Infected with a trojan

Siemens / Pentium m
January 14, 2009 at 17:44:15
Specs: Windows XP/sp3, 1.8ghz/1032
My computer is infected with a very mean trojan. I tried everything i could possibly do from reading different posts, and nothing worked. MBAM detected at first, cleaned it, then it stopped showing any signs, but the problem is still there. Windows update page goes to google, any downloads from microsoft, are not working (page not found error). My Norton internet security stopped working also, and it scans some 3000 files than stops.
I have all the tools (and i tried them also), including mbam, combofix, hijackthis, OTscanit, SDFix, Superantispyware, and spyware search and destroy.
Any help is greatly appreaciated.
Tony

See More: Infected with a trojan

Report •


#1
January 14, 2009 at 18:45:02
Please post a new Hijack This log and a Combofix log.

Report •

#2
January 15, 2009 at 04:41:56

Report •

#3
January 15, 2009 at 05:21:50
Thanks for your replies;
The online scanner didnt work, it said it failed to update.
Here are the logs
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:07 PM, on 1/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/as...
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkmagic.com/nmscan...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fsc...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/as...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9404 bytes

Combofix

ComboFix 09-01-13.04 - Administrator 2009-01-15 12:42:40.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.631 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-15 03:26 . 2009-01-15 03:26 <DIR> d----c--- C:\_OTScanIt
2009-01-15 03:05 . 2009-01-15 03:05 <DIR> d----c--- c:\program files\EsetOnlineScanner
2009-01-15 02:45 . 2009-01-15 02:45 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-15 02:44 . 2009-01-15 02:44 <DIR> d----c--- c:\windows\ERUNT
2009-01-15 02:30 . 2009-01-15 04:12 <DIR> d----c--- C:\SDFix
2009-01-15 00:20 . 2009-01-15 00:20 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-15 00:19 . 2009-01-15 00:19 <DIR> d----c--- c:\program files\SUPERAntiSpyware
2009-01-15 00:19 . 2009-01-15 00:19 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-14 22:31 . 2009-01-14 22:31 <DIR> dr---c--- c:\program files\Norton Support
2009-01-14 22:27 . 2009-01-14 22:25 35,888 -ra--c--- c:\windows\system32\drivers\SymIM.sys
2009-01-14 22:26 . 2009-01-14 22:26 <DIR> d----c--- c:\program files\Symantec
2009-01-14 22:26 . 2009-01-14 22:26 124,464 --a--c--- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-14 22:26 . 2009-01-14 22:26 60,808 --a--c--- c:\windows\system32\S32EVNT1.DLL
2009-01-14 22:26 . 2009-01-14 22:26 10,635 --a--c--- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-14 22:26 . 2009-01-14 22:26 806 --a--c--- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-14 22:24 . 2009-01-14 22:24 <DIR> d----c--- c:\windows\system32\drivers\NIS
2009-01-14 22:24 . 2009-01-14 22:24 <DIR> d----c--- c:\program files\Windows Sidebar
2009-01-14 22:24 . 2009-01-14 22:24 <DIR> d----c--- c:\program files\Norton Internet Security
2009-01-14 21:38 . 2009-01-14 21:38 244 --ah-c--- C:\sqmnoopt03.sqm
2009-01-14 21:38 . 2009-01-14 21:38 232 --ah-c--- C:\sqmdata03.sqm
2009-01-14 16:31 . 2009-01-14 16:31 244 --ah-c--- C:\sqmnoopt02.sqm
2009-01-14 16:31 . 2009-01-14 16:31 232 --ah-c--- C:\sqmdata02.sqm
2009-01-14 14:56 . 2009-01-14 14:56 <DIR> d----c--- c:\windows\LMICE.tmp
2009-01-14 14:54 . 2009-01-14 14:54 <DIR> d----c--- c:\windows\LMICC.tmp
2009-01-14 14:45 . 2009-01-14 14:45 <DIR> d----c--- c:\windows\LMIBE.tmp
2009-01-14 14:41 . 2009-01-14 14:41 <DIR> d----c--- c:\windows\LMIB5.tmp
2009-01-14 14:35 . 2009-01-14 14:35 <DIR> d----c--- c:\windows\LMIAE.tmp
2009-01-14 12:15 . 2009-01-14 12:15 <DIR> d----c--- c:\program files\Anti Trojan Elite
2009-01-14 11:33 . 2009-01-15 03:08 <DIR> d----c--- c:\program files\Spybot - Search & Destroy
2009-01-14 11:33 . 2009-01-15 03:08 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 11:25 . 2009-01-14 11:25 <DIR> d----c--- C:\fsaua.data
2009-01-14 03:20 . 2009-01-14 03:20 244 --ah-c--- C:\sqmnoopt01.sqm
2009-01-14 03:20 . 2009-01-14 03:20 232 --ah-c--- C:\sqmdata01.sqm
2009-01-14 03:05 . 2009-01-14 03:05 244 --ah-c--- C:\sqmnoopt00.sqm
2009-01-14 03:05 . 2009-01-14 03:05 232 --ah-c--- C:\sqmdata00.sqm
2009-01-13 17:04 . 2009-01-13 17:04 664 --a--c--- c:\windows\system32\d3d9caps.dat
2009-01-13 04:18 . 2009-01-13 04:18 <DIR> d----c--- C:\Downloads
2009-01-11 03:09 . 2009-01-11 03:09 <DIR> d----c--- c:\program files\Desktop Icon Toy
2009-01-10 20:40 . 2009-01-10 20:40 3,932,214 --a--c--- c:\windows\InvaderDark1280.bmp
2009-01-10 20:30 . 2009-01-10 20:30 5,760,054 --a--c--- c:\windows\ALX_1600x1200.bmp
2009-01-10 20:29 . 2005-02-01 14:20 5,760,056 --a--c--- c:\windows\Darkstar.bmp
2009-01-10 17:01 . 2009-01-10 17:01 2,237,440 --a--c--- c:\windows\system32\RCX123.tmp
2009-01-10 15:06 . 2009-01-10 15:06 <DIR> d----c--- c:\documents and settings\Guest\Application Data\Windows Search
2009-01-10 15:01 . 2009-01-06 16:22 <DIR> d----c--- c:\documents and settings\Guest\Application Data\Intel
2009-01-10 15:01 . 2009-01-10 15:06 <DIR> d----c--- c:\documents and settings\Guest
2009-01-10 03:29 . 2009-01-10 03:29 2,359,350 --a--c--- c:\windows\AW_XenoMorph1024.bmp
2009-01-10 03:21 . 2009-01-10 20:40 <DIR> d----c--- c:\program files\AlienGUIse
2009-01-10 03:21 . 2003-02-26 22:27 36,864 --a--c--- c:\windows\system32\wbsys.dll
2009-01-10 03:21 . 2009-01-10 03:21 56 --a--c--- c:\windows\wb.ini
2009-01-10 02:23 . 2009-01-10 02:23 5,242,934 --a--c--- c:\windows\RED EYE no clock.scr.bmp
2009-01-10 02:22 . 2009-01-11 17:40 186 --a--c--- c:\windows\RED EYE no clock.ini
2009-01-10 02:21 . 2009-01-10 02:21 1,519 --a--c--- c:\windows\unins000.dat
2009-01-09 21:33 . 2009-01-09 21:33 <DIR> d----c--- c:\program files\Trend Micro
2009-01-09 20:55 . 2009-01-14 09:35 <DIR> d----c--- c:\program files\Hide Your IP Address
2009-01-09 20:11 . 2009-01-09 20:11 <DIR> d----c--- c:\documents and settings\Administrator\dsc
2009-01-09 20:07 . 2009-01-09 20:11 <DIR> d----c--- c:\documents and settings\Administrator\vw
2009-01-09 20:06 . 2009-01-09 20:12 <DIR> d----c--- c:\program files\eMailTrackerPro 2008
2009-01-09 20:06 . 2009-01-09 20:06 <DIR> d----c--- c:\documents and settings\Administrator\eMailTrackerPro
2009-01-09 19:07 . 2009-01-09 19:07 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Spacejock Software
2009-01-09 19:03 . 2009-01-09 19:09 <DIR> d----c--- c:\program files\yMail2
2009-01-09 18:12 . 2009-01-09 18:12 <DIR> d----c--- c:\program files\CCleaner
2009-01-09 03:25 . 2009-01-09 03:37 <DIR> d----c--- c:\documents and settings\All Users\Application Data\WildTangent
2009-01-09 03:24 . 2009-01-09 03:25 <DIR> d----c--- c:\program files\Dell Games
2009-01-08 20:44 . 2009-01-08 20:44 <DIR> d----c--- c:\program files\Microsoft Works
2009-01-08 20:43 . 2009-01-08 20:43 <DIR> d----c--- c:\program files\MSBuild
2009-01-08 20:37 . 2009-01-08 20:37 <DIR> d----c--- c:\program files\Microsoft.NET
2009-01-08 20:33 . 2009-01-08 20:33 <DIR> d----c--- c:\program files\Microsoft Visual Studio 8
2009-01-08 20:31 . 2009-01-08 20:40 <DIR> d----c--- c:\windows\SHELLNEW
2009-01-08 20:29 . 2009-01-08 22:47 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-08 17:09 . 2009-01-08 17:09 <DIR> d--hsc--- c:\windows\ftpcache
2009-01-08 17:09 . 2009-01-08 17:09 <DIR> d----c--- c:\program files\Audit Support Center
2009-01-08 13:54 . 2003-10-01 23:17 155,648 --a--c--- c:\windows\system32\igfxres.dll
2009-01-07 23:59 . 1998-10-29 16:45 306,688 --a--c--- c:\windows\IsUninst.exe
2009-01-07 23:14 . 2009-01-07 23:14 <DIR> d----c--- c:\windows\Drivers
2009-01-07 23:14 . 2003-10-07 20:11 65,536 --a--c--- c:\windows\system32\iAlmCoIn_v3691.dll
2009-01-07 23:06 . 2009-01-07 23:06 <DIR> d----c--- c:\program files\Synaptics
2009-01-07 23:06 . 2003-10-21 20:57 177,632 --a--c--- c:\windows\system32\drivers\SynTP.sys
2009-01-07 23:06 . 2003-10-21 20:58 106,496 --a--c--- c:\windows\system32\SynCtrl.dll
2009-01-07 23:06 . 2003-10-21 20:58 90,112 --a--c--- c:\windows\system32\SynTPAPI.dll
2009-01-07 23:06 . 2003-10-21 21:02 77,824 --a--c--- c:\windows\system32\SynTPCoI.dll
2009-01-07 23:06 . 2003-10-21 20:58 77,824 --a--c--- c:\windows\system32\SynCOM.dll
2009-01-07 23:06 . 2003-10-21 21:01 65,536 --a--c--- c:\windows\system32\SynTPFcs.dll
2009-01-07 22:42 . 2009-01-08 19:18 <DIR> d----c--- c:\program files\Fujitsu
2009-01-07 22:42 . 2009-01-07 22:42 <DIR> d----c--- c:\program files\Common Files\InstallShield
2009-01-07 22:42 . 2009-01-07 23:59 <DIR> d----c--- C:\Drivers
2009-01-07 22:42 . 2003-08-21 09:32 307,712 --a--c--- c:\windows\system32\QuickTouch.cpl
2009-01-07 01:44 . 2009-01-07 01:45 45 --a--c--- c:\windows\system32\initdebug.nfo
2009-01-06 22:24 . 2002-11-14 22:32 55,808 --a--c--- C:\connect.exe
2009-01-06 22:24 . 2009-01-06 22:25 84 --a--c--- C:\devcon_nic_enable.bat
2009-01-06 22:24 . 2005-11-22 14:19 43 --a--c--- C:\devconhwids.bat
2009-01-06 22:23 . 2005-11-18 14:05 50 --a--c--- C:\pingrouter.bat
2009-01-06 22:22 . 2009-01-06 22:22 1,409 --a--c--- c:\windows\system32\tmpBE69B.FOT
2009-01-06 22:22 . 2009-01-06 22:22 1,409 --a--c--- c:\windows\system32\tmp73D9B.FOT
2009-01-06 22:22 . 2009-01-06 22:22 1,409 --a--c--- c:\windows\system32\tmp702AB.FOT
2009-01-06 22:22 . 2009-01-06 22:22 1,409 --a--c--- c:\windows\system32\tmp4909B.FOT
2009-01-06 21:43 . 2009-01-08 19:12 <DIR> d----c--- c:\program files\Dan Elwell's Broadband Speed Test
2009-01-06 19:30 . 2009-01-06 19:30 <DIR> d----c--- c:\program files\Google
2009-01-06 18:10 . 2009-01-06 19:03 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\mIRC
2009-01-06 16:28 . 2009-01-09 03:49 4,136 --a--c--- C:\WirelessDiagLog.csv
2009-01-06 16:23 . 2009-01-06 16:23 <DIR> d----c--- c:\windows\system32\config\systemprofile\Application Data\Intel
2009-01-06 16:22 . 2009-01-06 16:22 <DIR> d----c--- c:\documents and settings\NetworkService\Application Data\Intel
2009-01-06 16:22 . 2009-01-06 16:22 <DIR> d----c--- c:\documents and settings\LocalService\Application Data\Intel
2009-01-06 16:22 . 2009-01-06 16:22 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Intel
2009-01-06 16:20 . 2009-01-07 22:44 <DIR> d----c--- c:\program files\Intel
2009-01-06 16:20 . 2009-01-06 16:20 <DIR> d----c--- c:\program files\Common Files\Intel
2009-01-06 16:20 . 2009-01-06 16:20 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Intel
2009-01-06 12:27 . 2005-11-18 17:14 65 --a--c--- C:\readconnections.bat
