Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Troj/Virtum-Gen and W32/Virtinf-b [RESOLVED]

Started by Comrade Wasabi , Jan 17 2008 04:02 PM

  • This topic is locked This topic is locked

#1
Comrade Wasabi
Posted 17 January 2008 - 04:02 PM

Comrade Wasabi

    New Member

  • Member
  • Pip
  • 4 posts
Well, my new PC from Dell came on Tuesday, and while I was at practice with my band, my dad decided he would go surfing... well, I get home, and the computer is infested with viruses. I installed SpySweeper and SpywareDoctor and ran both; SpywareDoctor is no longer working properly, but I had removed what it found and the following scan came up clean. I ran SpySweeper today and it says that I have both Troj/Virtum-Gen and W32/Virtinf-b.

I've had Virtumondo before and as I recall, it was [bleep], but I can't remember how I eventually got rid of it... so here I am.

I've run ATF Cleaner. I created a system restore point. I ran both SpySweeper and SpywareDoctor and they failed to rid me of these viruses. The Panda ActiveScan ended up in Internet Explorer crashing both times I tried to run it. The first thing I did when I got this computer was go to the Microsoft website and look for any and all updates and installed them; I'm running Windows XP Media Center Edition, and the CD that I got from Dell says that I have "Update Rollup 2"; I don't honestly know if that means I have SP2 or what. I've rebooted my computer too many times to count in the last three days.

So finally, here is my HijackThis log. I just ran this ten minutes ago.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:24 PM, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2080110
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca...html?channel=ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca...html?channel=ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell....s...;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell....s...;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca...html?channel=ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2080110
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddayx.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200435675737
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5740 bytes


When I tried to get an Uninstall List, HijackThis closed immediately when I hit the "Save list..." button. Don't know what's wrong there.

Thanks for whatever help I can get here.
  • 0

Advertisements

#2
sage5
Posted 17 January 2008 - 04:19 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Comrade Wasabi,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
ComboFix

Please leave your PC running, because the infection/re infection happens at restarts.

Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Cheers,

sage5

Edited by sage5, 17 January 2008 - 04:24 PM.

  • 0

#3
Comrade Wasabi
Posted 17 January 2008 - 08:32 PM

Comrade Wasabi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sure thing...

ComboFix 08-01-18.4 - Tanner 2008-01-17 21:25:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2508 [GMT -5:00]
Running from: C:\Documents and Settings\Tanner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Pure Networks\Network Magic\nmapp .exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\CTXFIHLP .EXE
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayx.exe
C:\WINDOWS\system32\drvjulr.dll
C:\WINDOWS\system32\RCX19.tmp
C:\WINDOWS\system32\RCX1F.tmp
C:\WINDOWS\system32\RCX21.tmp
C:\WINDOWS\system32\RCX3E.tmp
C:\WINDOWS\system32\RCXA.tmp
C:\WINDOWS\system32\rqrpppq.dll
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2

