1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Is my computer clean?

Discussion in 'Malware and Virus Removal Archive' started by Carmel, 2009/09/07.

  1. 2009/09/07
    Carmel

    Carmel Inactive Thread Starter

    Joined:
    2009/09/07
    Messages:
    6
    Likes Received:
    0
    [Resolved] Is my computer clean?

    Over the last couple weeks I've had several virus/malware attacks - I have used spybot, malwarebytes, and mcafee to treat. They have recently all ran clean, however, I'm not sure exactly what has fixed the problem. I am attaching the output from the dds program. Is my computer now safe? Is it OK to use it while someone looks at these logs?


    DDS (Ver_09-07-30.01) - NTFSx86
    Run by Carmel Price at 19:55:43.07 on Mon 09/07/2009
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.445 [GMT -4:00]

    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\StorageSync\StrgSync.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Network Associates\Common Framework\udaterui.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Network Associates\Common Framework\McTray.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    F:\Malwarestuff\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
    BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: BellSouth Toolbar: {4e7bd74f-2b8d-469e-8cbd-fd60bb9aae2e} - c:\progra~1\blstoo~1\BLSTOO~1.DLL
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    uRun: [Google Update] "c:\documents and settings\carmel price\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
    mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\HPWebcam.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\carmel~1\applic~1\mozilla\firefox\profiles\uthf9yaj.default\
    FF - plugin: c:\documents and settings\carmel price\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\documents and settings\carmel price\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\carmel price\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: XUL Cache: {39AEC564-97EB-4804-9249-5D6FF567AF8D} - c:\documents and settings\carmel price\local settings\application data\{39AEC564-97EB-4804-9249-5D6FF567AF8D}
    FF - HiddenExtension: XUL Cache: {3E997D33-5DCB-468B-B4D7-8763DF92B170} - c:\windows\system32\config\systemprofile\local settings\application data\{3e997d33-5dcb-468b-b4d7-8763df92b170}\

    ============= SERVICES / DRIVERS ===============

    R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-7-16 31816]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2008-3-14 103744]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-7-16 144704]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-7-16 54608]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
    R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-9-12 72936]
    R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-9-12 33960]
    R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-9-12 174952]
    S2 gupdate1c970289362598e;Google Update Service (gupdate1c970289362598e);c:\program files\google\update\GoogleUpdate.exe [2009-1-6 133104]
    S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]

    =============== Created Last 30 ================

    2009-09-04 09:41 <DIR> --dsh--- c:\documents and settings\carmel price\IECompatCache
    2009-09-03 12:11 <DIR> --d----- c:\windows\system32\dllcache\cache
    2009-09-03 12:02 229,888 a------- c:\windows\PEV.exe
    2009-09-03 12:02 161,792 a------- c:\windows\SWREG.exe
    2009-09-03 12:02 98,816 a------- c:\windows\sed.exe
    2009-09-03 12:02 <DIR> --ds---- C:\ComboFix-11
    2009-09-01 10:34 <DIR> --d----- c:\docume~1\carmel~1\applic~1\Malwarebytes
    2009-09-01 10:34 19,096 a------- c:\windows\system32\drivers\mbam.sys
    2009-09-01 10:34 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-01 10:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-09-01 10:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-09-01 10:18 <DIR> --d----- c:\docume~1\carmel~1\applic~1\Windows Search
    2009-08-31 09:57 182,656 a------- c:\windows\system32\dllcache\ndis.sys
    2009-08-21 12:38 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
    2009-08-21 11:34 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-08-19 10:01 <DIR> --d----- c:\program files\UTSecurity
    2009-08-16 16:04 <DIR> --d----- c:\docume~1\carmel~1\applic~1\OverDrive
    2009-08-16 15:52 <DIR> --d----- c:\program files\OverDrive Media Console
    2009-08-12 12:26 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
    2009-08-12 12:26 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

    ==================== Find3M ====================

    2009-08-31 09:57 182,656 a------- c:\windows\system32\dllcache\cache\ndis.sys
    2009-08-31 09:57 182,656 -------- c:\windows\system32\drivers\ndis.sys
    2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
    2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
    2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\cache\mshtml.dll
    2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
    2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
    2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
    2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
    2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
    2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
    2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
    2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
    2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
    2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
    2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
    2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
    2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
    2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
    2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
    2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
    2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
    2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
    2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
    2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
    2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
    2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
    2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
    2009-06-12 08:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
    2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
    2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
    2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
    2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
    2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
    2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
    2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
    2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
    2009-05-12 11:53 360 a------- c:\docume~1\carmel~1\applic~1\wklnhst.dat
    2001-05-24 12:59 162,304 a------- c:\program files\UNWISE.EXE
    2007-01-04 00:03 22 a--sh--- c:\windows\sminst\HPCD.sys

    ============= FINISH: 19:56:42.81 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/4/2007 4:18:24 AM
    System Uptime: 9/7/2009 7:51:22 PM (0 hours ago)

    Motherboard: Quanta | | 30BB
    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U2E1 | 1663/667mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 99 GiB total, 51.391 GiB free.
    D: is FIXED (FAT32) - 12 GiB total, 1.205 GiB free.
    E: is CDROM ()
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\7A78D0009FC000
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\7A78D0009FC000
    Service: NIC1394

    ==== System Restore Points ===================

    RP96: 9/4/2009 10:21:03 AM - System Checkpoint
    RP97: 9/7/2009 11:48:19 AM - System Checkpoint

    ==== Installed Programs ======================


    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.2
    AIO_Scan
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    BellSouth Toolbar 1.0
    Bonjour
    BufferChm
    C6200
    C6200_doccd
    C6200_Help
    CameraDrivers
    CameraUserGuides
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera WIA Driver
    Canon EOS 5D WIA Driver
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.4
    Canon Utilities EOS Utility
    Canon Utilities MyCamera
    Canon Utilities Original Data Security Tools
    Canon Utilities PhotoStitch
    Canon Utilities Picture Style Editor
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities WFT-E1/E2/E3 Utility
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Cards_Calendar_OrderGift_DoMorePlugout
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    Copy
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Customer Experience Enhancement
    CustomerResearchQFolder
    Destination Component
    DeviceDiscovery
    DivX
    dj_taplugin
    dj6940
    DocProc
    DocProcQFolder
    eMusic Download Manager
    eMusic Download Manager 4.1.2
    EndNote X.0.2
    Epi Info
    Fax
    FullDPAppQFolder
    GemMaster Mystic
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    Google Updater
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    HP BatteryCheck 1.00 A7
    HP Customer Participation Program 9.0
    HP Deskjet 6900 series
    HP Help and Support
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Pavilion Webcam
    HP Pavilion Webcam Demo
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Cameras 9.0
    HP Photosmart Essential
    HP Photosmart Essential 2.5
    HP Photosmart Premier Software 6.0
    HP Product Detection
    HP Quick Launch Buttons 6.10 A2
    HP QuickPlay 2.3
    HP Rhapsody
    HP Smart Web Printing
    HP Solution Center 9.0
    HP Update
    HP User Guides 0035
    HP Wireless Assistant 2.00 G2
    hpf_ProductContext
    hpicamDrvQFolder
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HpSdpAppCoreApp
    HPSSupply
    InstantShareDevices
    InstantShareDevicesMFC
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections Drivers
    ISI ResearchSoft - Export Helper
    J2SE Runtime Environment 5.0 Update 6
    LightScribe 1.4.97.1
    LP6940_Help
    LP6940Trb
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee Agent
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Live Add-in 1.4
    Microsoft Office Professional Edition 2003
    Microsoft Office Standard Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Move Media Player
    Mozilla Firefox (3.0.13)
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    muvee autoProducer 5.0
    My HP Games
    NetWaiting
    Office 2003 Trial Assistant
    OptionalContentQFolder
    Otto
    OverDrive Media Console
    PanoStandAlone
    PhotoGallery
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_min
    PSSWCORE
    Pure Networks Network Magic
    QSR N6
    Quicken 2006
    QuickTime
    RandMap
    Readme
    RealPlayer
    Safari
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    SkinsHP1
    Skypeâ„¢ 4.0
    SolutionCenter
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    Sonic_PrimoSDK
    SonicAC3Encoder
    SonicMPEGEncoder
    SPSS 16.0 for Windows
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.4
    Stat/Transfer
    Stata 9
    Status
    StorageSync Backup Software
    Synaptics Pointing Device Driver
    Toolbox
    TrayApp
    Unload
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VideoToolkit01
    Vongo
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Search 4.0
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Service Pack 3
    Wireless Home Network Setup
    Yahoo! Toolbar
    Yahoo! Toolbar for Internet Explorer

    ==== Event Viewer Messages From Past Week ========

    9/3/2009 5:36:55 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
    9/3/2009 12:02:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
    9/2/2009 11:27:53 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    9/2/2009 11:27:53 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/1/2009 9:35:58 AM, error: Service Control Manager [7023] - The HP CUE DeviceDiscovery Service service terminated with the following error: Unspecified error
    9/1/2009 2:08:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    9/1/2009 2:08:23 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/1/2009 2:07:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde PCIIde Pcmcia ViaIde
    9/1/2009 10:34:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    9/1/2009 10:34:18 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    9/1/2009 10:34:18 AM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
    9/1/2009 10:34:18 AM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
    9/1/2009 10:34:18 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/1/2009 10:34:18 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/1/2009 10:34:18 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    9/1/2009 10:34:18 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/1/2009 10:34:18 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/1/2009 10:33:36 AM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    9/1/2009 10:33:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/1/2009 10:33:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    9/1/2009 10:33:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    9/1/2009 10:25:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
    9/1/2009 10:25:09 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/1/2009 10:25:09 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments " " in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
    9/1/2009 10:10:16 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    9/1/2009 10:10:16 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/1/2009 10:10:15 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/1/2009 10:09:57 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

    ==== End Of File ===========================


    Thanks!
    Carmel
     
    Carmel,
    #1
  2. 2009/09/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I can see couple of suspicious files, and one file, which I really don't like:
    c:\windows\SWREG.exe

    Upload following files to http://www.virustotal.com/ for security check:
    - explorer.exe located @ C:\Windows
    - userinit.exe and svchost.exe located @ C:\Windows\System32
    Post scans results.
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/09/07
    Carmel

    Carmel Inactive Thread Starter

    Joined:
    2009/09/07
    Messages:
    6
    Likes Received:
    0
    Thanks for the help. We ran the three requested files, and below are the results.


    File Explorer.exe_ received on 2009.09.07 19:32:05 (UTC)
    Antivirus Version Last Update Result
    a-squared 4.5.0.24 2009.09.07 -
    AhnLab-V3 5.0.0.2 2009.09.07 -
    AntiVir 7.9.1.12 2009.09.07 -
    Antiy-AVL 2.0.3.7 2009.09.07 -
    Authentium 5.1.2.4 2009.09.07 -
    Avast 4.8.1351.0 2009.09.07 -
    AVG 8.5.0.409 2009.09.07 -
    BitDefender 7.2 2009.09.07 -
    CAT-QuickHeal 10.00 2009.09.07 -
    ClamAV 0.94.1 2009.09.07 -
    Comodo 2204 2009.09.07 -
    DrWeb 5.0.0.12182 2009.09.07 -
    eSafe 7.0.17.0 2009.09.06 -
    eTrust-Vet 31.6.6724 2009.09.07 -
    F-Prot 4.5.1.85 2009.09.07 -
    F-Secure 8.0.14470.0 2009.09.07 -
    Fortinet 3.120.0.0 2009.09.07 -
    GData 19 2009.09.07 -
    Ikarus T3.1.1.72.0 2009.09.07 -
    Jiangmin 11.0.800 2009.09.07 -
    K7AntiVirus 7.10.837 2009.09.05 -
    Kaspersky 7.0.0.125 2009.09.07 -
    McAfee 5734 2009.09.07 -
    McAfee+Artemis 5734 2009.09.07 -
    McAfee-GW-Edition 6.8.5 2009.09.07 -
    Microsoft 1.5005 2009.09.07 -
    NOD32 4403 2009.09.07 -
    Norman 6.01.09 2009.09.07 -
    nProtect 2009.1.8.0 2009.09.07 -
    Panda 10.0.2.2 2009.09.07 -
    PCTools 4.4.2.0 2009.09.07 -
    Prevx 3.0 2009.09.07 -
    Rising 21.46.04.00 2009.09.07 -
    Sophos 4.45.0 2009.09.07 -
    Sunbelt 3.2.1858.2 2009.09.07 -
    Symantec 1.4.4.12 2009.09.07 -
    TheHacker 6.3.4.3.396 2009.09.04 -
    TrendMicro 8.950.0.1094 2009.09.07 -
    VBA32 3.12.10.10 2009.09.06 -
    ViRobot 2009.9.7.1921 2009.09.07 -
    VirusBuster 4.6.5.0 2009.09.07 -
    Additional information
    File&nbsp;size: 1033728 bytes
    MD5&nbsp;&nbsp;&nbsp;: 12896823fb95bfb3dc9b46bcaedc9923
    SHA1&nbsp;&nbsp;: 9d2bf84874abc5b6e9a2744b7865c193c08d362f
    SHA256: 1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455
    PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x1A55F<br> timedatestamp.....: 0x48025C30 (Sun Apr 13 21:17:04 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 4 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x44C09 0x44E00 6.38 fd89c9ce334764ffdbb62637ad9b5809<br>.data 0x46000 0x1DB4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359<br>.rsrc 0x48000 0xB2268 0xB2400 6.63 95339c37646fa93e3695e06572a21889<br>.reloc 0xFB000 0x374C 0x3800 6.78 ec335057489badbf6d8142b57175fd91<br> <br> ( 0 imports )<br> <br> <br> ( 0 exports )<br>
    TrID&nbsp;&nbsp;: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    ThreatExpert: <a href= "http://www.threatexpert.com/report.aspx?md5=12896823fb95bfb3dc9b46bcaedc9923" target= "_blank ">http://www.threatexpert.com/report.aspx?md5=12896823fb95bfb3dc9b46bcaedc9923</a>
    ssdeep: 12288:HHmcoCUyZtwAvAs4wTCyrPTloHWYUrkf8w0Vnzac1/g/J/vMS:nmfty/wAvN7lrvbkf8w0VnH1/g/J/k
    PEiD&nbsp;&nbsp;: -
    PDFiD&nbsp;: ['-', None, None]
    RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-




    File svchost.exe received on 2009.09.07 17:30:59 (UTC)
    Antivirus Version Last Update Result
    a-squared 4.5.0.24 2009.09.07 -
    AhnLab-V3 5.0.0.2 2009.09.07 -
    AntiVir 7.9.1.8 2009.09.07 -
    Antiy-AVL 2.0.3.7 2009.09.07 -
    Authentium 5.1.2.4 2009.09.07 -
    Avast 4.8.1351.0 2009.09.07 -
    AVG 8.5.0.409 2009.09.07 -
    BitDefender 7.2 2009.09.07 -
    CAT-QuickHeal 10.00 2009.09.07 -
    ClamAV 0.94.1 2009.09.07 -
    Comodo 2204 2009.09.07 -
    DrWeb 5.0.0.12182 2009.09.07 -
    eSafe 7.0.17.0 2009.09.06 -
    eTrust-Vet 31.6.6724 2009.09.07 -
    F-Prot 4.5.1.85 2009.09.07 -
    F-Secure 8.0.14470.0 2009.09.07 -
    Fortinet 3.120.0.0 2009.09.07 -
    GData 19 2009.09.07 -
    Ikarus T3.1.1.72.0 2009.09.07 -
    Jiangmin 11.0.800 2009.09.07 -
    K7AntiVirus 7.10.837 2009.09.05 -
    Kaspersky 7.0.0.125 2009.09.07 -
    McAfee 5734 2009.09.07 -
    McAfee+Artemis 5734 2009.09.07 -
    McAfee-GW-Edition 6.8.5 2009.09.07 -
    Microsoft 1.5005 2009.09.07 -
    NOD32 4403 2009.09.07 -
    Norman 6.01.09 2009.09.07 -
    nProtect 2009.1.8.0 2009.09.07 -
    Panda 10.0.2.2 2009.09.07 -
    PCTools 4.4.2.0 2009.09.07 -
    Prevx 3.0 2009.09.07 -
    Rising 21.46.04.00 2009.09.07 -
    Sophos 4.45.0 2009.09.07 -
    Sunbelt 3.2.1858.2 2009.09.07 -
    Symantec 1.4.4.12 2009.09.07 -
    TheHacker 6.3.4.3.396 2009.09.04 -
    TrendMicro 8.950.0.1094 2009.09.07 -
    VBA32 3.12.10.10 2009.09.06 -
    ViRobot 2009.9.7.1921 2009.09.07 -
    VirusBuster 4.6.5.0 2009.09.07 -
    Additional information
    File&nbsp;size: 14336 bytes
    MD5&nbsp;&nbsp;&nbsp;: 27c6d03bcdb8cfeb96b716f3d8be3e18
    SHA1&nbsp;&nbsp;: 49083ae3725a0488e0a8fbbe1335c745f70c4667
    SHA256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
    PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x2509<br> timedatestamp.....: 0x48025BC0 (Sun Apr 13 21:15:12 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x2C00 0x2C00 6.29 f6589e1ed3da6afefb0b4294d9ff7f2e<br>.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2<br>.rsrc 0x5000 0x408 0x600 2.51 dcede0c303bbb48c6875eb64477e5882<br> <br> ( 0 imports )<br> <br> <br> ( 0 exports )<br>
    TrID&nbsp;&nbsp;: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    ThreatExpert: <a href= "http://www.threatexpert.com/report.aspx?md5=27c6d03bcdb8cfeb96b716f3d8be3e18" target= "_blank ">http://www.threatexpert.com/report.aspx?md5=27c6d03bcdb8cfeb96b716f3d8be3e18</a>
    ssdeep: 384:IDvi+JmG6yqlCRaJt4RHS5LutGJae7g9VJnpWCNJbW:INcG6xlCRaJKGOA7SHJ
    PEiD&nbsp;&nbsp;: -
    PDFiD&nbsp;: ['-', None, None]
    RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-


    File userinit.exe received on 2009.09.07 21:06:54 (UTC)
    Antivirus Version Last Update Result
    a-squared 4.5.0.24 2009.09.07 -
    AhnLab-V3 5.0.0.2 2009.09.07 -
    AntiVir 7.9.1.12 2009.09.07 -
    Antiy-AVL 2.0.3.7 2009.09.07 -
    Authentium 5.1.2.4 2009.09.07 -
    Avast 4.8.1351.0 2009.09.07 -
    AVG 8.5.0.409 2009.09.07 -
    BitDefender 7.2 2009.09.07 -
    CAT-QuickHeal 10.00 2009.09.07 -
    ClamAV 0.94.1 2009.09.07 -
    Comodo 2204 2009.09.07 -
    DrWeb 5.0.0.12182 2009.09.07 -
    eSafe 7.0.17.0 2009.09.06 -
    eTrust-Vet 31.6.6724 2009.09.07 -
    F-Prot 4.5.1.85 2009.09.07 -
    F-Secure 8.0.14470.0 2009.09.07 -
    Fortinet 3.120.0.0 2009.09.07 -
    GData 19 2009.09.07 -
    Ikarus T3.1.1.72.0 2009.09.07 -
    K7AntiVirus 7.10.837 2009.09.05 -
    Kaspersky 7.0.0.125 2009.09.07 -
    McAfee 5734 2009.09.07 -
    McAfee+Artemis 5734 2009.09.07 -
    McAfee-GW-Edition 6.8.5 2009.09.07 -
    Microsoft 1.5005 2009.09.07 -
    NOD32 4403 2009.09.07 -
    nProtect 2009.1.8.0 2009.09.07 -
    Panda 10.0.2.2 2009.09.07 -
    PCTools 4.4.2.0 2009.09.07 -
    Prevx 3.0 2009.09.07 -
    Rising 21.46.04.00 2009.09.07 -
    Sophos 4.45.0 2009.09.07 -
    Sunbelt 3.2.1858.2 2009.09.07 -
    Symantec 1.4.4.12 2009.09.07 -
    TheHacker 6.3.4.3.396 2009.09.04 -
    TrendMicro 8.950.0.1094 2009.09.07 -
    ViRobot 2009.9.7.1921 2009.09.07 -
    VirusBuster 4.6.5.0 2009.09.07 -
    Additional information
    File&nbsp;size: 26112 bytes
    MD5&nbsp;&nbsp;&nbsp;: a93aee1928a9d7ce3e16d24ec7380f89
    SHA1&nbsp;&nbsp;: 513f8bdf67a5a9e09803cfb61f590b39f2683853
    SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
    PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x54AD<br> timedatestamp.....: 0x480251A8 (Sun Apr 13 20:32:08 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 3 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> .text 0x1000 0x520E 0x5400 5.95 099b53205ad3f1c3b853a5310d08a9b1<br>.data 0x7000 0x14C 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf<br>.rsrc 0x8000 0xB50 0xC00 3.27 bac832e39f87c4f5f640e5d5c6a1c2fc<br> <br> ( 0 imports )<br> <br> <br> ( 0 exports )<br>
    TrID&nbsp;&nbsp;: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
    ThreatExpert: <a href= "http://www.threatexpert.com/report.aspx?md5=a93aee1928a9d7ce3e16d24ec7380f89" target= "_blank ">http://www.threatexpert.com/report.aspx?md5=a93aee1928a9d7ce3e16d24ec7380f89</a>
    ssdeep: 768:0RMJi8jDLIDSAaQFxfftjaLacmkLGKOq:0RMJbDMDSA7FxffJaLaSLG9q
    PEiD&nbsp;&nbsp;: -
    RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<br>-
     
    Carmel,
    #3
  5. 2009/09/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK.

    Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
    • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
    • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select Complete scan.
    • Click the green arrow [​IMG] at the right, and the scan will start.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click File and choose Save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

    NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.



    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #4
  6. 2009/09/08
    Carmel

    Carmel Inactive Thread Starter

    Joined:
    2009/09/07
    Messages:
    6
    Likes Received:
    0
    OK, I ran both Dr.Web CureIt and HijackThis. Log files are posted below. I'm not confident that everything found with DrWeb CureIt was dealt with (moved or deleted). But I did reboot and I did select "Yes to all" when asked. Thanks.


    uninstall.exe;C:\Program Files\blstoolbar;Adware.VMN;;
    InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;;
    SlgClientServicesRedists.exe\data002;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;;
    SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Archive contains infected objects;Moved.;
    inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;
    AOLCINST.EXE\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH\AOLCINST.EXE;Adware.Gdown;;
    AOLCINST.EXE;C:\Program Files\Online Services\Aol\United States\AOL90\COMPS\COACH;Archive contains infected objects;Moved.;
    PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;;
    ComboFix-11.exe\32788R22FWJFW\c.bat;C:\RECYCLER\S-1-5-21-2602931977-3213009426-2391148539-1005\Dc2\ComboFix-11.exe;Probably BATCH.Virus;;
    ComboFix-11.exe;C:\RECYCLER\S-1-5-21-2602931977-3213009426-2391148539-1005\Dc2;Archive contains infected objects;Moved.;
    SP31524.exe/musicnow1.exe\data008;C:\SWSetup\AOLMN\SP31524.exe/musicnow1.exe;Trojan.Click.2093;;
    \musicnow1.exe;C:\SWSetup\AOLMN;Archive contains infected objects;;
    SP31524.exe;C:\SWSetup\AOLMN;Archive contains infected objects;Moved.;
    brandit.exe;C:\SWSetup\BrandIt\Disk1;Probably STPAGE.Trojan;;
    cakemania-setup.exe/data030\data002;C:\SWSetup\HPGame\games\cakemania-setup.exe/data030;Adware.SpywareStorm;;
    data030;C:\SWSetup\HPGame\games;Archive contains infected objects;;
    cakemania-setup.exe;C:\SWSetup\HPGame\games;Archive contains infected objects;Moved.;
    A0033066.exe\data002;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97\A0033066.exe;Adware.SpywareStorm;;
    A0033066.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97;Archive contains infected objects;Moved.;
    A0033067.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97;Trojan.Click.2093;Deleted.;
    A0033068.EXE\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97\A0033068.EXE;Adware.Gdown;;
    A0033068.EXE;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97;Archive contains infected objects;Moved.;
    A0033069.exe\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97\A0033069.exe;Probably BATCH.Virus;;
    A0033069.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97;Archive contains infected objects;Moved.;
    A0033070.exe/musicnow1.exe\data008;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97\A0033070.exe/musicnow1.exe;Trojan.Click.2093;;
    \musicnow1.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97;Archive contains infected objects;;
    A0033070.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97;Archive contains infected objects;Moved.;
    A0033071.exe/data030\data002;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97\A0033071.exe/data030;Adware.SpywareStorm;;
    data030;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97;Archive contains infected objects;;
    A0033071.exe;C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP97;Archive contains infected objects;Moved.;
    mset.exe;C:\WINDOWS\system32\config\systemprofile;Trojan.DownLoad.41506;Deleted.;


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:44:47 PM, on 9/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\StorageSync\StrgSync.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Network Associates\Common Framework\udaterui.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\Program Files\Network Associates\Common Framework\McTray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carmel Price\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Update Service (gupdate1c970289362598e) (gupdate1c970289362598e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

    --
    End of file - 11787 bytes
     
    Carmel,
    #5
  7. 2009/09/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ==============================================================

    Disable TeaTimer, as it'll interfere with the cleaning process:
    Right click Spybot's TeaTimer System Tray Icon.
    Click Exit Spybot-S&D Resident.
    TeaTimer closes.
    NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

    ==============================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    - O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    - O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    - O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    - O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    - O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    - O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    - O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    - O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    - O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carmel Price\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    - O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    - O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    - O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe


    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
     
    broni,
    #6
  8. 2009/09/09
    Carmel

    Carmel Inactive Thread Starter

    Joined:
    2009/09/07
    Messages:
    6
    Likes Received:
    0
    OK - I followed instructions the best I could. I couldn't find the TeaTimer System Tray Icon. But under advanced settings > resident the TeaTimer box was not selected so I proceeded. New HijackThis log posted below. Thanks!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:46:04 AM, on 9/9/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\StorageSync\StrgSync.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Network Associates\Common Framework\udaterui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    C:\Program Files\Network Associates\Common Framework\McTray.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Documents and Settings\Carmel Price\My Documents\Malware\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Update Service (gupdate1c970289362598e) (gupdate1c970289362598e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

    --
    End of file - 9765 bytes
     
    Carmel,
    #7
  9. 2009/09/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean :)

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.

    2. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    3. Restart computer.

    4. Turn System Restore on.

    5. Make sure, Windows Updates are current.

    [SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    8. Run defrag at your convenience.

    9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    10. Please, let me know, how is your computer doing.
     
    broni,
    #8
  10. 2009/09/09
    Carmel

    Carmel Inactive Thread Starter

    Joined:
    2009/09/07
    Messages:
    6
    Likes Received:
    0
    Thank you!!!!
     
    Carmel,
    #9
  11. 2009/09/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
    broni,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...