Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help, unknown new 2009, or end of 2008 virus


  • Please log in to reply

#1
Xerowingsx8k

Xerowingsx8k

    New Member

  • Member
  • Pip
  • 2 posts
I have some kind of virus, or malware, or a direct human connection??

basically white and black dots move around my screen slightly up and down such as this

Screen:

/////////

/////////

/////////

/////////

Please help. Norton is useless as usual.

Here is my combofix log and hijackthis log

Combofix:

ComboFix 10-01-04.01 - belthagor 01/07/2010 19:50:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3454.2341 [GMT -8:00]
Running from: c:\users\belthagor\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 03:57 . 2010-01-08 03:57 -------- d-----w- c:\users\belthagor\AppData\Local\temp
2010-01-08 03:57 . 2010-01-08 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-08 00:33 . 2009-12-30 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.024\NAVENG.SYS
2010-01-08 00:33 . 2009-12-30 09:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.024\EECTRL.SYS
2010-01-08 00:33 . 2009-12-30 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.024\CCERASER.DLL
2010-01-08 00:33 . 2009-12-30 09:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.024\ECMSVR32.DLL
2010-01-08 00:33 . 2009-12-30 09:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.024\NAVENG32.DLL
2010-01-08 00:33 . 2009-12-30 09:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.024\NAVEX32A.DLL
2010-01-08 00:33 . 2009-12-30 09:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.024\NAVEX15.SYS
2010-01-08 00:33 . 2009-12-30 09:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100107.024\ERASER.SYS
2010-01-05 21:50 . 2010-01-05 21:50 60928 ----a-w- c:\windows\system32\rakion.sys
2010-01-05 20:38 . 2010-01-05 20:38 -------- d-----w- c:\program files\Softnyx
2010-01-05 10:33 . 2010-01-05 10:33 97 ----a-w- c:\users\belthagor\AppData\Local\fusioncache.dat
2010-01-05 10:33 . 2010-01-05 10:33 -------- d-----w- c:\users\belthagor\AppData\Local\Turbine
2010-01-04 23:58 . 2010-01-04 23:58 -------- d-----w- c:\users\belthagor\AppData\Local\Turbine,_Inc
2010-01-04 23:56 . 2010-01-04 23:56 -------- d-----w- c:\programdata\Turbine
2010-01-04 23:56 . 2010-01-05 11:00 -------- d-----w- c:\program files\Turbine
2010-01-04 23:56 . 2010-01-05 14:08 -------- d-----w- c:\users\belthagor\AppData\Local\ApplicationHistory
2010-01-04 23:53 . 2010-01-04 23:53 -------- d-----w- c:\windows\system32\URTTEMP
2010-01-04 21:56 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSvix86.sys
2010-01-04 21:56 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys
2010-01-04 21:56 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\Scxpx86.dll
2010-01-04 21:56 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSxpx86.dll
2010-01-04 21:56 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSviA64.sys
2010-01-04 21:29 . 2010-01-04 21:29 -------- d-----w- c:\programdata\KingsIsle Entertainment
2010-01-04 19:40 . 2010-01-08 03:41 -------- d-----w- c:\users\belthagor\Tracing
2010-01-04 19:39 . 2010-01-04 19:39 -------- d-----w- c:\program files\Microsoft
2010-01-04 19:39 . 2010-01-04 19:39 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-04 19:39 . 2010-01-04 19:39 -------- d-----w- c:\program files\Windows Live
2010-01-04 19:38 . 2010-01-04 19:38 -------- d-----w- c:\windows\PCHEALTH
2010-01-04 19:36 . 2010-01-04 19:36 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-01 20:51 . 2010-01-01 20:52 -------- d-----w- C:\4 giga flash
2010-01-01 20:43 . 2010-01-01 20:43 -------- d-----w- c:\programdata\NCH Swift Sound
2010-01-01 01:59 . 2010-01-01 01:59 -------- d-----w- c:\users\belthagor\AppData\Local\Macromedia
2010-01-01 01:48 . 2010-01-01 01:48 45056 ----a-r- c:\users\belthagor\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2010-01-01 01:48 . 2010-01-01 01:48 -------- d-----w- c:\windows\system32\QuickTime
2010-01-01 01:48 . 2010-01-01 01:57 -------- d-----w- c:\program files\Common Files\Macromedia
2010-01-01 01:48 . 2010-01-01 01:55 -------- d-----w- c:\program files\Macromedia