<pre>
C:\Program Files\Pure Networks\Network Magic\nmapp .exe ---> QooBox
C:\Program Files\Windows Live\Messenger\MsnMsgr   .Exe ---> QooBox
C:\Program Files\Windows Live\Messenger\MsnMsgr  .Exe ---> MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe ---> MsnMsgr.Exe
C:\WINDOWS\ehome\ehtray .exe ---> QooBox
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\CTXFIHLP .EXE ---> QooBox
</pre>
.
.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-17 21:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 16:49 . 2008-01-17 16:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 16:45 . 2008-01-17 16:45 3,567,928 --a------ C:\32D.tmp
2008-01-17 16:44 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-17 16:35 . 2008-01-17 16:44 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-17 16:35 . 2008-01-17 16:35 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-17 16:35 . 2008-01-17 16:35 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-17 16:35 . 2008-01-17 16:35 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-17 16:31 . 2008-01-17 16:31 338,432 --a------ C:\WINDOWS\system32\RCX1A8.tmp
2008-01-17 16:31 . 2008-01-17 16:31 338,432 --a------ C:\WINDOWS\system32\RCX199.tmp
2008-01-17 16:14 . 2008-01-17 21:27 <DIR> d-------- C:\Program Files\Steam
2008-01-17 16:03 . 2008-01-17 16:03 <DIR> d-------- C:\savcc20
2008-01-17 07:36 . 2008-01-17 07:36 338,432 --a------ C:\WINDOWS\system32\RCX22E.tmp
2008-01-16 22:38 . 2008-01-16 22:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-16 22:38 . 2008-01-16 23:06 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-16 22:38 . 2008-01-16 22:38 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-16 22:38 . 2008-01-16 23:07 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-16 22:25 . 2008-01-16 22:25 <DIR> d-------- C:\WINDOWS\nview
2008-01-16 22:25 . 2008-01-16 22:25 <DIR> d-------- C:\NVIDIA
2008-01-16 22:25 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-16 21:28 . 2008-01-16 21:28 69,536 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-16 19:31 . 2008-01-16 19:31 <DIR> d-------- C:\Program Files\EA GAMES
2008-01-16 19:23 . 2008-01-16 19:23 <DIR> d-------- C:\WINDOWS\Sun
2008-01-16 16:45 . 2008-01-16 16:49 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\Ventrilo
2008-01-16 16:44 . 2008-01-16 16:44 <DIR> d-------- C:\Program Files\Ventrilo
2008-01-16 16:44 . 2008-01-17 16:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:44 . 2008-01-17 16:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 16:41 . 2008-01-16 16:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 15:58 . 2008-01-16 15:58 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-01-16 15:58 . 2008-01-16 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-16 15:58 . 2008-01-16 15:58 218,504 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-01-16 06:07 . 2008-01-16 16:27 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-16 06:07 . 2008-01-16 06:07 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\PC Tools
2008-01-16 06:07 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-16 06:07 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-16 06:07 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-16 06:07 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-16 06:02 . 2008-01-16 06:02 338,432 --a------ C:\WINDOWS\system32\RCX3E7.tmp
2008-01-16 05:39 . 2008-01-16 05:39 338,432 --a------ C:\WINDOWS\system32\RCX24D.tmp
2008-01-15 23:54 . 2008-01-16 05:13 <DIR> d-------- C:\Documents and Settings\Tanner\Contacts
2008-01-15 23:52 . 2008-01-15 23:53 <DIR> d-------- C:\Program Files\Windows Live
2008-01-15 23:52 . 2008-01-15 23:53 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-15 23:52 . 2008-01-15 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-15 23:13 . 2008-01-15 23:13 338,432 --a------ C:\WINDOWS\system32\RCX347.tmp
2008-01-15 22:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-15 22:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-15 22:09 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-15 20:21 . 2008-01-17 16:45 <DIR> d-------- C:\Program Files\iTunes
2008-01-15 20:21 . 2008-01-15 20:21 <DIR> d-------- C:\Program Files\iPod
2008-01-15 20:21 . 2008-01-15 20:21 <DIR> d-------- C:\Program Files\Bonjour
2008-01-15 20:21 . 2008-01-16 16:44 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\Apple Computer
2008-01-15 20:20 . 2008-01-15 22:43 <DIR> d-------- C:\Program Files\QuickTime
2008-01-15 20:20 . 2008-01-15 20:20 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-15 20:20 . 2008-01-15 20:20 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-15 20:20 . 2008-01-15 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 20:20 . 2008-01-15 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-15 20:20 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Program Files\Webroot
2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\Webroot
2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-15 19:56 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-01-15 19:56 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-15 19:56 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-15 19:56 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-15 19:56 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-15 19:39 . 2008-01-15 22:43 90,112 --a------ C:\WINDOWS\UpdReg .EXE
2008-01-15 19:34 . 2008-01-15 19:34 <DIR> d-------- C:\Program Files\MSBuild
2008-01-15 19:33 . 2008-01-15 19:33 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-15 19:24 . 2008-01-15 22:03 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-15 19:24 . 2008-01-15 19:24 <DIR> dr-h----- C:\MSOCache
2008-01-15 19:24 . 2008-01-15 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-15 19:18 . 2008-01-15 19:18 103,424 --a------ C:\WINDOWS\system32\drvjul.dll
2008-01-15 19:09 . 2008-01-15 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-15 19:04 . 2008-01-17 16:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 18:42 . 2008-01-15 18:42 4,128 --a------ C:\INFCACHE.1
2008-01-15 18:41 . 2008-01-15 20:50 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-15 18:35 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 18:32 . 2004-01-23 19:21 65,888 --a------ C:\WINDOWS\system32\DKAAP2TH.HLP
2008-01-15 18:32 . 2004-01-23 19:21 41,984 --a------ C:\WINDOWS\system32\DKAAP2BJ.DLL
2008-01-15 18:32 . 2008-01-15 18:32 1,084 --a------ C:\WINDOWS\DKAAP2DD.ini
2008-01-15 18:31 . 2008-01-15 18:31 <DIR> d-------- C:\Program Files\Dell_HostCD
2008-01-15 18:31 . 2004-01-23 11:57 311,296 --a------ C:\WINDOWS\system32\lexlog.dll
2008-01-15 18:31 . 2004-01-23 19:21 131,072 --a------ C:\WINDOWS\system32\LEXDRVX.DLL
2008-01-15 18:31 . 2004-01-23 19:21 106,496 --a------ C:\WINDOWS\system32\LEXCFI.DLL
2008-01-15 18:31 . 2004-01-23 19:21 65,888 --a------ C:\WINDOWS\system32\DKAAP1TH.HLP
2008-01-15 18:31 . 2004-01-23 19:21 41,984 --a------ C:\WINDOWS\system32\DKAAP1BJ.DLL
2008-01-15 18:31 . 2008-01-15 19:49 2,992 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-01-15 18:31 . 2008-01-15 19:49 785 --a------ C:\WINDOWS\system32\LexFiles.usr
2008-01-15 17:46 . 2008-01-15 17:46 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-15 17:42 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-15 17:41 . 2006-03-20 22:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-01-15 17:35 . 2008-01-15 17:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-15 17:29 . 2008-01-17 16:44 <DIR> d-------- C:\Program Files\mIRC
2008-01-15 17:29 . 2008-01-17 16:45 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\mIRC
2008-01-15 17:23 . 2008-01-15 23:53 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-15 17:23 . 2008-01-15 17:23 <DIR> d-------- C:\Program Files\Pure Networks
2008-01-15 17:23 . 2008-01-15 17:23 <DIR> d-------- C:\Program Files\DIFX
2008-01-15 17:23 . 2008-01-15 17:23 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-01-15 17:23 . 2008-01-15 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 03:56 7,704 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_XPS_XPS720.mrk
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
.
<pre>
----a-w			61,440 2008-01-16 03:43:54  C:\dell\bldbubg .exe
----a-w			17,920 2008-01-16 03:43:53  C:\dell\E-Center\EULALauncher .exe
----a-w			40,048 2008-01-16 03:43:53  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w			81,920 2008-01-16 03:43:51  C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w		   221,184 2008-01-16 03:43:50  C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w		   451,896 2008-01-16 03:43:55  C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
----a-w		   221,184 2008-01-16 03:43:51  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
----a-w			49,152 2008-01-16 03:43:48  C:\Program Files\Creative\Shared Files\Module Loader\DLLML .exe
----a-w			45,056 2008-01-16 03:43:47  C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET .EXE
----a-w		   122,880 2008-01-16 03:43:47  C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel .exe
----a-w		   118,784 2008-01-16 03:43:52  C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
----a-w		   202,544 2008-01-16 03:43:56  C:\Program Files\Dell Support Center\bin\sprtcmd .exe
----a-w			16,384 2008-01-16 03:43:54  C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
----a-w		   267,048 2008-01-17 03:58:49  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   132,496 2008-01-16 03:43:47  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		 1,694,208 2008-01-16 03:43:58  C:\Program Files\Messenger\msmsgs .exe
----a-w			31,016 2008-01-16 03:43:56  C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
----a-w		 1,103,752 2008-01-16 21:08:43  C:\Program Files\Spyware Doctor\pctsTray .exe
----a-w			90,112 2008-01-16 03:43:49  C:\WINDOWS\UpdReg .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-15 23:12 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [ ]
"Steam"="C:\Program Files\Steam\Steam.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 06:00 33280 C:\WINDOWS\system32\rundll32.exe]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 06:00 33280 C:\WINDOWS\system32\rundll32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifccbx]
iifccbx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-11-08 06:30 16384 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2008-01-16 06:02 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
--a------ 2007-10-29 22:04 451896 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"WebrootSpySweeperService"=2 (0x2)
"stllssvr"=3 (0x3)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"NVSvc"=2 (0x2)
"nmservice"=2 (0x2)
"nmraapache"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Bonjour Service"=2 (0x2)

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-01-16 15:58]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-15 00:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 01:20:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-17 12:45:08 C:\WINDOWS\Tasks\wrSpySweeper_L4D77E97C37BC471AB9BE26AE47C0E0CF.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L4D77E97C37BC471AB9BE26AE47C0E0CF
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 21:28:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 21:30:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 02:30:07
.
2008-01-16 03:42:38 --- E O F ---


ComboFix restarted my computer on its own but I didn't touch anything until it finished and gave me the log, saying it was finished.
  • 0

#4
sage5
Posted 17 January 2008 - 11:18 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Comrade Wasabi,


Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\32D.tmp
C:\WINDOWS\system32\RCX1A8.tmp
C:\WINDOWS\system32\RCX199.tmp
C:\WINDOWS\system32\RCX22E.tmp
C:\WINDOWS\system32\RCX3E7.tmp
C:\WINDOWS\system32\RCX24D.tmp
C:\WINDOWS\system32\RCX347.tmp
C:\WINDOWS\system32\drvjul.dll

RENV::
C:\dell\bldbubg .exe
C:\dell\E-Center\EULALauncher .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML .exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET .EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel .exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
C:\Program Files\Dell Support Center\bin\sprtcmd .exe
C:\Program Files\Dell Support Center\gs_agent\custom\dsca .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Spyware Doctor\pctsTray .exe
C:\WINDOWS\UpdReg .EXE

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifccbx]

  • Save this file to the Desktop as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.


    Posted Image

  • After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt

Your log shows you are not running Anti-virus or Firewall software.
These are essential items and need to be loaded before we can continue fixing your PC.

I have listed a couple of free versions of both. Please download and install 1 Anti-virus and 1 Firewall.

Firewalls: Please install one only.
Comodo Firewall Pro or Sunbelt Personal Firewall

Anti-virus: Please install one only:
Avast! Free Edition or AntiVir PersonalEdition Classic

Anti-Virus Tutorials/Manuals:
Avast Tutorial
Avast Manual
Antivir Manual

Please allow the new Anti-virus to run a full System scan, and at the end of the process you should be able to save a scan log.
If the scan report window does not have a Save as Repot Button (or similar), you may be able to highlight the text in the window & copy & paste it to a new Notepad file.
Save it as C:\avscan.txt if you can.

I need you to post me a fresh HijackThis log to confirm correct installation of the Anti-virus and Firewall programs.

Run HijackThis:
  • Select the Run a system scan and save a logfile option. The logfile opens in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
  • Also paste me the text from C:\avscan.txt & Combofix.txt

Cheers,

sage5
  • 0

#5
Comrade Wasabi
Posted 18 January 2008 - 02:55 PM

Comrade Wasabi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I wasn't able to save a log with Avast, but I let it do a boot scan and then did a complete scan as specified in the tutorial.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:08 PM, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell....s...;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell....s...;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2080110
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200435675737
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7217 bytes

Combofix Log:

ComboFix 08-01-18.4 - Tanner 2008-01-18 0:22:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2495 [GMT -5:00]
Running from: C:\Documents and Settings\Tanner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tanner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\32D.tmp
C:\WINDOWS\system32\drvjul.dll
C:\WINDOWS\system32\RCX199.tmp
C:\WINDOWS\system32\RCX1A8.tmp
C:\WINDOWS\system32\RCX22E.tmp
C:\WINDOWS\system32\RCX24D.tmp
C:\WINDOWS\system32\RCX347.tmp
C:\WINDOWS\system32\RCX3E7.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\32D.tmp
C:\WINDOWS\system32\drvjul.dll
C:\WINDOWS\system32\RCX199.tmp
C:\WINDOWS\system32\RCX1A8.tmp
C:\WINDOWS\system32\RCX22E.tmp
C:\WINDOWS\system32\RCX24D.tmp
C:\WINDOWS\system32\RCX347.tmp
C:\WINDOWS\system32\RCX3E7.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-17 21:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 16:49 . 2008-01-17 16:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 16:44 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-17 16:35 . 2008-01-17 16:44 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-17 16:35 . 2008-01-17 16:35 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-17 16:35 . 2008-01-17 16:35 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-17 16:35 . 2008-01-17 16:35 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-17 16:14 . 2008-01-17 21:27 <DIR> d-------- C:\Program Files\Steam
2008-01-17 16:03 . 2008-01-17 16:03 <DIR> d-------- C:\savcc20
2008-01-16 22:38 . 2008-01-16 22:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-16 22:38 . 2008-01-16 23:06 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-16 22:38 . 2008-01-16 22:38 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-16 22:38 . 2008-01-16 23:07 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-16 22:25 . 2008-01-16 22:25 <DIR> d-------- C:\WINDOWS\nview
2008-01-16 22:25 . 2008-01-16 22:25 <DIR> d-------- C:\NVIDIA
2008-01-16 22:25 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-16 21:28 . 2008-01-16 21:28 69,536 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-16 19:31 . 2008-01-16 19:31 <DIR> d-------- C:\Program Files\EA GAMES
2008-01-16 19:23 . 2008-01-16 19:23 <DIR> d-------- C:\WINDOWS\Sun
2008-01-16 16:45 . 2008-01-16 16:49 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\Ventrilo
2008-01-16 16:44 . 2008-01-16 16:44 <DIR> d-------- C:\Program Files\Ventrilo
2008-01-16 16:41 . 2008-01-16 16:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 15:58 . 2008-01-16 15:58 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-01-16 15:58 . 2008-01-16 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-16 15:58 . 2008-01-16 15:58 218,504 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-01-16 06:07 . 2008-01-18 00:22 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-16 06:07 . 2008-01-16 06:07 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\PC Tools
2008-01-16 06:07 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-16 06:07 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-16 06:07 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-16 06:07 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-15 23:54 . 2008-01-16 05:13 <DIR> d-------- C:\Documents and Settings\Tanner\Contacts
2008-01-15 23:52 . 2008-01-15 23:53 <DIR> d-------- C:\Program Files\Windows Live
2008-01-15 23:52 . 2008-01-15 23:53 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-15 23:52 . 2008-01-15 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-15 22:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-15 22:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-15 22:09 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-15 20:21 . 2008-01-18 00:22 <DIR> d-------- C:\Program Files\iTunes
2008-01-15 20:21 . 2008-01-15 20:21 <DIR> d-------- C:\Program Files\iPod
2008-01-15 20:21 . 2008-01-15 20:21 <DIR> d-------- C:\Program Files\Bonjour
2008-01-15 20:21 . 2008-01-16 16:44 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\Apple Computer
2008-01-15 20:20 . 2008-01-15 22:43 <DIR> d-------- C:\Program Files\QuickTime
2008-01-15 20:20 . 2008-01-15 20:20 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-15 20:20 . 2008-01-15 20:20 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-15 20:20 . 2008-01-15 20:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 20:20 . 2008-01-15 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-15 20:20 . 2008-01-15 02:39 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Program Files\Webroot
2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\Webroot
2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-15 19:56 . 2008-01-15 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-15 19:56 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-01-15 19:56 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-15 19:56 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-15 19:56 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-15 19:56 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-15 19:39 . 2008-01-15 22:43 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2008-01-15 19:34 . 2008-01-15 19:34 <DIR> d-------- C:\Program Files\MSBuild
2008-01-15 19:33 . 2008-01-15 19:33 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-15 19:24 . 2008-01-15 22:03 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-15 19:24 . 2008-01-15 19:24 <DIR> dr-h----- C:\MSOCache
2008-01-15 19:24 . 2008-01-15 22:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-15 19:09 . 2008-01-15 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-15 19:04 . 2008-01-17 16:56 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-15 18:42 . 2008-01-15 18:42 4,128 --a------ C:\INFCACHE.1
2008-01-15 18:41 . 2008-01-15 20:50 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-15 18:35 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-15 18:32 . 2004-01-23 19:21 65,888 --a------ C:\WINDOWS\system32\DKAAP2TH.HLP
2008-01-15 18:32 . 2004-01-23 19:21 41,984 --a------ C:\WINDOWS\system32\DKAAP2BJ.DLL
2008-01-15 18:32 . 2008-01-15 18:32 1,084 --a------ C:\WINDOWS\DKAAP2DD.ini
2008-01-15 18:31 . 2008-01-15 18:31 <DIR> d-------- C:\Program Files\Dell_HostCD
2008-01-15 18:31 . 2004-01-23 11:57 311,296 --a------ C:\WINDOWS\system32\lexlog.dll
2008-01-15 18:31 . 2004-01-23 19:21 131,072 --a------ C:\WINDOWS\system32\LEXDRVX.DLL
2008-01-15 18:31 . 2004-01-23 19:21 106,496 --a------ C:\WINDOWS\system32\LEXCFI.DLL
2008-01-15 18:31 . 2004-01-23 19:21 65,888 --a------ C:\WINDOWS\system32\DKAAP1TH.HLP
2008-01-15 18:31 . 2004-01-23 19:21 41,984 --a------ C:\WINDOWS\system32\DKAAP1BJ.DLL
2008-01-15 18:31 . 2008-01-15 19:49 2,992 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-01-15 18:31 . 2008-01-15 19:49 785 --a------ C:\WINDOWS\system32\LexFiles.usr
2008-01-15 17:46 . 2008-01-15 17:46 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-15 17:42 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-15 17:41 . 2006-03-20 22:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-01-15 17:35 . 2008-01-15 17:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-15 17:29 . 2008-01-17 16:44 <DIR> d-------- C:\Program Files\mIRC
2008-01-15 17:29 . 2008-01-17 16:45 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\mIRC
2008-01-15 17:23 . 2008-01-15 23:53 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-15 17:23 . 2008-01-15 17:23 <DIR> d-------- C:\Program Files\Pure Networks
2008-01-15 17:23 . 2008-01-15 17:23 <DIR> d-------- C:\Program Files\DIFX
2008-01-15 17:23 . 2008-01-15 17:23 <DIR> d-------- C:\Program Files\Common Files\Pure Networks Shared
2008-01-15 17:23 . 2008-01-15 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-01-15 17:23 . 2007-09-20 10:16 24,888 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2008-01-15 17:23 . 2007-09-20 10:16 23,864 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2008-01-15 17:10 . 2008-01-15 17:10 <DIR> d---s---- C:\Documents and Settings\Tanner\UserData
2008-01-15 17:08 . 2008-01-09 23:26 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Roxio
2008-01-15 17:08 . 2008-01-09 23:12 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
2008-01-15 17:08 . 2008-01-09 23:25 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Creative
2008-01-15 17:08 . 2008-01-09 23:26 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\Roxio
2008-01-15 17:08 . 2008-01-09 23:12 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\InstallShield
2008-01-15 17:08 . 2008-01-09 23:25 <DIR> d-------- C:\Documents and Settings\Tanner\Application Data\Creative
2008-01-15 17:05 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 11:02 18,944 ----a-w C:\WINDOWS\system32\CTXFIHLP.EXE
2008-01-16 04:12 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-16 04:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-10 03:56 7,704 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_XPS_XPS720.mrk
2007-12-05 06:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 06:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 06:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 06:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-12-05 06:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 06:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 06:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 06:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 06:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 06:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 06:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 06:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 06:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 06:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 06:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 06:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 06:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 06:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 06:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 06:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 06:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 06:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 06:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 06:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 06:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 06:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 06:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 06:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-05 06:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-05 06:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:39 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-17_21.29.58.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-18 02:25:18 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 05:22:21 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 02:25:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 05:22:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 02:25:18 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 05:22:21 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 02:25:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 05:22:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 02:25:18 1,503,232 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 05:22:21 1,527,808 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-18 02:25:18 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 05:22:21 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-17 21:51:22 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-18 02:33:21 53,436 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-17 21:51:22 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-18 02:33:21 381,692 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-15 23:12 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-16 05:53 5724184]
"Steam"="C:\Program Files\Steam\Steam.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 06:00 33280 C:\WINDOWS\system32\rundll32.exe]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2008-01-15 22:43 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-16 22:58 267048]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 06:00 33280 C:\WINDOWS\system32\rundll32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-15 22:43 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2008-01-15 22:43 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2008-01-15 22:43 45056 C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-11-08 06:30 16384 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2008-01-16 06:02 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-01-15 22:43 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-01-15 22:43 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2008-01-15 22:43 17920 C:\Dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2008-01-15 22:43 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-01-16 16:08 1103752 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2008-01-15 22:43 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2008-01-15 22:43 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
--a------ 2007-10-29 22:04 451896 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
--a------ 2008-01-15 22:43 451896 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--a------ 2008-01-15 22:43 118784 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2008-01-15 22:43 221184 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-01-15 22:43 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2008-01-15 22:43 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
--a------ 2008-01-15 22:43 122880 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"WebrootSpySweeperService"=2 (0x2)
"stllssvr"=3 (0x3)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"NVSvc"=2 (0x2)
"nmservice"=2 (0x2)
"nmraapache"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Bonjour Service"=2 (0x2)

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-01-16 15:58]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-15 00:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 01:20:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-17 12:45:08 C:\WINDOWS\Tasks\wrSpySweeper_L4D77E97C37BC471AB9BE26AE47C0E0CF.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L4D77E97C37BC471AB9BE26AE47C0E0CF
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 00:23:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 0:23:25
ComboFix-quarantined-files.txt 2008-01-18 05:23:23
ComboFix2.txt 2008-01-18 02:30:11
.
2008-01-16 03:42:38 --- E O F ---
  • 0

#6
sage5
Posted 18 January 2008 - 06:24 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Comrade Wasabi,


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Clean up Registry with a Reg file:
  • Please open a new Notepad file by clicking Start\All Programs\Accessories\Notepad
  • Copy the text from the following Code box, by highlighting all the text and right click, Select Copy. (or use the Ctrl+C keyboard shortcut)
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  • Paste it into Notepad. Right click in the window and select Paste. (or use Ctrl+V)
  • Save the file to the Desktop, make sure Type is All Files, and name it Fixreg.reg
  • Double click on the file created and click Yes when asked to merge the information into the Registry


Make sure Windows XP is set to show all files:
  • Click Start > My Computer.
  • On the Tools menu, click Folder Options.
  • On the View tab:
    • Uncheck Hide extensions for known file types.
    • Uncheck Hide protected operating system files.
    • Under Hidden files and folders click Show hidden files and folders.
  • You will see a warning message, click Yes.
  • Click Apply.
  • Click OK.


Reboot into Safe Mode:
  • Restart your Computer
  • As soon as it starts to boot up, tap your F8 key repeatedly.
  • This should bring up the Windows Advanced Options Menu.
  • Use your arrow keys to select Safe Mode and click the Enter key.


Remove folders & files:
  • Using Windows Explorer, (to get there right-click your Start button and go to "Explore"), delete these files, (if present):
    C:\WINDOWS\system32\drivers\1028_Dell_XPS_XPS720.mrk


Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
Please include a note to tell me how your PC is running now.

Cheers,

sage5

Edited by sage5, 18 January 2008 - 06:26 PM.

  • 0

#7
Comrade Wasabi
Posted 18 January 2008 - 07:22 PM

Comrade Wasabi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:41 PM, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell....s...;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell....s...;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2080110
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200435675737
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7192 bytes

To be honest, I wasn't experiencing any symptoms that I can confirm were the result of the virus. I was trying to download a game via Steam and it was stalling repeatedly (though other games downloaded through Steam worked fine) so I ran the scan and found the viruses.

Thanks for your help on this.
  • 0

#8
sage5
Posted 18 January 2008 - 08:42 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi Comrade Wasabi

Congratulations, your new log looks clear, so we can now deal with some final clean up jobs.

Clean out cookies, temp files etc:
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Time for some housekeeping:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    Posted Image
  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.


To Clear Restore points, please do the following:
  • Go to Start > Settings > Control Panel.
  • Double-click the System icon.
    • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the System Restore tab.
  • Put a check by Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.
After reboot, you must turn System Restore back on:
  • Go back to the Troubleshooting tab.
  • UNcheck Disable System Restore.
  • Click Apply, OK, OK. Click Yes when you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
AVG Anti-Spyware is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Antivir PersonalEdition Classic and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5
  • 0

#9
sage5
Posted 31 January 2008 - 06:29 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP