- d-----w- c:\documents and settings\Una\Application Data\Tific
2010-03-06 11:57 . 2010-03-06 11:57 -------- d-----w- c:\program files\MSBuild
2010-03-06 11:56 . 2010-03-06 11:56 -------- d-----w- c:\program files\Reference Assemblies
2010-03-06 11:47 . 2010-03-06 11:47 -------- d-----w- c:\program files\MSXML 6.0
2010-03-05 00:02 . 2010-03-05 00:02 -------- d-----w- c:\program files\Common Files\Java
2010-03-05 00:02 . 2010-03-05 00:02 503808 ----a-w- c:\documents and settings\Una\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6c72a5-n\msvcp71.dll
2010-03-05 00:02 . 2010-03-05 00:02 499712 ----a-w- c:\documents and settings\Una\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6c72a5-n\jmc.dll
2010-03-05 00:02 . 2010-03-05 00:02 348160 ----a-w- c:\documents and settings\Una\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6c72a5-n\msvcr71.dll
2010-03-05 00:02 . 2010-03-05 00:02 61440 ----a-w- c:\documents and settings\Una\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-44137bba-n\decora-sse.dll
2010-03-05 00:02 . 2010-03-05 00:02 12800 ----a-w- c:\documents and settings\Una\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-44137bba-n\decora-d3d.dll
2010-03-05 00:00 . 2010-03-05 00:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 11:33 . 2010-03-04 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2010-03-04 11:33 . 2010-03-04 11:33 -------- d-----w- c:\program files\Vodafone
2010-03-03 18:52 . 2010-03-03 18:52 -------- d-----w- c:\documents and settings\Una\Application Data\Vodafone
2010-03-03 18:52 . 2010-03-03 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-03-03 18:51 . 2010-03-03 18:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
2010-03-03 18:51 . 2010-03-03 12:41 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-03 14:02 . 2010-03-03 14:02 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-03-03 13:54 . 2010-03-03 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-03 13:14 . 2010-03-03 13:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-03 13:09 . 2010-03-03 13:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-03 13:08 . 2010-04-04 14:13 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-03 13:08 . 2010-03-03 13:09 38784 ----a-w- c:\documents and settings\Una\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-03 13:08 . 2010-03-03 13:09 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-03 13:05 . 2010-03-03 13:05 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-03 12:58 . 2010-03-03 12:58 -------- d-----w- c:\documents and settings\Una\Application Data\vlc
2010-03-03 12:49 . 2010-03-03 12:49 -------- d-----w- c:\program files\ltmoh
2010-03-03 12:48 . 2004-06-10 00:00 191360 ----a-w- c:\windows\system32\drivers\RT2500.sys
2010-03-03 12:46 . 2010-03-03 12:46 -------- d-----w- c:\program files\Apoint2K
2010-03-03 12:46 . 2010-03-03 12:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-03 12:41 . 2010-03-03 12:41 -------- d-----w- c:\program files\Realtek Sound Manager
2010-03-03 12:41 . 2010-03-03 12:41 -------- d-----w- c:\program files\AvRack
2010-03-03 12:38 . 2010-03-03 12:39 7040 ----a-w- c:\windows\system32\ntsim.sys
2010-03-03 12:38 . 2003-12-23 00:00 42496 ----a-w- c:\windows\system32\drivers\fetnd5b.sys
2010-03-03 12:36 . 2010-03-03 12:36 -------- d-----w- c:\program files\ENEKB
2010-03-03 12:20 . 2010-03-03 12:20 -------- d-----w- c:\program files\S3
2010-03-02 21:11 . 2010-03-02 21:11 -------- d-----w- c:\program files\microsoft frontpage
2010-03-02 21:07 . 2010-03-02 21:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Una\Application Data\Dropbox\bin\Dropbox.exe
2010-02-12 10:03 . 2010-03-07 21:14 293376 ------w- c:\windows\system32\browserchoice.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Una\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Una\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Una\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"VTTrayp"="VTtrayp.exe" [2004-11-12 143360]
"VTTimer"="VTTimer.exe" [2004-11-12 53248]
"SoundMan"="SOUNDMAN.EXE" [2004-08-02 68096]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-01-07 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 88363]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-06-07 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Serviço de Rede"="c:\windows\system\Curriculum_Vitae.cpl" [2010-03-30 57856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Una\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Una\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Una\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1106000.020\symds.sys [07/04/2010 10:59 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1106000.020\symefa.sys [07/04/2010 10:59 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [24/03/2010 20:40 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1106000.020\cchpx86.sys [07/04/2010 10:59 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1106000.020\ironx86.sys [07/04/2010 10:59 116784]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccsvchst.exe [07/04/2010 10:59 126392]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [13/03/2008 20:08 24576]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [03/03/2010 13:36 5632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06/04/2010 15:49 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100409.001\IDSXpx86.sys [13/04/2010 18:55 329592]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B121153B-FCC3-414F-9CA7-E42AA9C0CDE1} = 89.19.64.36 89.19.64.164
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 19:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
Completion time: 2010-04-13 19:14:23
ComboFix-quarantined-files.txt 2010-04-13 18:14

Pre-Run: 52,526,256,128 bytes free
Post-Run: 52,730,720,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 300879B5A3CE16337FD70A7BC70F1BD1


Report •


Ask Question