2010-01-01 01:47 . 2010-01-01 01:47 -------- d-----w- c:\windows\Downloaded Installations
2009-12-31 13:30 . 2009-08-22 07:21 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-31 01:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-31 01:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-31 01:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-31 01:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-31 01:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-31 01:07 . 2009-12-31 13:30 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-12-31 01:06 . 2009-08-22 07:21 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-12-31 01:06 . 2009-12-31 13:30 -------- d-----w- c:\program files\Symantec
2009-12-31 01:06 . 2009-12-31 13:30 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-31 01:05 . 2009-12-31 01:05 1290592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-12-31 01:05 . 2009-12-31 01:05 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-12-31 01:05 . 2009-12-31 01:05 796016 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-12-31 01:05 . 2010-01-01 00:52 -------- d-----w- c:\windows\system32\drivers\NIS
2009-12-31 01:05 . 2009-12-31 01:05 -------- d-----w- c:\program files\Norton Internet Security
2009-12-31 00:57 . 2009-12-31 01:07 -------- d-----w- c:\programdata\Norton
2009-12-31 00:57 . 2009-12-31 00:57 -------- d-----w- c:\programdata\PCSettings
2009-12-31 00:56 . 2009-12-31 01:05 -------- d-----w- c:\programdata\NortonInstaller
2009-12-31 00:56 . 2009-12-31 00:56 -------- d-----w- c:\program files\NortonInstaller
2009-12-31 00:52 . 2009-12-31 01:03 -------- d-----w- c:\users\belthagor\AppData\Roaming\GetRightToGo
2009-12-30 12:21 . 2009-12-30 12:21 -------- d-----w- c:\users\belthagor\AppData\Local\Mozilla
2009-12-30 03:31 . 2009-12-30 03:31 -------- d-----w- c:\program files\Trend Micro
2009-12-30 00:30 . 2009-12-30 01:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-30 00:30 . 2009-12-30 00:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 00:13 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-12-29 20:33 . 2009-12-29 20:33 -------- d-----w- c:\users\belthagor\AppData\Roaming\IObit
2009-12-29 20:33 . 2009-12-29 20:33 -------- d-----w- c:\program files\IObit
2009-12-29 18:01 . 2009-12-30 00:11 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-28 23:19 . 2009-12-29 02:46 -------- d-----w- c:\program files\Photo to Sketch Pro
2009-12-28 22:43 . 2009-12-28 22:43 -------- d-----w- c:\users\belthagor\AppData\Roaming\AVS4YOU
2009-12-28 22:43 . 2009-12-28 22:43 -------- d-----w- c:\programdata\AVS4YOU
2009-12-28 22:42 . 2009-12-28 22:51 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-12-28 22:42 . 2009-12-28 22:51 -------- d-----w- c:\program files\AVS4YOU
2009-12-28 22:42 . 2008-08-13 18:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-12-28 22:42 . 2008-08-13 18:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-12-28 22:42 . 2008-08-13 18:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-12-28 22:42 . 2008-08-13 18:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-12-28 22:42 . 2008-08-13 18:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-12-28 22:37 . 2009-12-28 22:37 -------- d-----w- c:\users\belthagor\AppData\Local\WinAVI
2009-12-28 22:37 . 2009-12-28 22:37 -------- d-----w- c:\program files\WinAVI Video Converter
2009-12-28 22:33 . 2009-12-28 22:34 -------- d-----w- c:\program files\RM Converter
2009-12-28 20:56 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-28 20:40 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-28 20:40 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-28 20:40 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-28 20:34 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-12-28 20:34 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-12-28 20:34 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-12-28 20:34 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-12-28 20:34 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-12-28 20:34 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-12-28 20:34 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-12-28 20:29 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-12-28 20:29 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-12-28 20:29 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-12-28 20:29 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-12-28 20:29 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-12-28 18:50 . 2008-06-24 22:46 104992 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-12-28 18:49 . 2009-12-28 18:49 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-12-28 18:49 . 2009-12-28 18:49 -------- d-----w- c:\program files\Realtek
2009-12-28 18:49 . 2008-07-04 01:03 2152088 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2009-12-28 18:49 . 2008-07-03 19:27 6266880 ----a-w- c:\windows\RtHDVCpl.exe
2009-12-28 18:49 . 2008-07-03 19:24 725504 ----a-w- c:\windows\system32\RtkPgExt.dll
2009-12-28 18:49 . 2008-04-02 17:27 1196032 ----a-w- c:\windows\RtlUpd.exe
2009-12-28 18:49 . 2008-03-28 18:59 285216 ----a-w- c:\windows\system32\RtkApoApi.dll
2009-12-28 18:49 . 2009-12-28 18:49 315392 ----a-w- c:\windows\HideWin.exe
2009-12-28 18:49 . 2008-03-06 02:07 520192 ----a-w- c:\windows\RtlExUpd.dll
2009-12-28 18:49 . 2009-12-28 18:49 -------- d-----w- c:\users\belthagor\AppData\Roaming\WinBatch
2009-12-28 18:48 . 2009-12-28 18:48 -------- d-----w- c:\users\belthagor\AppData\Local\Hewlett-Packard
2009-12-28 17:02 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-12-28 17:02 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-12-28 17:02 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-12-28 16:57 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-12-28 16:56 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-28 16:56 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-12-28 16:56 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-12-28 16:56 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-12-28 16:56 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-12-28 16:56 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-12-28 16:56 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-12-28 16:56 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-12-28 16:56 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-12-28 16:54 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-12-28 16:53 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-28 16:53 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-28 16:53 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 01:30 . 2008-02-22 02:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 08:01 . 2008-02-22 02:17 -------- d-----w- c:\program files\Microsoft Works
2009-12-31 23:06 . 2008-02-22 02:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-31 13:30 . 2009-12-31 01:06 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-31 13:30 . 2009-12-31 01:06 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-31 01:05 . 2008-02-22 02:29 -------- d-----w- c:\programdata\Symantec
2009-12-28 21:24 . 2008-02-22 02:00 -------- d-----w- c:\programdata\NVIDIA
2009-12-28 21:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-28 21:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-28 19:33 . 2008-02-22 01:56 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-28 18:57 . 2008-02-22 02:10 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-12-27 21:44 . 2009-06-16 03:32 -------- d-----w- c:\program files\DOSBox-0.73
2009-12-27 21:42 . 2009-09-05 17:58 -------- d-----w- c:\program files\Rockstar Games
2009-12-27 21:22 . 2009-06-16 06:38 -------- d-----w- c:\program files\LucasArts
2009-12-27 21:17 . 2009-09-08 03:14 -------- d-----w- c:\program files\music do not delete under penalty of death
2009-12-27 20:30 . 2009-06-15 06:20 -------- d-----w- c:\program files\CINEMA 4D R10
2009-12-27 20:16 . 2009-08-01 01:04 -------- d-----w- c:\program files\KORG Legacy
2009-12-27 20:15 . 2009-07-31 05:22 -------- d-----w- c:\program files\LEGO Company
2009-12-27 20:15 . 2009-06-16 01:33 -------- d-----w- c:\program files\Capcom
2009-12-27 20:05 . 2009-06-15 06:07 -------- d-----w- c:\program files\PhobiaIII
2009-12-27 20:04 . 2009-09-15 20:14 -------- d-----w- c:\program files\mordor 2 character editor
