Jump to content

DTakeMoney

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by DTakeMoney

  1. DTakeMoney
    Done. A full Nortan scan came up with just a tracking cookie; not the metajuan. I'm still getting the popups even after that. So I guess it is a glitch. =] I just remembered I read something a weekish ago about someone having the same Norton Pop Ups and I think they said it was just a glitch too. I guess that's it then, thanks ALOT for the saving my computer, miekiemoes!
  2. DTakeMoney
    Here you go. ComboFix 09-08-10.06 - Dan 08/13/2009 10:38.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1327 [GMT -4:00] Running from: c:\documents and settings\Dan\Desktop\abc.exe Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\test.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_wjysofqm ((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))))) . 2009-08-13 01:13 . 2004-08-03 23:56 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-08-13 00:20 . 2009-08-13 14:10 -------- d-----w- c:\documents and settings\Dan\Tracing 2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Microsoft 2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-08-13 00:15 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live 2009-08-13 00:13 . 2009-08-13 00:13 -------- d-----w- c:\program files\Common Files\Windows Live 2009-08-12 23:37 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG.SYS 2009-08-12 23:37 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX15.SYS 2009-08-12 23:37 . 2009-05-23 03:13 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\EECTRL.SYS 2009-08-12 23:37 . 2009-05-23 03:13 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ERASER.SYS 2009-08-12 23:37 . 2009-05-23 03:13 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG32.DLL 2009-08-12 23:37 . 2009-05-23 03:13 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX32A.DLL 2009-08-12 23:37 . 2009-05-23 03:13 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ECMSVR32.DLL 2009-08-12 23:37 . 2009-05-23 03:13 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\CCERASER.DLL 2009-08-12 18:19 . 2009-06-12 12:31 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe 2009-08-12 18:19 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe 2009-08-12 18:19 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll 2009-08-12 18:19 . 2009-06-10 14:13 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll 2009-08-12 18:19 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll 2009-08-12 18:19 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-12 18:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-12 05:39 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys 2009-08-12 05:39 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys 2009-08-12 05:39 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll 2009-08-12 05:39 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll 2009-08-12 05:39 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys 2009-08-11 04:21 . 2009-08-11 04:21 528088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-08-11 03:50 . 2009-08-11 04:14 64597 ----a-w- c:\windows\War3Unin.dat 2009-08-11 03:50 . 2009-08-11 03:55 2829 ----a-w- c:\windows\War3Unin.pif 2009-08-11 03:50 . 2009-08-11 03:55 139264 ----a-w- c:\windows\War3Unin.exe 2009-08-11 03:42 . 2009-08-13 05:48 -------- d-----w- c:\program files\Warcraft III 2009-08-11 03:31 . 2007-08-30 12:00 244608 ----a-w- c:\windows\system32\drivers\c2scsi.sys 2009-08-11 03:21 . 2009-08-11 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-08-11 03:21 . 2009-08-11 15:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-08-11 02:46 . 2009-08-11 02:46 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-11 02:46 . 2009-08-11 03:26 -------- d-----w- c:\documents and settings\Dan\Application Data\DAEMON Tools Lite 2009-08-08 16:21 . 2009-08-08 16:21 -------- d-sh--w- C:\found.000 2009-08-07 18:04 . 2009-08-07 18:04 -------- d-s---w- C:\Combo-Fix 2009-08-07 06:26 . 2009-08-07 06:26 -------- d-----w- C:\381af0e9803ba69753 2009-08-07 06:25 . 2009-08-07 15:55 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-07 04:55 . 2009-08-07 04:55 -------- d-----w- c:\program files\Trend Micro 2009-08-07 04:54 . 2009-08-07 04:54 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-05 23:10 . 2009-08-05 23:10 -------- d-----w- c:\program files\Haali 2009-08-05 22:21 . 2009-08-12 23:23 -------- d-----w- C:\ConverterOutput 2009-08-05 22:21 . 2009-02-26 20:34 94650 ----a-w- c:\windows\system32\HKCU_GNU.reg 2009-08-05 22:21 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg 2009-08-05 22:21 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll 2009-08-05 22:21 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2009-08-05 22:21 . 2008-02-04 01:26 364544 ----a-w- c:\windows\system32\cdg.dll 2009-08-05 22:21 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll 2009-08-05 22:21 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg 2009-08-05 22:21 . 2009-08-05 22:21 -------- d-----w- c:\program files\Cucusoft 2009-08-05 21:36 . 2009-08-13 14:43 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc 2009-08-05 21:35 . 2009-08-05 21:35 -------- d-----w- c:\program files\VideoLAN 2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Temp 2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-08-05 18:47 . 2009-08-05 18:47 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Real 2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Common Files\xing shared 2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Real 2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-08-02 06:32 . 2009-08-02 06:33 -------- d-----w- c:\documents and settings\Dan\Application Data\Antispyware 2009-08-02 02:35 . 2009-08-02 02:35 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes 2009-08-02 02:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-02 02:24 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-02 02:24 . 2009-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- c:\documents and settings\Dan\DoctorWeb 2009-08-01 21:31 . 2009-08-07 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----r- c:\program files\Norton Support 2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec 2009-08-01 20:31 . 2009-08-02 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\13377654 2009-07-30 23:48 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys 2009-07-30 23:48 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys 2009-07-30 23:48 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll 2009-07-30 23:48 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll 2009-07-30 23:48 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys 2009-07-29 15:11 . 2009-06-29 16:23 17408 -c----w- c:\windows\system32\dllcache\corpol.dll 2009-07-22 05:51 . 2009-07-22 05:51 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Yahoo 2009-07-22 05:49 . 2009-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-07-15 18:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2009-07-15 18:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-13 14:45 . 2009-06-13 03:27 -------- d-----w- c:\documents and settings\Dan\Application Data\LimeWire 2009-08-13 14:45 . 2009-03-10 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic 2009-08-09 14:27 . 2009-04-03 21:29 -------- d-----w- c:\program files\Yahoo! 2009-08-08 21:17 . 2009-03-10 19:21 41264 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 18:47 . 2009-04-03 21:29 -------- d-----w- c:\program files\Common Files\Real 2009-08-05 18:44 . 2009-03-10 19:16 -------- d-----w- c:\program files\Google 2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 21:03 . 2009-08-01 21:07 170818 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat 2009-07-18 04:28 . 2009-05-01 02:54 -------- d-----w- c:\documents and settings\Dan\Application Data\Azureus 2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 04:31 . 2009-07-17 01:16 28932 ----a-w- c:\windows\Fonts\Rmnce_fatal_Srif.ttf 2009-07-14 03:43 . 2007-06-24 07:41 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys 2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll 2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll 2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys 2009-07-11 03:49 . 2009-03-10 20:01 -------- d-----w- c:\documents and settings\Dan\Application Data\Vso 2009-07-10 22:50 . 2009-07-10 20:40 -------- d-----w- c:\documents and settings\Dan\Application Data\Audacity 2009-07-08 19:14 . 2009-07-08 19:14 -------- d-----w- c:\program files\DivX 2009-06-29 16:23 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:23 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:23 . 2007-06-24 07:41 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-27 21:51 . 2009-06-27 21:51 -------- d-----w- c:\program files\Linksys 2009-06-25 15:17 . 2009-03-10 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-24 18:37 . 2009-06-24 18:38 20044 ----a-w- c:\windows\Fonts\YolksEmoticons.otf 2009-06-24 00:40 . 2009-06-24 00:40 -------- d-----w- c:\documents and settings\Dan\Application Data\WindSolutions 2009-06-23 03:46 . 2009-06-23 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-06-23 03:45 . 2009-06-23 03:45 -------- d-----w- c:\program files\Pando Networks 2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iTunes 2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iPod 2009-06-19 18:59 . 2009-03-10 20:43 -------- d-----w- c:\program files\Common Files\Apple 2009-06-19 18:58 . 2009-03-10 20:14 -------- d-----w- c:\program files\Bonjour 2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\program files\QuickTime 2009-06-19 18:55 . 2009-03-10 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-19 18:52 . 2009-06-19 18:52 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-16 14:36 . 2007-06-24 07:40 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2007-06-24 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-13 03:25 . 2009-06-13 03:26 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-13 03:25 . 2009-06-13 03:25 152576 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\jre1.6.0_11\lzma.dll 2009-06-12 17:01 . 2009-07-17 01:16 34156 ----a-w- c:\windows\Fonts\CaviarDreams_Bold.ttf 2009-06-12 17:01 . 2009-07-17 01:16 35124 ----a-w- c:\windows\Fonts\CaviarDreams.ttf 2009-06-12 12:31 . 2004-08-03 23:56 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2005-05-10 23:51 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-03 23:56 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2009-03-10 19:53 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2007-06-24 07:40 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 15:42 . 2009-06-19 18:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-05 15:42 . 2009-03-10 20:43 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-03 19:09 . 2007-06-24 07:39 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-05-23 03:13 . 2009-05-23 03:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-05-23 03:13 . 2009-05-23 03:13 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-23 03:13 . 2009-05-23 03:14 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2009-05-23 03:13 . 2009-05-23 03:13 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-05-23 03:13 . 2009-05-23 03:13 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-05-23 03:13 . 2009-05-23 03:13 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-13_04.31.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-13 14:45 . 2009-08-13 14:45 16384 c:\windows\Temp\Perflib_Perfdata_890.dat + 2009-08-13 14:45 . 2009-08-13 14:45 16384 c:\windows\Temp\Perflib_Perfdata_2cc.dat + 2009-08-13 14:44 . 2009-08-13 14:44 16384 c:\windows\Temp\Perflib_Perfdata_240.dat + 2009-08-13 14:42 . 2009-08-13 14:42 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-13 14:42 . 2009-08-13 14:42 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-08-13 14:42 . 2009-08-13 14:42 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT + 2009-08-13 14:42 . 2009-08-13 14:42 233472 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-13 14:42 . 2009-08-13 14:42 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-08-13 14:42 . 2009-08-13 14:42 6942720 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408] "cdloader"="c:\documents and settings\Dan\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "HostManager"="c:\program files\Common Files\AOL\1236714453\ee\AOLSoftware.exe" [2008-11-06 41264] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112] "CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\Dan\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1236714453\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.5\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Documents and Settings\\Dan\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58683:TCP"= 58683:TCP:Pando Media Booster "58683:UDP"= 58683:UDP:Pando Media Booster "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/22/2009 11:13 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/22/2009 11:13 PM 258608] R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [8/10/2009 11:31 PM 244608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/22/2009 11:13 PM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/12/2009 1:39 AM 276344] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/22/2009 11:13 PM 115560] R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [6/27/2009 5:51 PM 53307] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2009 12:33 PM 101936] S2 gupdate1ca15fcb186a094;Google Update Service (gupdate1ca15fcb186a094);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 2:43 PM 133104] S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088] S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744] S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480] S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840] S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848] . Contents of the 'Scheduled Tasks' folder 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43] 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://69.136.66.28:227/DVROcxEx.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-13 10:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2328) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\documents and settings\Dan\Desktop\New Folder\a2service.exe c:\program files\Common Files\aol\acs\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Linksys\WUSB300N\WUSB300N.exe c:\windows\system32\WgaTray.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-08-13 10:51 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-13 14:51 ComboFix2.txt 2009-08-13 04:33 ComboFix3.txt 2009-08-07 16:42 Pre-Run: 73,029,353,472 bytes free Post-Run: 72,913,727,488 bytes free 292 --- E O F --- 2009-08-13 01:14
  3. DTakeMoney
    Here's the Norton thing about my infection. Everything in the Details box is the same thing, all of them says "globalroot\systemroot\system32\uactoligappot.dell. There was only 8ish affected files when I first got the infection (Didn't use Limewire at all during that time).
  4. DTakeMoney
    Here's the new Combofix log; and when my norton finishes scanning, I'll post a pic of the info/location/etc of the trojan. =] ComboFix 09-08-10.06 - Dan 08/13/2009 0:27.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1309 [GMT -4:00] Running from: c:\documents and settings\Dan\Desktop\abc.exe AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\test.txt . ((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))))) . 2009-08-13 01:13 . 2004-08-03 23:56 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-08-13 00:20 . 2009-08-13 04:17 -------- d-----w- c:\documents and settings\Dan\Tracing 2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Microsoft 2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-08-13 00:15 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live 2009-08-13 00:13 . 2009-08-13 00:13 -------- d-----w- c:\program files\Common Files\Windows Live 2009-08-12 23:37 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG.SYS 2009-08-12 23:37 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX15.SYS 2009-08-12 23:37 . 2009-05-23 03:13 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\EECTRL.SYS 2009-08-12 23:37 . 2009-05-23 03:13 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ERASER.SYS 2009-08-12 23:37 . 2009-05-23 03:13 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG32.DLL 2009-08-12 23:37 . 2009-05-23 03:13 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX32A.DLL 2009-08-12 23:37 . 2009-05-23 03:13 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ECMSVR32.DLL 2009-08-12 23:37 . 2009-05-23 03:13 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\CCERASER.DLL 2009-08-12 18:19 . 2009-06-12 12:31 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe 2009-08-12 18:19 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe 2009-08-12 18:19 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll 2009-08-12 18:19 . 2009-06-10 14:13 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll 2009-08-12 18:19 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll 2009-08-12 18:19 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-12 18:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-12 05:39 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys 2009-08-12 05:39 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys 2009-08-12 05:39 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll 2009-08-12 05:39 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll 2009-08-12 05:39 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys 2009-08-11 04:21 . 2009-08-11 04:21 528088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-08-11 03:50 . 2009-08-11 04:14 64597 ----a-w- c:\windows\War3Unin.dat 2009-08-11 03:50 . 2009-08-11 03:55 2829 ----a-w- c:\windows\War3Unin.pif 2009-08-11 03:50 . 2009-08-11 03:55 139264 ----a-w- c:\windows\War3Unin.exe 2009-08-11 03:42 . 2009-08-12 22:19 -------- d-----w- c:\program files\Warcraft III 2009-08-11 03:31 . 2007-08-30 12:00 244608 ----a-w- c:\windows\system32\drivers\c2scsi.sys 2009-08-11 03:21 . 2009-08-11 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-08-11 03:21 . 2009-08-11 15:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-08-11 02:46 . 2009-08-11 02:46 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-11 02:46 . 2009-08-11 03:26 -------- d-----w- c:\documents and settings\Dan\Application Data\DAEMON Tools Lite 2009-08-08 16:21 . 2009-08-08 16:21 -------- d-sh--w- C:\found.000 2009-08-07 18:04 . 2009-08-07 18:04 -------- d-s---w- C:\Combo-Fix 2009-08-07 06:26 . 2009-08-07 06:26 -------- d-----w- C:\381af0e9803ba69753 2009-08-07 06:25 . 2009-08-07 15:55 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-07 04:55 . 2009-08-07 04:55 -------- d-----w- c:\program files\Trend Micro 2009-08-07 04:54 . 2009-08-07 04:54 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-05 23:10 . 2009-08-05 23:10 -------- d-----w- c:\program files\Haali 2009-08-05 22:21 . 2009-08-12 23:23 -------- d-----w- C:\ConverterOutput 2009-08-05 22:21 . 2009-02-26 20:34 94650 ----a-w- c:\windows\system32\HKCU_GNU.reg 2009-08-05 22:21 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg 2009-08-05 22:21 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll 2009-08-05 22:21 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2009-08-05 22:21 . 2008-02-04 01:26 364544 ----a-w- c:\windows\system32\cdg.dll 2009-08-05 22:21 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll 2009-08-05 22:21 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg 2009-08-05 22:21 . 2009-08-05 22:21 -------- d-----w- c:\program files\Cucusoft 2009-08-05 21:36 . 2009-08-11 03:22 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc 2009-08-05 21:35 . 2009-08-05 21:35 -------- d-----w- c:\program files\VideoLAN 2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Temp 2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-08-05 18:47 . 2009-08-05 18:47 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Real 2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Common Files\xing shared 2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Real 2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-08-02 06:32 . 2009-08-02 06:33 -------- d-----w- c:\documents and settings\Dan\Application Data\Antispyware 2009-08-02 02:35 . 2009-08-02 02:35 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes 2009-08-02 02:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-02 02:24 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-02 02:24 . 2009-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- c:\documents and settings\Dan\DoctorWeb 2009-08-01 21:31 . 2009-08-07 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----r- c:\program files\Norton Support 2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec 2009-08-01 20:31 . 2009-08-02 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\13377654 2009-07-30 23:48 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys 2009-07-30 23:48 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys 2009-07-30 23:48 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll 2009-07-30 23:48 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll 2009-07-30 23:48 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys 2009-07-29 15:11 . 2009-06-29 16:23 17408 -c----w- c:\windows\system32\dllcache\corpol.dll 2009-07-22 05:51 . 2009-07-22 05:51 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Yahoo 2009-07-22 05:49 . 2009-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-07-15 18:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2009-07-15 18:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-13 04:20 . 2009-06-13 03:27 -------- d-----w- c:\documents and settings\Dan\Application Data\LimeWire 2009-08-13 04:16 . 2009-03-10 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic 2009-08-09 14:27 . 2009-04-03 21:29 -------- d-----w- c:\program files\Yahoo! 2009-08-08 21:17 . 2009-03-10 19:21 41264 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 18:47 . 2009-04-03 21:29 -------- d-----w- c:\program files\Common Files\Real 2009-08-05 18:44 . 2009-03-10 19:16 -------- d-----w- c:\program files\Google 2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-01 21:03 . 2009-08-01 21:07 170818 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat 2009-07-18 04:28 . 2009-05-01 02:54 -------- d-----w- c:\documents and settings\Dan\Application Data\Azureus 2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 04:31 . 2009-07-17 01:16 28932 ----a-w- c:\windows\Fonts\Rmnce_fatal_Srif.ttf 2009-07-14 03:43 . 2007-06-24 07:41 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys 2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys 2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll 2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll 2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys 2009-07-11 03:49 . 2009-03-10 20:01 -------- d-----w- c:\documents and settings\Dan\Application Data\Vso 2009-07-10 22:50 . 2009-07-10 20:40 -------- d-----w- c:\documents and settings\Dan\Application Data\Audacity 2009-07-08 19:14 . 2009-07-08 19:14 -------- d-----w- c:\program files\DivX 2009-06-29 16:23 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:23 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:23 . 2007-06-24 07:41 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-27 21:51 . 2009-06-27 21:51 -------- d-----w- c:\program files\Linksys 2009-06-25 15:17 . 2009-03-10 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-24 18:37 . 2009-06-24 18:38 20044 ----a-w- c:\windows\Fonts\YolksEmoticons.otf 2009-06-24 00:40 . 2009-06-24 00:40 -------- d-----w- c:\documents and settings\Dan\Application Data\WindSolutions 2009-06-23 03:46 . 2009-06-23 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-06-23 03:45 . 2009-06-23 03:45 -------- d-----w- c:\program files\Pando Networks 2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iTunes 2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iPod 2009-06-19 18:59 . 2009-03-10 20:43 -------- d-----w- c:\program files\Common Files\Apple 2009-06-19 18:58 . 2009-03-10 20:14 -------- d-----w- c:\program files\Bonjour 2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\program files\QuickTime 2009-06-19 18:55 . 2009-03-10 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-19 18:52 . 2009-06-19 18:52 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-16 14:36 . 2007-06-24 07:40 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2007-06-24 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-13 03:25 . 2009-06-13 03:26 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-13 03:25 . 2009-06-13 03:25 152576 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\jre1.6.0_11\lzma.dll 2009-06-12 17:01 . 2009-07-17 01:16 34156 ----a-w- c:\windows\Fonts\CaviarDreams_Bold.ttf 2009-06-12 17:01 . 2009-07-17 01:16 35124 ----a-w- c:\windows\Fonts\CaviarDreams.ttf 2009-06-12 12:31 . 2004-08-03 23:56 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2005-05-10 23:51 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-03 23:56 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2009-03-10 19:53 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2007-06-24 07:40 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-05 15:42 . 2009-06-19 18:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-05 15:42 . 2009-03-10 20:43 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-03 19:09 . 2007-06-24 07:39 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-05-23 03:13 . 2009-05-23 03:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-05-23 03:13 . 2009-05-23 03:13 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-23 03:13 . 2009-05-23 03:14 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys 2009-05-23 03:13 . 2009-05-23 03:13 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll 2009-05-23 03:13 . 2009-05-23 03:13 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll 2009-05-23 03:13 . 2009-05-23 03:13 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408] "cdloader"="c:\documents and settings\Dan\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "HostManager"="c:\program files\Common Files\AOL\1236714453\ee\AOLSoftware.exe" [2008-11-06 41264] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112] "CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\Dan\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1236714453\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.5\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Documents and Settings\\Dan\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58683:TCP"= 58683:TCP:Pando Media Booster "58683:UDP"= 58683:UDP:Pando Media Booster "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/22/2009 11:13 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/22/2009 11:13 PM 258608] R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [8/10/2009 11:31 PM 244608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/22/2009 11:13 PM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/12/2009 1:39 AM 276344] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/22/2009 11:13 PM 115560] R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [6/27/2009 5:51 PM 53307] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2009 12:33 PM 101936] S2 gupdate1ca15fcb186a094;Google Update Service (gupdate1ca15fcb186a094);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 2:43 PM 133104] S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088] S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744] S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480] S2 wjysofqm;wjysofqm;c:\windows\system32\drivers\zdtjfvx.sys --> c:\windows\system32\drivers\zdtjfvx.sys [?] S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840] S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848] . Contents of the 'Scheduled Tasks' folder 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43] 2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43] . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://69.136.66.28:227/DVROcxEx.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-13 00:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" . Completion time: 2009-08-13 0:33 ComboFix-quarantined-files.txt 2009-08-13 04:33 ComboFix2.txt 2009-08-07 16:42 Pre-Run: 89,994,510,336 bytes free Post-Run: 90,079,682,560 bytes free 254 --- E O F --- 2009-08-13 01:14
  5. DTakeMoney
    Sorry for the late reply, been too busy to stay on long enough to type this out. =] Here's a picture of the alert. And no, from the past few days; from what I observed, it pops up whenever I start my computer up. And it pops up at random after that, about every few hours or so. For the most part, things been okay with my computer thanks to your help. Only symptoms I've seen so far is my computer freezing (then unfreezing after a minute or two, but sometimes only the taskbar freezes). and I think when I don't have an internet connect, it kind of seems it ceases to exist (something i observed during my fight with the trojan). If that helps. I haven't ran a Malwarebytes scan in a while; I'm gonna do one now. =P
  6. DTakeMoney
    It's been working very well since I've followed your instructions; for almost 6 hours. But when I closed two of my internet explorers windows and opened a new one, the Norton's alert of the Metajuan.Trojan popped up, and at the same time when i was opening Limewire, my taskbar frozed for a bit with my startup menu up. This may be because I had too many things going on with my computer though (had a game up, a new internet explorers window opening up, and Limewire opening up). Well for the most part everything seems to be fine, my latest Malwarebytes quick scan didn't find anything, the only thing that seems to be out of place is the Norton alerts. Anyways, thanks ALOT for the help, miekiemoes, you've helped me alot. =P I'll let you know how everything goes as the day goes on.
  7. DTakeMoney
    Thanks for the reply, miekiemoes. Here's my combofix log: ComboFix 09-08-06.01 - Dan 08/07/2009 12:34.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1629 [GMT -4:00] Running from: c:\documents and settings\Dan\Desktop\Combo-Fix.exe AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Dan\APPLIC~1\inst.exe c:\program files\Antispyware c:\program files\Antispyware\Antispyware.url c:\program files\Antispyware\DataBase.ref c:\program files\Antispyware\vistaCPtasks.xml C:\test.txt c:\windows\Installer\caf39a7.msp c:\windows\Installer\caf39a9.msp c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\drivers\UACmsqtqskwpb.sys c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\UACaistsmlwbl.db c:\windows\system32\uacinit.dll c:\windows\system32\UACjoeerdbfch.dat c:\windows\system32\UACledplfxoyi.dll c:\windows\system32\UACpktarrvxew.dll c:\windows\system32\UACqibeklnbgr.dll c:\windows\system32\UACtoligappot.dll c:\windows\system32\UACvvrdomujhi.dll c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 ))))))))))))))))))))))))))))))) . 2009-08-07 06:26 . 2009-08-07 06:26 -------- d-----w- C:\381af0e9803ba69753 2009-08-07 06:25 . 2009-08-07 15:55 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-07 04:55 . 2009-08-07 04:55 -------- d-----w- c:\program files\Trend Micro 2009-08-05 23:10 . 2009-08-05 23:10 -------- d-----w- c:\program files\Haali 2009-08-05 22:21 . 2009-08-06 18:27 -------- d-----w- C:\ConverterOutput 2009-08-05 22:21 . 2009-02-26 20:34 94650 ----a-w- c:\windows\system32\HKCU_GNU.reg 2009-08-05 22:21 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg 2009-08-05 22:21 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll 2009-08-05 22:21 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll 2009-08-05 22:21 . 2008-02-04 01:26 364544 ----a-w- c:\windows\system32\cdg.dll 2009-08-05 22:21 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll 2009-08-05 22:21 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg 2009-08-05 22:21 . 2009-08-05 22:21 -------- d-----w- c:\program files\Cucusoft 2009-08-05 22:00 . 2009-08-05 22:00 -------- d-----w- c:\program files\WinSCP 2009-08-05 21:42 . 2009-08-05 21:42 -------- d-----w- c:\program files\4Media 2009-08-05 21:36 . 2009-08-06 18:46 -------- d-----w- c:\docume~1\Dan\APPLIC~1\vlc 2009-08-05 21:35 . 2009-08-05 21:35 -------- d-----w- c:\program files\VideoLAN 2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Temp 2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-08-05 18:47 . 2009-08-05 18:47 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Real 2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Common Files\xing shared 2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Real 2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-08-02 06:32 . 2009-08-02 06:33 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Antispyware 2009-08-02 02:35 . 2009-08-02 02:35 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Malwarebytes 2009-08-02 02:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-02 02:24 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-02 02:24 . 2009-08-02 02:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes 2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- c:\documents and settings\Dan\DoctorWeb 2009-08-01 21:31 . 2009-08-07 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----r- c:\program files\Norton Support 2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec 2009-08-01 20:31 . 2009-08-02 06:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\13377654 2009-07-29 15:11 . 2009-06-29 16:23 17408 -c----w- c:\windows\system32\dllcache\corpol.dll 2009-07-22 05:51 . 2009-07-22 05:51 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Yahoo 2009-07-22 05:50 . 2009-07-22 17:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion 2009-07-22 05:49 . 2009-07-22 05:51 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! 2009-07-15 18:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2009-07-15 18:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2009-07-11 07:03 . 2009-07-15 01:23 -------- d-----w- c:\program files\AutoHotkey 2009-07-10 20:40 . 2009-07-10 22:50 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Audacity 2009-07-08 19:14 . 2009-07-08 19:14 -------- d-----w- c:\program files\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 16:33 . 2009-03-10 20:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sonic 2009-08-07 16:30 . 2009-06-13 03:27 -------- d-----w- c:\docume~1\Dan\APPLIC~1\LimeWire 2009-08-05 18:47 . 2009-04-03 21:29 -------- d-----w- c:\program files\Common Files\Real 2009-08-05 18:44 . 2009-03-10 19:16 -------- d-----w- c:\program files\Google 2009-08-01 21:03 . 2009-08-01 21:07 170818 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat 2009-07-22 05:51 . 2009-04-03 21:29 -------- d-----w- c:\program files\Yahoo! 2009-07-18 04:28 . 2009-05-01 02:54 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Azureus 2009-07-17 01:59 . 2009-03-10 19:21 41264 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-14 04:31 . 2009-07-17 01:16 28932 ----a-w- c:\windows\Fonts\Rmnce_fatal_Srif.ttf 2009-07-11 03:49 . 2009-03-10 20:01 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Vso 2009-06-29 16:23 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:23 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:23 . 2007-06-24 07:41 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-27 21:51 . 2009-06-27 21:51 -------- d-----w- c:\program files\Linksys 2009-06-25 15:17 . 2009-03-10 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-25 04:56 . 2009-06-25 04:56 -------- d-----w- c:\program files\MixMeister BPM Analyzer 2009-06-24 18:37 . 2009-06-24 18:38 20044 ----a-w- c:\windows\Fonts\YolksEmoticons.otf 2009-06-24 00:40 . 2009-06-24 00:40 -------- d-----w- c:\docume~1\Dan\APPLIC~1\WindSolutions 2009-06-23 03:46 . 2009-06-23 03:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PMB Files 2009-06-23 03:45 . 2009-06-23 03:45 -------- d-----w- c:\program files\Pando Networks 2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iTunes 2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iPod 2009-06-19 18:59 . 2009-03-10 20:43 -------- d-----w- c:\program files\Common Files\Apple 2009-06-19 18:58 . 2009-03-10 20:14 -------- d-----w- c:\program files\Bonjour 2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\program files\QuickTime 2009-06-19 18:55 . 2009-03-10 20:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple 2009-06-16 14:36 . 2007-06-24 07:40 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:36 . 2007-06-24 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-13 20:02 . 2009-03-10 20:45 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Apple Computer 2009-06-13 03:26 . 2009-06-13 03:25 -------- d-----w- c:\program files\LimeWire 2009-06-13 03:25 . 2009-06-13 03:26 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-13 03:25 . 2009-06-13 03:25 -------- d-----w- c:\program files\Java 2009-06-12 17:01 . 2009-07-17 01:16 34156 ----a-w- c:\windows\Fonts\CaviarDreams_Bold.ttf 2009-06-12 17:01 . 2009-07-17 01:16 35124 ----a-w- c:\windows\Fonts\CaviarDreams.ttf 2009-06-12 07:01 . 2009-03-10 19:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help 2009-06-12 02:06 . 2009-03-12 03:42 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Roxio 2009-06-05 15:42 . 2009-06-19 18:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-05 15:42 . 2009-03-10 20:43 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-06-03 19:09 . 2007-06-24 07:39 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-05-23 03:13 . 2009-05-23 03:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-05-23 03:13 . 2009-05-23 03:13 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-23 03:13 . 2009-05-23 03:14 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408] "cdloader"="c:\documents and settings\Dan\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "HostManager"="c:\program files\Common Files\AOL\1236714453\ee\AOLSoftware.exe" [2008-11-06 41264] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112] "CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\Dan\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"="0x00000000" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1236714453\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.5\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Documents and Settings\\Dan\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58683:TCP"= 58683:TCP:Pando Media Booster "58683:UDP"= 58683:UDP:Pando Media Booster "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/22/2009 11:13 PM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/22/2009 11:13 PM 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/22/2009 11:13 PM 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys [7/30/2009 7:48 PM 276344] R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/22/2009 11:13 PM 115560] R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [6/27/2009 5:51 PM 53307] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/22/2009 11:13 PM 101936] S2 gupdate1ca15fcb186a094;Google Update Service (gupdate1ca15fcb186a094);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 2:43 PM 133104] S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088] S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744] S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480] S2 wjysofqm;wjysofqm;c:\windows\system32\drivers\zdtjfvx.sys --> c:\windows\system32\drivers\zdtjfvx.sys [?] S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840] S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848] . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://69.136.66.28:227/DVROcxEx.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-07 12:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1" . Completion time: 2009-08-07 12:42 ComboFix-quarantined-files.txt 2009-08-07 16:42 Pre-Run: 90,116,673,536 bytes free Post-Run: 90,705,436,672 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 232 --- E O F --- 2009-08-07 06:30 And the new HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:44:15, on 8/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21073) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys\WUSB300N\WLService.exe C:\Program Files\Linksys\WUSB300N\WUSB300N.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236714453\ee\AOLSoftware.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Dan\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} (DVROcxEx Control) - http://69.136.66.28:227/DVROcxEx.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca15fcb186a094) (gupdate1ca15fcb186a094) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 8830 bytes
  8. DTakeMoney
    I've recently got a virus in my computer that caused constant popups and such, but a Malwarebyte was able to get rid of most of the most troubling probelms; but somethings still in my system that won't go away. Whenever I scan my computer, Rootkit.Trace and Trojan.Agent keeps showing up and when I restart my computer after the scan, it continues to reside in my computer. And I believe this is related since it's been happening since the day I got the virus, but every few hours or so, and everytime I start my computer up, Norton alerts me that it's unable to remove Trojan.Metajuan. On top of that, I'm getting error pops up from Google Installer. So basically, my symptoms are: Constant Norton alerts of a failure to remove Trojan.Metajuan Google Installer errors Google links leading to popups Trojan.Agent + Rootkit.Trace showing up on Malwarebytes after every scan Computer freezing a few times a day Computers been alot more slower than it use to be And also, I changed my Malwarebyte's name to winlogon.exe so it'll be runable, if it helps. Here's my Malwarebytes Log: Malwarebytes' Anti-Malware 1.39 Database version: 2573 Windows 5.1.2600 Service Pack 3 8/7/2009 1:29:39 AM mbam-log-2009-08-07 (01-29-39).txt Scan type: Quick Scan Objects scanned: 91918 Time elapsed: 4 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. And HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:25:33, on 8/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21073) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys\WUSB300N\WLService.exe C:\Program Files\Linksys\WUSB300N\WUSB300N.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\AOL\1236714453\ee\AOLSoftware.exe C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236714453\ee\AOLSoftware.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Dan\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} (DVROcxEx Control) - http://69.136.66.28:227/DVROcxEx.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca15fcb186a094) (gupdate1ca15fcb186a094) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9388 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.