A couple of days ago, I downloaded a flashplayer to play a file, only to find that it was infected with some virus. Don't know what it is? Tried Norton antivirus scan, but got an error message stating that definitions are outdated. Now, I have pop-ups galore and no web browser functionality (currently using a friends comp). I was able to run Combofix and generate this log. Can you point me in the right direction as to what I need to do to get my comp up and running normally again. Any help will be appreciated.
Combo fix log:
ComboFix 08-12-04.03 - Thi Nguyen 2008-12-04 12:40:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.538 [GMT -8:00]
Running from: E:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Thi Nguyen\My Documents\My Documents.url
c:\documents and settings\Thi Nguyen\My Documents\My Music\My Music.url
c:\documents and settings\Thi Nguyen\My Documents\My Pictures\My Pictures.url
c:\program files\TinyProxy
c:\program files\TinyProxy\tinyproxy.exe
c:\windows\fmark2.dat
c:\windows\system32\351631
c:\windows\system32\351631\351631.dll
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-03 16:25 . 2008-12-03 16:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2008-12-03 16:23 . 2008-12-03 16:23 <DIR> d-------- c:\program files\Trend Micro
2008-12-02 12:14 . 2008-12-02 12:31 <DIR> d-------- c:\program files\AnvTrgrsoftware
2008-12-02 12:14 . 2008-12-04 12:39 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 12:13 . 2008-12-02 16:12 <DIR> d-------- c:\program files\WebMediaViewer
2008-12-02 12:13 . 2008-12-02 12:13 1 ---h----- c:\windows\f49f4daa.dat
2008-12-02 12:12 . 2008-12-02 12:12 22,016 ---h----- c:\windows\ugo02.exe
2008-12-02 12:12 . 2008-12-02 12:12 1 ---h----- c:\windows\frmark2.dat
2008-12-02 12:12 . 2008-12-02 12:12 1 ---h----- c:\windows\bemark2.dat
2008-11-25 14:05 . 2008-12-02 01:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 23:53 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-02 23:53 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-02 20:12 15,360 --s-a-w c:\windows\system32\pbhha.dll
2008-11-25 22:09 --------- d-----w c:\program files\Google
2008-11-24 11:03 --------- d-----w c:\documents and settings\Thi Nguyen\Application Data\Move Networks
2008-10-23 09:22 --------- d-----w c:\documents and settings\Thi Nguyen\Application Data\U3
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
2008-12-04 12:39 37175 --a------ c:\program files\WebMediaViewer\hpmun.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
2008-12-02 03:42 177152 --a------ c:\program files\AnvTrgrsoftware\AnvTrgrWarning.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-04-27 50736]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"AnvTrgr"="c:\program files\AnvTrgrsoftware\AnvTrgr.exe" [2008-12-02 1679360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-27 236544]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 57344]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-12 57344]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2007-07-24 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-15 1398024]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"QuickTime Task"="c:\program files\WebMediaViewer\qttask.exe" [2008-12-02 65693]
"VMware hptray"="c:\program files\WebMediaViewer\hpmon.exe" [2008-12-02 88296]
c:\documents and settings\Thi Nguyen\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-27 24576]
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-05-02 629248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{51e7273d-911a-445a-bf46-bd4b86b0e87b}"= "c:\windows\system32\pbhha.dll" [2008-12-02 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
R2 EEDDE1D810E77F68;EEDDE1D810E77F68;\??\c:\documents and settings\Thi Nguyen\Desktop\EEDDE1D810E77F68\EEDDE1D810E77F68 []
R2 SpotGPSMaxim;Spot GPS Maxim;"c:\program files\CoPilot\Navigator9\App\Spot2741.exe" [2006-03-30 651385]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-03-12 24652]
S2 DCOM Server Process Launcher (DcomLaunch) ;DCOM Server Process Launcher (DcomLaunch) ;c:\program files\tinyproxy\tinyproxy.exe []
S3 spotJ;Spot Software GPS USB Driver;c:\windows\system32\Drivers\spotJ.sys [2006-12-24 34304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83a5c6e1-438a-11dc-94eb-0015c5a60aa1}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d94c757-dbb1-11db-942c-0018f3d68656}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a421ba4b-dd6f-11db-942e-0015c5a60aa1}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -
BHO-{6A26574A-DD6D-4382-8C76-0DF06C478D3A} - c:\windows\system32\351631\351631.dll
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061127
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:9090
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expressto...om/redirect.php
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expressto...om/redirect.php -
c:\windows\Downloaded Program Files\FotkiUploader.ocx - O16 -: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3}
hxxp://images.fotki.com/activex/FotkiUploader.cab
c:\windows\Downloaded Program Files\FotkiUploader.inf
FireFox -: Profile - c:\documents and settings\Thi Nguyen\Application Data\Mozilla\Firefox\Profiles\tbnj6ekn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 12:43:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EEDDE1D810E77F68]
"ImagePath"="\??\c:\documents and settings\Thi Nguyen\Desktop\EEDDE1D810E77F68\EEDDE1D810E77F68"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EEDDE1D810E77F68]
"ImagePath"="\??\c:\documents and settings\Thi Nguyen\Desktop\EEDDE1D810E77F68\EEDDE1D810E77F68"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(672)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2008-12-04 12:44:41
ComboFix-quarantined-files.txt 2008-12-04 20:43:38
Pre-Run: 27,994,263,552 bytes free
Post-Run: 27,979,083,776 bytes free
185 --- E O F --- 2008-04-09 06:03:57
Thanks in advance for your help!