2009-12-27 20:04 . 2009-09-15 20:46 -------- d-----w- c:\program files\Mordor II
2009-12-27 20:03 . 2009-09-18 13:22 -------- d-----w- c:\program files\NCSoft
2009-12-27 20:01 . 2009-06-15 06:20 -------- d-----w- c:\program files\Ahriman's Prophecy
2009-12-27 20:00 . 2009-06-15 20:26 -------- d-----w- c:\program files\Diablo II
2009-12-27 19:57 . 2009-06-15 20:37 -------- d-----w- c:\program files\Hero Editor
2009-12-27 19:56 . 2009-08-22 20:40 -------- d-----w- c:\program files\Hawking
2009-12-27 19:55 . 2009-08-08 03:40 -------- d-----w- c:\program files\Skullbyte
2009-12-27 19:55 . 2009-06-15 06:07 -------- d-----w- c:\program files\PAGA
2009-12-27 19:50 . 2009-08-08 22:40 -------- d-----w- c:\program files\CartmansAuthoritah
2009-12-27 19:07 . 2008-02-22 02:23 -------- d-----w- c:\programdata\Hewlett-Packard
2009-12-27 18:28 . 2008-02-22 02:15 -------- d-----w- c:\program files\Java
2009-12-27 18:11 . 2009-12-27 18:11 1847 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_KJ375AA-ABA s3400f_YC_0Pavi_Q3CR813_E82NAv3PrA1_49_IAcacia_SASUSTek Computer INC._V1.02_B5.14_T080313_WUH1_L409_M3454_J500_7AMD_8Athlon 64 X2 Dual Core_92.7_#080513_N10DE03EF_Z14F12F20_G10DE03D0.MRK
2009-12-27 17:54 . 2009-12-27 17:54 -------- d-sh--we c:\programdata\Templates
2009-12-27 17:54 . 2009-12-27 17:54 -------- d-sh--we c:\programdata\Start Menu
2009-12-27 17:54 . 2009-12-27 17:54 -------- d-sh--we c:\programdata\Favorites
2009-12-27 17:54 . 2009-12-27 17:54 -------- d-sh--we c:\programdata\Documents
2009-12-27 17:54 . 2009-12-27 17:54 -------- d-sh--we c:\programdata\Desktop
2009-11-27 23:06 . 2009-11-27 23:06 2893583 ----a-w- C:\PrintScreen44_Setup.exe
2009-11-22 11:49 . 2009-11-22 11:49 9429952 ----a-w- C:\windows-kb890830-v3.1.exe
2009-11-21 06:40 . 2009-12-30 00:14 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-30 00:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-30 00:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-30 00:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-11 01:06 . 2009-11-11 01:06 15840168 ----a-w- C:\AdobeAIRInstaller.exe
2009-11-08 21:25 . 2009-11-08 21:25 38838232 ----a-w- C:\GoogleSketchUpWEN.exe
2009-11-06 00:44 . 2009-11-06 00:44 2027018 ----a-w- C:\AutoScreenShot.zip
2009-10-29 03:29 . 2009-10-29 03:28 3196328 ----a-w- C:\ventrilo-3.0.5-Windows-i386.exe
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-27 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1007020.00B\SymEFA.sys [12/31/2009 5:30 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys [12/31/2009 5:30 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchpx86.sys [12/31/2009 5:30 AM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSvix86.sys [1/4/2010 1:56 PM 343088]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [12/31/2009 5:30 AM 117640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/29/2009 4:30 PM 1153368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/31/2009 4:07 PM 102448]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [2/21/2008 5:44 PM 464384]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndisv.sys [12/31/2009 5:30 AM 48688]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [12/27/2009 11:43 AM 721904]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [1/4/2010 3:56 PM 271856]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [1/4/2010 3:56 PM 218608]
S3 rak;rak;c:\windows\System32\rakion.sys [1/5/2010 1:50 PM 60928]
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-29 21:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
FF - ProfilePath - c:\users\belthagor\AppData\Roaming\Mozilla\Firefox\Profiles\u7o4hha9.default\
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 19:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-07 19:59:21
ComboFix-quarantined-files.txt 2010-01-08 03:59

Pre-Run: 111,262,023,680 bytes free
Post-Run: 111,323,508,736 bytes free

- - End Of File - - 80686998E7EB2066D7C608D9D0426A87







Hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:27 PM, on 1/7/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6147 bytes
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP