Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
      
2 Pages V   1 2 >  
 Closed TopicStart new topic
Malware [CLOSED], I think I came down with the Malware
jnicholls08
post Oct 5 2008, 04:41 PM
Post #1


Member
**
Posts: 25
OS: XP
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:27 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\ewido_micro.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Video ActiveX Object\isamonitor.exe
O4 - HKUS\S-1-5-21-351953409-1454491506-409785693-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-351953409-1454491506-409785693-1003\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" (User '?')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

--
End of file - 7230 bytes
Go to the top of the page
 
+Quote Post
RatHat
post Oct 6 2008, 08:05 AM
Post #2


GeekU Mod
Group Icon
Posts: 5,323
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
Hi there,

Welcome to GeeksToGo.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you have word wrap turned off in Notepad. To do this, open Notepad, choose Format, then ensure Word Wrap is Un-checked. (Word Wrap makes reading your logs difficult).

Next, I would like to make sure that you can view hidden files and folders (if possible);
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please read this Combofix tutorial before continuing, then follow the instructions below.

Please ensure you read this guide carefully and install the Recovery Console first.

Next, download ComboFix from Here or Here to your Desktop.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System. (yours is Windows XP SP2)



Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.



Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you. Save this log to your desktop as Combofix.txt and post it in your next reply.

(Note: Combofix will also save the report to C:\Combofix.txt)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner.
Note: You must use Internet Explorer to run this scan, and you must disable your Anti Virus program during the scan.

Click the Accept button.

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the View scan report link:
  • Click the Save report as button
  • Under Save as type, choose Text file (*.txt)
  • Save the file to your desktop as Kaspersky.txt
  • Copy and paste that information in your next post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download Old Timer's OTViewIt and save it to your Desktop.
  • Double click OTViewIt.exe to run the program
  • Under File Age: choose 60 Days
  • Now click Run Scan to start the scan
  • The scan will take a minute or so, Do Not run any other programs during the scan
  • When complete, notepad will open two files:
    • OTViewIt.Txt
    • Extras.Txt
  • Please post the contents of both files in your next reply

Note: You may need to make two posts to ensure the logs are complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include the following logs:
  • The contents of Combofix.txt
  • The contents of Kaspersky.txt
  • The contents of the two OTViewIt logs

Please make three or four posts to ensure that the logs are posted completely.

Regards,
RatHat
Go to the top of the page
 
+Quote Post
jnicholls08
post Oct 6 2008, 09:52 AM
Post #3


Member
**
Posts: 25
OS: XP
Thnak you so much... i am in the process of doing all that u asked.... I am at the kaspersky scan and then I will give you all the reports etc. Thank you again... Oh I have posted another problem I am having with Windows Media Player... any help there possibly?!? Thank you again!!!

Jeremy R. Nicholls
Go to the top of the page
 
+Quote Post
jnicholls08
post Oct 6 2008, 09:57 AM
Post #4


Member
**
Posts: 25
OS: XP
Kaspersky is not working... it is repeatedly stating it has gfailed to update. I do what it says and again... Failed to update. Any ideas?
Go to the top of the page
 
+Quote Post
RatHat
post Oct 6 2008, 06:40 PM
Post #5


GeekU Mod
Group Icon
Posts: 5,323
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
That happens sometimes. Lets try a different scan:
  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take a while, so please be patient
Go to the top of the page
 
+Quote Post
jnicholls08
post Oct 6 2008, 08:51 PM
Post #6


Member
**
Posts: 25
OS: XP
Ran everything except for the last thing.... I am doing that now... I started it while I was replying to you and for some reason my computer just crashed and then rebotted instantly... then ran very slow at startup. here are some of the logs that u requested. i wil get this last one to you as soon as it is complete. Thank you again... this is much appreciated.

Highjackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:12 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....p;bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-351953409-1454491506-409785693-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-351953409-1454491506-409785693-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - S-1-5-21-351953409-1454491506-409785693-1003 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User '?')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

--
End of file - 8027 bytes

ComboFix:

ComboFix 08-10-05.08 - Owner 2008-10-06 19:31:08.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.

2008-10-06 19:39 . 2008-10-06 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-10-06 19:38 . 2008-10-06 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-10-06 15:10 . 2008-10-06 15:10 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-10-06 12:12 . 2008-10-06 12:25 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-06 12:12 . 2008-10-06 12:12 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-06 12:11 . 2008-10-06 12:11 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-06 12:11 . 2008-10-06 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-06 12:11 . 2008-10-06 19:35 3,024,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-06 12:11 . 2008-10-06 19:39 270,368 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-06 12:11 . 2008-10-06 19:35 24,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-06 12:11 . 2008-10-06 19:39 2,004 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-06 12:10 . 2008-10-06 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-06 11:41 . 2008-10-06 11:41 <DIR> d-------- C:\Program Files\Sun
2008-10-06 10:38 . 2008-10-06 10:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 10:38 . 2008-10-06 10:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-10-06 10:38 . 2008-10-06 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-06 10:38 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-06 10:38 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-06 10:37 . 2008-10-06 10:37 <DIR> d-------- C:\Program Files\ERUNT
2008-10-06 10:32 . 2008-10-06 10:32 <DIR> d-------- C:\Program Files\CleanUp!
2008-10-05 23:35 . 2008-10-05 23:35 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-05 23:35 . 2008-10-05 23:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-10-05 23:35 . 2008-10-05 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-05 19:16 . 2008-10-06 00:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-05 17:07 . 2008-10-05 20:09 <DIR> d-------- C:\Program Files\Symantec
2008-10-05 17:07 . 2008-10-05 20:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-10-05 17:07 . 2008-10-05 20:09 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-05 17:07 . 2008-10-05 20:09 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-05 17:07 . 2008-10-05 17:07 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-05 17:07 . 2008-10-05 20:09 10,635 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-05 17:07 . 2008-10-05 20:09 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-05 17:06 . 2008-10-05 17:06 <DIR> d-------- C:\WINDOWS\system32\drivers\NAV
2008-10-05 17:06 . 2008-10-05 17:06 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-05 17:06 . 2008-10-05 17:06 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-10-05 17:06 . 2008-10-05 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-05 17:05 . 2008-10-05 17:05 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-05 17:05 . 2008-10-05 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-05 16:59 . 2008-10-05 16:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-05 16:17 . 2008-10-05 16:17 <DIR> d-------- C:\Program Files\AnalogX
2008-10-05 15:50 . 2008-10-05 16:53 <DIR> d-------- C:\b514b9cfe69331c74b561fc98161
2008-10-05 15:26 . 2008-10-05 15:32 <DIR> d-------- C:\Program Files\WhatsRunning
2008-10-05 14:54 . 2008-10-05 14:54 <DIR> d-------- C:\NVIDIA
2008-10-05 09:08 . 2008-10-05 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-10-05 09:02 . 2008-10-05 09:02 <DIR> d-------- C:\Program Files\Raxco
2008-10-04 16:07 . 2008-10-04 16:01 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-03 13:31 . 2008-10-03 13:31 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-03 13:22 . 2008-10-05 09:01 53,192 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-10-03 13:22 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-10-03 13:21 . 2008-10-03 13:28 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-10-03 13:21 . 2008-10-03 13:21 <DIR> d-------- C:\Program Files\CA
2008-10-03 13:19 . 2008-10-03 13:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-10-03 13:13 . 2008-10-03 13:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\verizon_broad
2008-10-03 13:00 . 2008-10-03 13:26 <DIR> d-------- C:\Program Files\Verizon
2008-10-03 10:08 . 2008-10-03 13:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-03 09:55 . 2008-10-03 13:13 <DIR> d-------- C:\Program Files\verizon_broad
2008-10-03 09:55 . 2008-10-03 09:55 <DIR> d-------- C:\Program Files\Verizon Broadband Firefox Toolbar
2008-10-03 09:54 . 2008-10-03 09:54 <DIR> d-------- C:\Program Files\StarzPlay

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 18:51 --------- d-----w C:\Program Files\Common Files\aolshare
2008-10-06 15:41 --------- d-----w C:\Program Files\Java
2008-10-05 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-10-05 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-03 17:32 --------- d-----w C:\Program Files\Ares
2008-10-03 17:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Verizon
2008-10-03 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Verizon
2008-10-03 16:54 --------- d-----w C:\Program Files\McAfee
2008-10-03 16:38 --------- d-----w C:\Program Files\Viewpoint
2008-10-03 16:34 --------- d-----w C:\Program Files\LimeWire
2008-10-03 16:34 --------- d-----w C:\Program Files\dvdSanta
2008-08-14 12:23 --------- d-----w C:\Program Files\Winamp
2008-07-30 00:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-06_11.33.07.83 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
- 2008-10-05 13:02:28 26,582 ----a-r C:\WINDOWS\Installer\{212F5777-1190-4DEF-8E4D-6B2F313B45E7}\PerfectDisk.exe
+ 2008-10-06 23:40:18 26,582 ----a-r C:\WINDOWS\Installer\{212F5777-1190-4DEF-8E4D-6B2F313B45E7}\PerfectDisk.exe
+ 2008-07-21 22:34:36 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2008-01-29 22:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
+ 2008-10-06 16:10:59 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-04-30 22:06:48 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-07-30 00:20:00 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
- 2007-12-14 04:57:22 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-12-14 04:57:24 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-12-14 05:59:16 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-10-06 23:38:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_134.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8398-26FADCF27386}]
2008-05-30 12:42 1991680 --a------ C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8398-26FADCF27386}"= "C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL" [2008-05-30 1991680]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-8398-26FADCF27386}"= "C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL" [2008-05-30 1991680]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8398-26fadcf27386}]
[HKEY_CLASSES_ROOT\verizon_broad.VERIZON_BROAD]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 13552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 7204864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= CnxtMJPG.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 12:32 7204864 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 DoradoPC;Conexant VGA Camera;C:\WINDOWS\system32\DRIVERS\drdvid40.sys [2001-12-16 22:33]
R3 Radialpoint Security Services;Verizon Internet Security Suite;C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe [2008-02-26 17:10]
S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
S0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-10-05 17:07]
S1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-10-05 17:07]
S1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-10-05 17:07]
S1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081003.001\IDSxpx86.sys [2008-10-05 17:07]
S2 Norton AntiVirus;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [2008-10-05 17:07]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - DEFRAGFS
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\iis5djvg.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central
.
.
------- File Associations -------
.
JSEFile=C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*
VBEFile=C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*
VBSFile=C:\Program Files\AnalogX\Script Defender\sdefend.exe %1 %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 19:40:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\skeys.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
.
**************************************************************************
.
Completion time: 2008-10-06 19:56:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-06 23:55:55
ComboFix2.txt 2008-10-06 15:34:07

Pre-Run: 5,647,728,640 bytes free
Post-Run: 5,611,139,072 bytes free

213 --- E O F --- 2008-07-11 21:32:50

Kaspersky ( I downloaded it.. I dont know if it does the samething u wanted?)
Quick Scan: completed 10/6/2008 12:24:42 PM (events: 27, objects: , time: 00:00:00)
10/6/2008 12:24:42 PM Task completed
10/6/2008 12:18:05 PM Task started
Quick Scan: completed 10/6/2008 12:24:42 PM (events: 27, objects: , time: 00:00:00)
10/6/2008 12:31:30 PM Task started
10/6/2008 12:36:46 PM Detected: http://www.viruslist.com/en/advisories/30143 c:\program files\microsoft office\office\winword.exe
10/6/2008 12:37:53 PM Detected: http://www.viruslist.com/en/advisories/27620 c:\program files\real\realplayer\realplay.exe
10/6/2008 12:37:53 PM Detected: http://www.viruslist.com/en/advisories/29293 c:\program files\quicktime\quicktimeplayer.exe
10/6/2008 12:42:39 PM Detected: not-a-virus:AdWare.Win32.Mostofate.e c:\Documents and Settings\Owner\.housecall6.6\Quarantine\mi1.exe.bac_a00760/CryptFF.b/data0008/stream/data0006
10/6/2008 12:42:39 PM Detected: not-a-virus:AdWare.Win32.Mostofate.e c:\Documents and Settings\Owner\.housecall6.6\Quarantine\mi1.exe.bac_a03300/CryptFF.b/data0008/stream/data0006
10/6/2008 12:42:39 PM Untreated: not-a-virus:AdWare.Win32.Mostofate.e c:\Documents and Settings\Owner\.housecall6.6\Quarantine\mi1.exe.bac_a03300/CryptFF.b/data0008/stream/data0006 Postponed
10/6/2008 12:42:39 PM Untreated: not-a-virus:AdWare.Win32.Mostofate.e c:\Documents and Settings\Owner\.housecall6.6\Quarantine\mi1.exe.bac_a00760/CryptFF.b/data0008/stream/data0006 Postponed
10/6/2008 12:49:20 PM Detected: Trojan-Downloader.WMA.GetCodec.a c:\Documents and Settings\Owner\Desktop\music 2\Coldplay - Sparks.wma
10/6/2008 12:49:21 PM Untreated: Trojan-Downloader.WMA.GetCodec.a c:\Documents and Settings\Owner\Desktop\music 2\Coldplay - Sparks.wma Postponed
10/6/2008 1:06:48 PM Detected: Trojan.Win32.Small.ycu c:\Documents and Settings\Owner\My Documents\Downloads\T.I.-Paper_Trail-(Proper)-2008-HipHopGenerals.Com.rar/T.I.-Paper_Trail-(Proper)-2008-HipHopGenerals.Com\passwordfile.exe/data0000.cab/ISPPIJ~1.EXE
10/6/2008 1:06:49 PM Untreated: Trojan.Win32.Small.ycu c:\Documents and Settings\Owner\My Documents\Downloads\T.I.-Paper_Trail-(Proper)-2008-HipHopGenerals.Com.rar/T.I.-Paper_Trail-(Proper)-2008-HipHopGenerals.Com\passwordfile.exe/data0000.cab/ISPPIJ~1.EXE Postponed
10/6/2008 1:18:36 PM Detected: http://www.viruslist.com/en/advisories/30832 c:\program files\Adobe\Reader 8.0\Reader\plug_ins\Annots.api
10/6/2008 1:19:36 PM Detected: http://www.viruslist.com/en/advisories/26027 c:\program files\Common Files\AOL\Flasha.ocx
10/6/2008 1:28:11 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.6.0_04\bin\java.exe
10/6/2008 1:31:51 PM Detected: http://www.viruslist.com/en/advisories/29321 c:\program files\microsoft office\office\MSO9.DLL
10/6/2008 1:31:53 PM Detected: http://www.viruslist.com/en/advisories/30143 c:\program files\microsoft office\office\winword.exe
10/6/2008 1:35:46 PM Detected: http://www.viruslist.com/en/advisories/29293 c:\program files\quicktime\quicktimeplayer.exe
10/6/2008 1:35:53 PM Detected: http://www.viruslist.com/en/advisories/27620 c:\program files\real\realplayer\realplay.exe
10/6/2008 2:02:58 PM Detected: http://www.viruslist.com/en/advisories/28083 c:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
10/6/2008 2:05:43 PM Detected: http://www.viruslist.com/en/advisories/28083 D:\i386\Apps\App10224\swflash.ocx
10/6/2008 2:15:30 PM Detected: http://www.viruslist.com/en/advisories/26027 D:\i386\Apps\App17981\comps\aol\flasha.ocx
10/6/2008 2:15:56 PM Detected: not-a-virus:AdWare.Win32.SearchIt.t D:\i386\Apps\App17981\comps\toolbar\toolbr.exe/WiseSFXDropper/WISE0015.BIN
10/6/2008 2:16:03 PM Untreated: not-a-virus:AdWare.Win32.SearchIt.t D:\i386\Apps\App17981\comps\toolbar\toolbr.exe/WiseSFXDropper/WISE0015.BIN Postponed
10/6/2008 2:21:18 PM Task completed


I will get the last aASAP

jeremy
Go to the top of the page
 
+Quote Post
RatHat
post Oct 6 2008, 08:59 PM
Post #7


GeekU Mod
Group Icon
Posts: 5,323
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
Jeremy,

That last log was cut short, could you repost it along with the two OTViewIt logs.

Thanks,
RatHat
Go to the top of the page
 
+Quote Post
RatHat
post Oct 6 2008, 09:06 PM
Post #8


GeekU Mod
Group Icon
Posts: 5,323
From: Lake Mabprachan, Thailand
OS: XP SP2 ~ Vista Ultimate
Sorry, my mistake, I misread the last log. It is all there.

OK, post me the OTViewIt logs, and the F-Secure log when you can.

Regards,
RatHat
Go to the top of the page
 
+Quote Post
jnicholls08
post Oct 6 2008, 09:10 PM
Post #9


Member
**
Posts: 25
OS: XP
The OTView is not workng everytime I go to run it says I encointer an error loading process libraries and the specified module could not be found.... I also seen a flash about a backdoor.greybird virus?!? It disapeared though? The scanner u wanted me to run via internet wil not run... it rebooted my computer right after downloading the parameters?

here is kaspersky again:

Full Scan: completed 10/6/2008 2:21:18 PM (events: 25, objects: 275423, time: 01:49:48)
10/6/2008 12:24:42 PM Task completed
10/6/2008 12:18:05 PM Task started
Full Scan: completed 10/6/2008 2:21:18 PM (events: 25, objects: 275423, time: 01:49:48)
10/6/2008 12:31:30 PM Task started
10/6/2008 12:36:46 PM Detected: http://www.viruslist.com/en/advisories/30143 c:\program files\microsoft office\office\winword.exe
10/6/2008 12:37:53 PM Detected: http://www.viruslist.com/en/advisories/27620 c:\program files\real\realplayer\realplay.exe
10/6/2008 12:37:53 PM Detected: http://www.viruslist.com/en/advisories/29293 c:\program files\quicktime\quicktimeplayer.exe
10/6/2008 12:42:39 PM Detected: not-a-virus:AdWare.Win32.Mostofate.e c:\Documents and Settings\Owner\.housecall6.6\Quarantine\mi1.exe.bac_a00760/CryptFF.b/data0008/stream/data0006
10/6/2008 12:42:39 PM Detected: not-a-virus:AdWare.Win32.Mostofate.e c:\Documents and Settings\Owner\.housecall6.6\Quarantine\mi1.exe.bac_a03300/CryptFF.b/data0008/stream/data0006
10/6/2008 12:42:39 PM Untreated: not-a-virus:AdWare.Win32.Mostofate.e c:\Documents and Settings\Owner\.housecall6.6\Quarantine\mi1.exe.bac_a03300/CryptFF.b/data0008/stream/data0006 Postponed
10/6/2008 12:42:39 PM Untreated: not-a-virus:AdWare.Win32.Mostofate.e c:\Documents and Settings\Owner\.housecall6.6\Quarantine\mi1.exe.bac_a00760/CryptFF.b/data0008/stream/data0006 Postponed
10/6/2008 12:49:20 PM Detected: Trojan-Downloader.WMA.GetCodec.a c:\Documents and Settings\Owner\Desktop\music 2\Coldplay - Sparks.wma
10/6/2008 12:49:21 PM Untreated: Trojan-Downloader.WMA.GetCodec.a c:\Documents and Settings\Owner\Desktop\music 2\Coldplay - Sparks.wma Postponed
10/6/2008 1:06:48 PM Detected: Trojan.Win32.Small.ycu c:\Documents and Settings\Owner\My Documents\Downloads\T.I.-Paper_Trail-(Proper)-2008-HipHopGenerals.Com.rar/T.I.-Paper_Trail-(Proper)-2008-HipHopGenerals.Com\passwordfile.exe/data0000.cab/ISPPIJ~1.EXE
10/6/2008 1:06:49 PM Untreated: Trojan.Win32.Small.ycu c:\Documents and Settings\Owner\My Documents\Downloads\T.I.-Paper_Trail-(Proper)-2008-HipHopGenerals.Com.rar/T.I.-Paper_Trail-(Proper)-2008-HipHopGenerals.Com\passwordfile.exe/data0000.cab/ISPPIJ~1.EXE Postponed
10/6/2008 1:18:36 PM Detected: http://www.viruslist.com/en/advisories/30832 c:\program files\Adobe\Reader 8.0\Reader\plug_ins\Annots.api
10/6/2008 1:19:36 PM Detected: http://www.viruslist.com/en/advisories/26027 c:\program files\Common Files\AOL\Flasha.ocx
10/6/2008 1:28:11 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.6.0_04\bin\java.exe
10/6/2008 1:31:51 PM Detected: http://www.viruslist.com/en/advisories/29321 c:\program files\microsoft office\office\MSO9.DLL
10/6/2008 1:31:53 PM Detected: http://www.viruslist.com/en/advisories/30143 c:\program files\microsoft office\office\winword.exe
10/6/2008 1:35:46 PM Detected: http://www.viruslist.com/en/advisories/29293 c:\program files\quicktime\quicktimeplayer.exe
10/6/2008 1:35:53 PM Detected: http://www.viruslist.com/en/advisories/27620 c:\program files\real\realplayer\realplay.exe
10/6/2008 2:02:58 PM Detected: http://www.viruslist.com/en/advisories/28083 c:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
10/6/2008 2:05:43 PM Detected: http://www.viruslist.com/en/advisories/28083 D:\i386\Apps\App10224\swflash.ocx
10/6/2008 2:15:30 PM Detected: http://www.viruslist.com/en/advisories/26027 D:\i386\Apps\App17981\comps\aol\flasha.ocx
10/6/2008 2:15:56 PM Detected: not-a-virus:AdWare.Win32.SearchIt.t D:\i386\Apps\App17981\comps\toolbar\toolbr.exe/WiseSFXDropper/WISE0015.BIN
10/6/2008 2:16:03 PM Untreated: not-a-virus:AdWare.Win32.SearchIt.t D:\i386\Apps\App17981\comps\toolbar\toolbr.exe/WiseSFXDropper/WISE0015.BIN Postponed
10/6/2008 2:21:18 PM Task completed
Full Scan: completed 10/6/2008 2:21:18 PM (events: 25, objects: 275423, time: 01:49:48)
10/6/2008 11:10:41 PM Task started



Go to the top of the page