2009-01-06 12:23 . 2009-01-06 22:22 <DIR> d----c--- c:\temp\SpeedTouch_V1
2009-01-06 12:23 . 2009-01-06 12:23 <DIR> d----c--- C:\temp
2009-01-06 12:23 . 2009-01-06 12:23 1,409 --a--c--- c:\windows\system32\tmpD5685.FOT
2009-01-06 12:23 . 2009-01-06 12:23 1,409 --a--c--- c:\windows\system32\tmp95585.FOT
2009-01-06 12:23 . 2009-01-06 12:23 1,409 --a--c--- c:\windows\system32\tmp45485.FOT
2009-01-06 12:23 . 2009-01-06 12:23 1,409 --a--c--- c:\windows\system32\tmp28385.FOT
2009-01-05 14:22 . 2008-04-13 20:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-01-04 19:55 . 2009-01-14 23:44 <DIR> d-a--c--- c:\documents and settings\All Users\Application Data\TEMP
2009-01-04 19:55 . 2009-01-04 19:55 479,298 --a--c--- c:\windows\system32\wbocx.ocx
2009-01-04 19:55 . 2009-01-04 19:55 50,688 --a--c--- c:\windows\system32\wbhelp2.dll
2009-01-04 19:41 . 2009-01-04 19:41 <DIR> d----c--- c:\program files\Xvid
2009-01-04 19:41 . 2008-04-27 10:33 765,952 --a--c--- c:\windows\system32\xvidcore.dll
2009-01-04 19:41 . 2008-04-27 10:35 180,224 --a--c--- c:\windows\system32\xvidvfw.dll
2009-01-04 19:41 . 2007-06-28 18:55 77,824 --a--c--- c:\windows\system32\xvid.ax
2009-01-02 21:29 . 2009-01-10 17:11 24 --a--c--- c:\windows\LogonStudio.ini
2009-01-02 21:28 . 2009-01-02 21:28 <DIR> d----c--- c:\program files\WinCustomize
2009-01-02 21:28 . 2009-01-02 21:28 <DIR> d----c--- c:\program files\Common Files\Stardock
2009-01-02 21:28 . 2000-10-10 13:01 198,656 --a--c--- c:\windows\system32\comdlg32.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 15:12 2,237,440 -c--a-w c:\windows\system32\logonuiX.exe
2008-12-18 02:24 --------- dc----w c:\program files\microsoft frontpage
2008-12-16 21:40 1,496,077 -c--a-w c:\windows\RED EYE no clock.scr
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 -c--a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 -c--a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 12:07 208,744 -c--a-w c:\windows\system32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-15_ 2.08.52.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 13:27:04 163,328 -c--a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-01-15 02:04:14 7,503,872 -c--a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-01-15 02:04:14 286,720 -c--a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 13:27:04 163,328 -c--a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-01-15 00:44:38 7,503,872 -c--a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-01-15 00:44:38 286,720 -c--a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2009-01-14 22:20:02 34,304 -c--a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2009-01-15 01:09:46 34,304 -c--a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
- 2008-04-14 00:11:51 33,792 -c----w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 16:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-07-27 13:49:02 196,683 -c--a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 13:49:02 225,355 -c--a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-05 18:25:22 139,264 -c--a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 11:37:10 106,496 -c--a-w c:\windows\system32\lnod32upd.dll
+ 2007-08-02 16:11:28 253,952 -c--a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2007-08-02 16:11:14 241,664 -c--a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2007-08-06 11:17:40 19,456 -c--a-w c:\windows\system32\OnlineScannerLang.dll
+ 2007-06-13 09:10:34 77,824 -c--a-w c:\windows\system32\OnlineScannerUninstaller.exe
+ 2004-12-07 09:11:34 258,352 -c--a-w c:\windows\system32\unicows.dll
+ 2009-01-15 09:57:42 16,384 -c--atw c:\windows\temp\Perflib_Perfdata_22c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-01-08 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DesktopIconToy"="c:\program files\Desktop Icon Toy\DesktopIconToy.exe" [2008-10-12 450560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-01 118784]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2003-08-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-21 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-21 499712]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2003-08-20 81920]
"SoundMan"="SOUNDMAN.EXE" [2004-07-28 c:\windows\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2002-11-22 c:\windows\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1001000.021\SymEFA.sys [2009-01-14 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys [2009-01-14 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1001000.021\cchpx86.sys [2009-01-14 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-01-14 274808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\A302.sys [2008-12-18 11831]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-14 99376]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [2008-12-18 6000]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe [2009-01-14 115560]
R4 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [2009-01-02 23352]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-01 603904]
S3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2009-01-14 5969]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2006-12-20 121088]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - InCDrec

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-01-14 c:\windows\Tasks\User_Feed_Synchronization-{FC1A37DB-557E-4D39-97C1-00D568F44765}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: &Clean Traces - e:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - e:\program files\DAP\dapextie.htm
IE: Download &all with DAP - e:\program files\DAP\dapextie2.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - e:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - e:\progra~1\DAP\dapie.dll

c:\windows\Downloaded Program Files\unicows.dll - c:\windows\Downloaded Program Files\webdiag.dll
O16 -: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800}
hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
c:\windows\Downloaded Program Files\webdiag.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 12:44:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxxfumoqvc.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1496)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\AlienGUIse\fastload.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-01-15 12:45:57
ComboFix-quarantined-files.txt 2009-01-15 10:45:55
ComboFix2.txt 2009-01-15 00:09:51
ComboFix3.txt 2009-01-14 20:08:09
ComboFix4.txt 2009-01-14 08:50:59
ComboFix5.txt 2009-01-15 10:41:35

Pre-Run: 12,900,712,448 bytes free
Post-Run: 12,886,097,920 bytes free

298 --- E O F --- 2009-01-13 15:49:19


Report •

Related Solutions

#4
January 15, 2009 at 16:08:58
Go to start> control panel> add/remove programs and uninstall this rogue program:

Anti Trojan Elite

You are running Download Accelerator Plus – This is a download accelerator that delivers popup/popunder ads, and tracks your internet usage. I highly recommend optionally uninstalling this program. You can find safer alternatives Here.

If you decide to uninstall Download Accelerator Plus as recommended, go to Start > Control Panel > Add or Remove Programs and remove the following program:

Download Accelerator Plus

If you chose to uninstall Download Accelerator Plus as recommended, also delete:
C:\Program Files\DAP

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
C:\sqmnoopt03.sqm
C:\sqmdata03.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\fsaua.data
C:\sqmnoopt01.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
c:\windows\system32\RCX123.tmp
c:\program files\Anti Trojan Elite\ATEPMON.sys

Driver::
ATE_PROCMON

Folder::
c:\program files\Anti Trojan Elite
Registry::

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Please go to Virus Total and upload the following files one at the time for analysis:

c:\windows\LMIBE.tmp
c:\windows\system32\tmp73D9B.FOT

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file".

Post the results in your reply.

Let me know how the computer is operating please.


Report •

#5
January 16, 2009 at 04:09:35
Thanks for all your help.
I did as requested, The computer seems better, and i can actually go to microsoft update site.
The link for the download accelerator alternatives didnt work. it came up as a search page.

The firt file to be scanned wasnt found, the second one returned the following result:
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.16 -
AhnLab-V3 2009.1.15.0 2009.01.16 -
AntiVir 7.9.0.55 2009.01.16 -
Authentium 5.1.0.4 2009.01.15 -
Avast 4.8.1281.0 2009.01.15 -
AVG 8.0.0.229 2009.01.16 -
BitDefender 7.2 2009.01.16 -
CAT-QuickHeal 10.00 2009.01.16 -
ClamAV 0.94.1 2009.01.16 -
Comodo 933 2009.01.16 -
DrWeb 4.44.0.09170 2009.01.16 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6311 2009.01.16 -
F-Prot 4.4.4.56 2009.01.15 -
F-Secure 8.0.14470.0 2009.01.16 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.16 -
Ikarus T3.1.1.45.0 2009.01.16 -
K7AntiVirus 7.10.591 2009.01.16 -
Kaspersky 7.0.0.125 2009.01.16 -
McAfee 5496 2009.01.15 -
McAfee+Artemis 5496 2009.01.15 -
Microsoft 1.4205 2009.01.16 -
NOD32 3771 2009.01.16 -
Norman 5.93.01 2009.01.15 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.15 -
PCTools 4.4.2.0 2009.01.16 -
Prevx1 V2 2009.01.16 -
Rising 21.12.42.00 2009.01.16 -
SecureWeb-Gateway 6.7.6 2009.01.16 -
Sophos 4.37.0 2009.01.16 -
Sunbelt 3.2.1835.2 2009.01.16 -
TheHacker 6.3.1.4.220 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.16 -
ViRobot 2009.1.16.1562 2009.01.16 -
VirusBuster 4.5.11.0 2009.01.15 -
Additional information
File size: 1409 bytes
MD5...: 8ae61933f6c1cb0c7b8004edf0a1dce9
SHA1..: 1028d241d247ad57fcad90dcf66be1ec3c58a2f9
SHA256: 577ef4229bcdbea72c4ebfeca4397f318f0707e0cef84a703dd58d37568ec057
SHA512: 1372e1c44cb441057194960ef24a79cde530b827994ffa643742f0eda37b7fcd
089887e0592f0706f708902e3a4bd50312564622b37b05125c2a310e1af3c002

ssdeep: 6:HRMU/KehWpuvZQ+LqGBOL2NhwLHx8q4Q6aJoKX5sjxNCNU:SeLLk2ULHxP1JBJ
UxkO

PEiD..: -
TrID..: File type identification
Win 3.x Installed TrueType Font (34.0%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: -


Also here is the combofix log:
ComboFix 09-01-15.01 - Administrator 2009-01-16 13:45:35.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.572 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
* Created a new restore point

FILE ::
C:\fsaua.data
c:\program files\Anti Trojan Elite\ATEPMON.sys
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
c:\windows\system32\RCX123.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Anti Trojan Elite
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATE_PROCMON
-------\Service_ATE_PROCMON


((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 01:37 . 2009-01-16 01:37 <DIR> d----c--- C:\_OTMoveIt
2009-01-15 17:55 . 2009-01-15 17:55 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Symantec
2009-01-15 17:16 . 2008-12-12 05:28 36,272 -ra--c--- c:\windows\system32\drivers\SymIM.sys
2009-01-15 17:15 . 2009-01-15 17:15 <DIR> d----c--- c:\program files\Symantec
2009-01-15 17:15 . 2009-01-15 17:22 <DIR> d----c--- c:\program files\Common Files\Symantec Shared
2009-01-15 17:15 . 2009-01-15 17:15 124,464 --a--c--- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-15 17:15 . 2009-01-15 17:15 60,808 --a--c--- c:\windows\system32\S32EVNT1.DLL
2009-01-15 17:15 . 2009-01-15 17:15 10,635 --a--c--- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-15 17:15 . 2009-01-15 17:15 806 --a--c--- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-15 17:14 . 2009-01-15 23:00 <DIR> d----c--- c:\windows\system32\drivers\NIS
2009-01-15 17:14 . 2009-01-15 17:14 <DIR> d----c--- c:\program files\Windows Sidebar
2009-01-15 17:14 . 2009-01-15 17:14 <DIR> d----c--- c:\program files\Norton Internet Security
2009-01-15 03:05 . 2009-01-15 03:05 <DIR> d----c--- c:\program files\EsetOnlineScanner
2009-01-15 02:45 . 2009-01-15 02:45 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-15 02:44 . 2009-01-15 02:44 <DIR> d----c--- c:\windows\ERUNT
2009-01-15 00:20 . 2009-01-15 00:20 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-15 00:19 . 2009-01-15 22:09 <DIR> d----c--- c:\program files\SUPERAntiSpyware
2009-01-15 00:19 . 2009-01-15 22:09 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-14 11:33 . 2009-01-15 03:08 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-14 11:25 . 2009-01-14 11:25 <DIR> d----c--- C:\fsaua.data
2009-01-13 17:04 . 2009-01-13 17:04 664 --a--c--- c:\windows\system32\d3d9caps.dat
2009-01-13 04:18 . 2009-01-13 04:18 <DIR> d----c--- C:\Downloads
2009-01-11 03:09 . 2009-01-11 03:09 <DIR> d----c--- c:\program files\Desktop Icon Toy
2009-01-10 20:40 . 2009-01-10 20:40 3,932,214 --a--c--- c:\windows\InvaderDark1280.bmp
2009-01-10 20:30 . 2009-01-10 20:30 5,760,054 --a--c--- c:\windows\ALX_1600x1200.bmp
2009-01-10 20:29 . 2005-02-01 14:20 5,760,056 --a--c--- c:\windows\Darkstar.bmp
2009-01-10 15:06 . 2009-01-10 15:06 <DIR> d----c--- c:\documents and settings\Guest\Application Data\Windows Search
2009-01-10 15:01 . 2009-01-06 16:22 <DIR> d----c--- c:\documents and settings\Guest\Application Data\Intel
2009-01-10 15:01 . 2009-01-10 15:06 <DIR> d----c--- c:\documents and settings\Guest
2009-01-10 03:29 . 2009-01-10 03:29 2,359,350 --a--c--- c:\windows\AW_XenoMorph1024.bmp
2009-01-10 03:21 . 2009-01-10 20:40 <DIR> d----c--- c:\program files\AlienGUIse
2009-01-10 03:21 . 2003-02-26 22:27 36,864 --a--c--- c:\windows\system32\wbsys.dll
2009-01-10 03:21 . 2009-01-10 03:21 56 --a--c--- c:\windows\wb.ini
2009-01-10 02:23 . 2009-01-10 02:23 5,242,934 --a--c--- c:\windows\RED EYE no clock.scr.bmp
2009-01-10 02:22 . 2009-01-11 17:40 186 --a--c--- c:\windows\RED EYE no clock.ini
2009-01-10 02:21 . 2009-01-10 02:21 1,519 --a--c--- c:\windows\unins000.dat
2009-01-09 21:33 . 2009-01-09 21:33 <DIR> d----c--- c:\program files\Trend Micro
2009-01-09 20:55 . 2009-01-14 09:35 <DIR> d----c--- c:\program files\Hide Your IP Address
2009-01-09 20:11 . 2009-01-09 20:11 <DIR> d----c--- c:\documents and settings\Administrator\dsc
2009-01-09 20:07 . 2009-01-09 20:11 <DIR> d----c--- c:\documents and settings\Administrator\vw
2009-01-09 20:06 . 2009-01-09 20:12 <DIR> d----c--- c:\program files\eMailTrackerPro 2008
2009-01-09 20:06 . 2009-01-09 20:06 <DIR> d----c--- c:\documents and settings\Administrator\eMailTrackerPro
2009-01-09 19:07 . 2009-01-09 19:07 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Spacejock Software
2009-01-09 19:03 . 2009-01-09 19:09 <DIR> d----c--- c:\program files\yMail2
2009-01-09 18:12 . 2009-01-09 18:12 <DIR> d----c--- c:\program files\CCleaner
2009-01-09 03:25 . 2009-01-09 03:37 <DIR> d----c--- c:\documents and settings\All Users\Application Data\WildTangent
2009-01-09 03:24 . 2009-01-09 03:25 <DIR> d----c--- c:\program files\Dell Games
2009-01-08 20:44 . 2009-01-08 20:44 <DIR> d----c--- c:\program files\Microsoft Works
2009-01-08 20:43 . 2009-01-08 20:43 <DIR> d----c--- c:\program files\MSBuild
2009-01-08 20:37 . 2009-01-08 20:37 <DIR> d----c--- c:\program files\Microsoft.NET
2009-01-08 20:33 . 2009-01-08 20:33 <DIR> d----c--- c:\program files\Microsoft Visual Studio 8
2009-01-08 20:31 . 2009-01-08 20:40 <DIR> d----c--- c:\windows\SHELLNEW
2009-01-08 20:29 . 2009-01-15 22:21 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-08 17:09 . 2009-01-08 17:09 <DIR> d--hsc--- c:\windows\ftpcache
2009-01-08 17:09 . 2009-01-08 17:09 <DIR> d----c--- c:\program files\Audit Support Center
2009-01-08 13:54 . 2003-10-01 23:17 155,648 --a--c--- c:\windows\system32\igfxres.dll
2009-01-07 23:59 . 1998-10-29 16:45 306,688 --a--c--- c:\windows\IsUninst.exe
2009-01-07 23:14 . 2003-10-07 20:11 65,536 --a--c--- c:\windows\system32\iAlmCoIn_v3691.dll
2009-01-07 23:06 . 2009-01-07 23:06 <DIR> d----c--- c:\program files\Synaptics
2009-01-07 23:06 . 2003-10-21 20:57 177,632 --a--c--- c:\windows\system32\drivers\SynTP.sys
2009-01-07 23:06 . 2003-10-21 20:58 106,496 --a--c--- c:\windows\system32\SynCtrl.dll
2009-01-07 23:06 . 2003-10-21 20:58 90,112 --a--c--- c:\windows\system32\SynTPAPI.dll
2009-01-07 23:06 . 2003-10-21 21:02 77,824 --a--c--- c:\windows\system32\SynTPCoI.dll
2009-01-07 23:06 . 2003-10-21 20:58 77,824 --a--c--- c:\windows\system32\SynCOM.dll
2009-01-07 23:06 . 2003-10-21 21:01 65,536 --a--c--- c:\windows\system32\SynTPFcs.dll
2009-01-07 22:42 . 2009-01-08 19:18 <DIR> d----c--- c:\program files\Fujitsu
2009-01-07 22:42 . 2009-01-07 22:42 <DIR> d----c--- c:\program files\Common Files\InstallShield
2009-01-07 22:42 . 2009-01-07 23:59 <DIR> d----c--- C:\Drivers
2009-01-07 22:42 . 2003-08-21 09:32 307,712 --a--c--- c:\windows\system32\QuickTouch.cpl
2009-01-07 01:44 . 2009-01-07 01:45 45 --a--c--- c:\windows\system32\initdebug.nfo
2009-01-06 22:24 . 2002-11-14 22:32 55,808 --a--c--- C:\connect.exe
2009-01-06 22:24 . 2009-01-06 22:25 84 --a--c--- C:\devcon_nic_enable.bat
2009-01-06 22:24 . 2005-11-22 14:19 43 --a--c--- C:\devconhwids.bat
2009-01-06 22:23 . 2005-11-18 14:05 50 --a--c--- C:\pingrouter.bat
2009-01-06 22:22 . 2009-01-06 22:22 1,409 --a--c--- c:\windows\system32\tmpBE69B.FOT
2009-01-06 22:22 . 2009-01-06 22:22 1,409 --a--c--- c:\windows\system32\tmp73D9B.FOT
2009-01-06 22:22 . 2009-01-06 22:22 1,409 --a--c--- c:\windows\system32\tmp702AB.FOT
2009-01-06 22:22 . 2009-01-06 22:22 1,409 --a--c--- c:\windows\system32\tmp4909B.FOT
2009-01-06 21:43 . 2009-01-08 19:12 <DIR> d----c--- c:\program files\Dan Elwell's Broadband Speed Test
2009-01-06 19:30 . 2009-01-06 19:30 <DIR> d----c--- c:\program files\Google
2009-01-06 18:10 . 2009-01-06 19:03 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\mIRC
2009-01-06 16:28 . 2009-01-09 03:49 4,136 --a--c--- C:\WirelessDiagLog.csv
2009-01-06 16:22 . 2009-01-06 16:22 <DIR> d----c--- c:\documents and settings\NetworkService\Application Data\Intel
2009-01-06 16:22 . 2009-01-06 16:22 <DIR> d----c--- c:\documents and settings\LocalService\Application Data\Intel
2009-01-06 16:22 . 2009-01-06 16:22 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Intel
2009-01-06 16:20 . 2009-01-07 22:44 <DIR> d----c--- c:\program files\Intel
2009-01-06 16:20 . 2009-01-06 16:20 <DIR> d----c--- c:\program files\Common Files\Intel
2009-01-06 16:20 . 2009-01-06 16:20 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Intel
2009-01-06 12:27 . 2005-11-18 17:14 65 --a--c--- C:\readconnections.bat
2009-01-06 12:23 . 2009-01-06 22:22 <DIR> d----c--- c:\temp\SpeedTouch_V1
2009-01-06 12:23 . 2009-01-06 12:23 <DIR> d----c--- C:\temp
2009-01-06 12:23 . 2009-01-06 12:23 1,409 --a--c--- c:\windows\system32\tmpD5685.FOT
2009-01-06 12:23 . 2009-01-06 12:23 1,409 --a--c--- c:\windows\system32\tmp95585.FOT
2009-01-06 12:23 . 2009-01-06 12:23 1,409 --a--c--- c:\windows\system32\tmp45485.FOT
2009-01-06 12:23 . 2009-01-06 12:23 1,409 --a--c--- c:\windows\system32\tmp28385.FOT
2009-01-05 14:22 . 2008-04-13 20:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-01-04 19:55 . 2009-01-15 22:46 <DIR> d-a--c--- c:\documents and settings\All Users\Application Data\TEMP
2009-01-04 19:55 . 2009-01-04 19:55 479,298 --a--c--- c:\windows\system32\wbocx.ocx
2009-01-04 19:55 . 2009-01-04 19:55 50,688 --a--c--- c:\windows\system32\wbhelp2.dll
2009-01-04 19:41 . 2009-01-04 19:41 <DIR> d----c--- c:\program files\Xvid
2009-01-04 19:41 . 2008-04-27 10:33 765,952 --a--c--- c:\windows\system32\xvidcore.dll
2009-01-04 19:41 . 2008-04-27 10:35 180,224 --a--c--- c:\windows\system32\xvidvfw.dll
2009-01-04 19:41 . 2007-06-28 18:55 77,824 --a--c--- c:\windows\system32\xvid.ax
2009-01-02 21:29 . 2009-01-10 17:11 24 --a--c--- c:\windows\LogonStudio.ini
2009-01-02 21:28 . 2009-01-02 21:28 <DIR> d----c--- c:\program files\WinCustomize
2009-01-02 21:28 . 2009-01-02 21:28 <DIR> d----c--- c:\program files\Common Files\Stardock
2009-01-02 21:28 . 2000-10-10 13:01 198,656 --a--c--- c:\windows\system32\comdlg32.ocx
2009-01-02 21:28 . 2000-05-17 09:52 187,392 --a--c--- c:\windows\system32\JPGUtils.dll
2009-01-02 19:43 . 2008-09-14 18:40 23,352 --a--c--- c:\windows\system32\drivers\pnpcap.sys
2009-01-02 15:12 . 2009-01-02 15:12 <DIR> d----c--- c:\program files\Yahoo!
2009-01-02 14:52 . 2009-01-02 14:52 <DIR> d----c--- c:\program files\TuneUp Utilities 2006
2009-01-02 14:28 . 2008-12-31 18:35 2,532,664 --a--c--- C:\WindowsXP-KB889816-x86-ENU.exe
2009-01-02 02:29 . 2009-01-02 02:29 <DIR> d----c--- c:\program files\Common Files\Pure Networks Shared
2009-01-02 02:29 . 2008-09-14 18:36 25,272 --a--c--- c:\windows\system32\drivers\purendis.sys
2009-01-02 02:29 . 2008-09-14 18:36 23,992 --a--c--- c:\windows\system32\drivers\pnarp.sys
2009-01-01 18:23 . 2009-01-14 21:50 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Speedbit
2009-01-01 18:23 . 2009-01-01 18:23 172,032 --a--c--- c:\windows\system32\AniGIF.ocx
2009-01-01 04:01 . 2009-01-01 04:01 603,904 --a--c--- c:\windows\system32\TUProgSt.exe
2009-01-01 04:01 . 2009-01-01 04:01 360,192 --a--c--- c:\windows\system32\TuneUpDefragService.exe
2009-01-01 04:01 . 2008-12-11 14:31 27,904 --a--c--- c:\windows\system32\uxtuneup.dll
2009-01-01 01:16 . 2009-01-05 21:18 <DIR> d----c--- c:\program files\TuneUp Utilities 2009
2009-01-01 01:15 . 2009-01-01 01:15 <DIR> d--hsc--- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-01 01:07 . 2009-01-01 01:07 <DIR> d----c--- c:\windows\Sun
2009-01-01 00:53 . 2009-01-02 15:08 <DIR> d--h-c--- c:\windows\Icons
2008-12-31 20:46 . 2009-01-03 04:32 <DIR> d----c--- c:\documents and settings\Administrator\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 02:24 --------- dc----w c:\program files\microsoft frontpage
2008-12-16 21:40 1,496,077 -c--a-w c:\windows\RED EYE no clock.scr
2008-12-11 10:57 333,952 -c--a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-01-08 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DesktopIconToy"="c:\program files\Desktop Icon Toy\DesktopIconToy.exe" [2008-10-12 450560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-01 118784]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2003-08-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-21 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-21 499712]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2003-08-20 81920]
"SoundMan"="SOUNDMAN.EXE" [2004-07-28 c:\windows\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2002-11-22 c:\windows\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-15 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-15 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090115.001\IDSxpx86.sys [2009-01-16 274808]
R3 {E6759E0C-470B-44DC-A4A1-627E68BB3A85};AIM 3.0 SI164;c:\windows\system32\drivers\A302.sys [2008-12-18 11831]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-15 99376]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [2008-12-18 6000]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-15 115560]
R4 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\drivers\pnpcap.sys [2009-01-02 23352]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-01 603904]
S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [2006-12-20 121088]

--- Other Services/Drivers In Memory ---

*Deregistered* - InCDrec

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-01-15 c:\windows\Tasks\User_Feed_Synchronization-{FC1A37DB-557E-4D39-97C1-00D568F44765}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: &Clean Traces - e:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - e:\program files\DAP\dapextie.htm
IE: Download &all with DAP - e:\program files\DAP\dapextie2.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - e:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - e:\progra~1\DAP\dapie.dll

c:\windows\Downloaded Program Files\unicows.dll - c:\windows\Downloaded Program Files\webdiag.dll
O16 -: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800}
hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
c:\windows\Downloaded Program Files\webdiag.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 13:52:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1896)
c:\program files\AlienGUIse\fastload.dll
.
r Running Proce
.
c:\windows\system32\sessmgr.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-01-16 13:56:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-16 11:56:50

Pre-Run: 12,670,062,592 bytes free
Post-Run: 12,798,300,160 bytes free

287 --- E O F --- 2009-01-15 20:23:12


Report •

#6
January 16, 2009 at 15:18:40
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#7
January 17, 2009 at 01:03:17
Here is the report:

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, January 15, 2009 11:06:00
Records in database: 1627818
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 45345
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:18:38

No malware has been detected. The scan area is clean.


Report •

#8
January 17, 2009 at 16:10:01
Your computer appears to be clean


Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes

Kaspersky

You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


Report •

#9
January 17, 2009 at 16:16:36
The computer seems normal now. I can go to microsoft update without any problems.
Thanks for all your help with this
Regards
Seeker72

Report •

#10
January 17, 2009 at 16:24:12
Glad we could help.

Report •


Ask Question