Jump to content

Suspicious:W32/Malware!Gemini - infected?


kitten

Recommended Posts

Hi guys,

I wonder if one of you chaps would kindly take a look at my PC, to see if I am infected, or just the victim of an over zealous scanner!

Suspicious:W32/Malware!Gemini has been found on my PC.

Firstly, the story from the beginning...I have no idea if these events are connected.

Last Sunday, my weekly Malwarebytes update crashed. When I tried to relaunch MB, I received the error message MBAM_ERROR_LOAD_DATABASE (0,5) and MB wouldn't load.

After a couple days of trying, I decided to uninstall MB via mbam-clean.exe, and successfully reinstalled MB.

Last Wednesday I decided to replace my weekly Norton 360 full scan, with the F-Secure online full scan. This resulted in finding a tracking cookie, which F-Secure removed, and Suspicious:W32/Malware!Gemini, which couldn't be removed.

I've scanned the infected file with both Super Anti Spyware and Norton, as well as MB. All scans were clear.

I've also scanned the file at virustotal.com and jotti.org, and all scans were clear, though virustotal.com did include the side note, F-Secure Deepguard Suspicious:W32/Malware!Online.

Again, not sure if this is coincidence or not, in folder options - view, I usually keep my setting as Show hidden files and folders...this was changed to Do not show...

I have Last Pass installed in my Chrome browser. A short time after logging in, the session now times out, forcing me to log in again. The session then remains open continuously.

Here are the logs for DDS and Attach. I've also included the F-Secure scan report.

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_29

Run by KEVIN COZENS at 14:03:50 on 2012-01-14

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2558.1670 [GMT 0:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\Program Files\inKline Global\PC Booster\pcbooster.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

C:\Documents and Settings\KEVIN COZENS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\KEVIN COZENS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\KEVIN COZENS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\KEVIN COZENS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\KEVIN COZENS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\KEVIN COZENS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\KEVIN COZENS\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://news.bbc.co.uk/sport/

uDefault_Page_URL = hxxp://www.dell.co.uk/myway

mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

uURLSearchHooks: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll

TB: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [eyeBeam SIP Client]

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

uRun: [Google Update] "c:\documents and settings\kevin cozens\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [QD FastAndSafe]

mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r

mRun: [PC Booster] c:\program files\inkline global\pc booster\pcbooster.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

StartupFolder: c:\docume~1\kevinc~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D1B653D0-DF20-4486-B228-5731E0D1A15B} : DhcpNameServer = 192.168.1.254

Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\kevin cozens\application data\mozilla\firefox\profiles\td28rbhw.kevin\

FF - prefs.js: browser.startup.homepage - hxxp://returnpost.yuku.com/forums/5/t/THE-BANGLES.html

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coffplgn_2011_7_4_3\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\kevin cozens\application data\mozilla\firefox\profiles\td28rbhw.kevin\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\kevin cozens\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\coFFPlgn_2011_7_4_3

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}

FF - Ext: BarTab: bartap@philikon.de - %profile%\extensions\bartap@philikon.de

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-5-29 26248]

R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-5-29 20616]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-5-16 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-5-16 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-12-1 820344]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-5-16 136312]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-19 116608]

R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-5-16 130008]

R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]

R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]

R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]

R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-5-29 122504]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120113.002\IDSXpx86.sys [2012-1-14 356280]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120113.025\NAVENG.SYS [2012-1-14 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120113.025\NAVEX15.SYS [2012-1-14 1576312]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S0 uhatoxds;uhatoxds;c:\windows\system32\drivers\gqmlbcb.sys --> c:\windows\system32\drivers\gqmlbcb.sys [?]

S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-5-29 14216]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-1-12 24064]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-12-31 11520]

.

=============== Created Last 30 ================

.

2012-01-12 18:57:03 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-01-12 18:41:31 -------- d-----w- c:\documents and settings\kevin cozens\application data\Malwarebytes

2012-01-12 18:40:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-01-12 18:40:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-12 18:40:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

.

============= FINISH: 14:05:06.43 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 03/12/2010 00:30:12

System Uptime: 14/01/2012 13:02:10 (1 hours ago)

.

Motherboard: Dell Inc. | | 0RD203

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 146 GiB total, 46.388 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia Windows Portable Device Driver

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia 6303 classic

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

.

==== System Restore Points ===================

.

RP241: 16/10/2011 12:52:48 - System Checkpoint

RP242: 17/10/2011 18:04:14 - System Checkpoint

RP243: 18/10/2011 20:49:24 - System Checkpoint

RP244: 19/10/2011 21:28:39 - System Checkpoint

RP245: 21/10/2011 17:52:54 - System Checkpoint

RP246: 23/10/2011 11:54:49 - Norton 360 Registry Clean

RP247: 23/10/2011 12:28:34 - Norton 360 Registry Clean

RP248: 23/10/2011 13:41:12 - Norton 360 Registry Clean

RP249: 23/10/2011 18:01:39 - Installed Java™ 6 Update 29

RP250: 25/10/2011 18:21:03 - System Checkpoint

RP251: 26/10/2011 20:44:45 - System Checkpoint

RP252: 26/10/2011 23:40:34 - Norton 360 Registry Clean

RP253: 28/10/2011 18:28:19 - System Checkpoint

RP254: 30/10/2011 18:58:21 - System Checkpoint

RP255: 01/11/2011 18:17:41 - System Checkpoint

RP256: 02/11/2011 22:05:49 - Norton 360 Registry Clean

RP257: 04/11/2011 17:40:15 - System Checkpoint

RP258: 06/11/2011 12:12:09 - System Checkpoint

RP259: 07/11/2011 13:23:00 - System Checkpoint

RP260: 09/11/2011 18:52:12 - System Checkpoint

RP261: 09/11/2011 21:34:50 - Norton 360 Registry Clean

RP262: 11/11/2011 21:21:56 - System Checkpoint

RP263: 13/11/2011 15:19:03 - System Checkpoint

RP264: 14/11/2011 17:46:15 - System Checkpoint

RP265: 15/11/2011 17:51:49 - System Checkpoint

RP266: 16/11/2011 20:20:37 - System Checkpoint

RP267: 16/11/2011 21:34:53 - Norton 360 Registry Clean

RP268: 18/11/2011 17:49:53 - System Checkpoint

RP269: 20/11/2011 14:30:18 - System Checkpoint

RP270: 21/11/2011 17:42:14 - System Checkpoint

RP271: 22/11/2011 18:07:03 - System Checkpoint

RP272: 23/11/2011 18:11:32 - System Checkpoint

RP273: 23/11/2011 21:39:23 - Norton 360 Registry Clean

RP274: 25/11/2011 21:26:24 - System Checkpoint

RP275: 27/11/2011 14:13:45 - System Checkpoint

RP276: 28/11/2011 17:43:13 - System Checkpoint

RP277: 29/11/2011 18:26:05 - System Checkpoint

RP278: 30/11/2011 20:38:20 - System Checkpoint

RP279: 30/11/2011 21:58:26 - Norton 360 Registry Clean

RP280: 02/12/2011 18:18:18 - System Checkpoint

RP281: 04/12/2011 14:14:50 - System Checkpoint

RP282: 05/12/2011 17:46:18 - System Checkpoint

RP283: 07/12/2011 12:14:39 - System Checkpoint

RP284: 07/12/2011 21:16:44 - Norton 360 Registry Clean

RP285: 11/12/2011 14:38:31 - System Checkpoint

RP286: 12/12/2011 19:54:35 - System Checkpoint

RP287: 14/12/2011 20:48:55 - System Checkpoint

RP288: 14/12/2011 22:00:18 - Norton 360 Registry Clean

RP289: 16/12/2011 17:58:05 - System Checkpoint

RP290: 18/12/2011 14:17:15 - System Checkpoint

RP291: 19/12/2011 18:34:55 - System Checkpoint

RP292: 21/12/2011 20:43:25 - System Checkpoint

RP293: 21/12/2011 21:40:46 - Norton 360 Registry Clean

RP294: 24/12/2011 17:36:36 - System Checkpoint

RP295: 28/12/2011 20:49:26 - System Checkpoint

RP296: 28/12/2011 22:42:28 - Norton 360 Registry Clean

RP297: 31/12/2011 14:51:13 - System Checkpoint

RP298: 03/01/2012 20:16:58 - System Checkpoint

RP299: 04/01/2012 20:48:52 - System Checkpoint

RP300: 04/01/2012 22:01:49 - Norton 360 Registry Clean

RP301: 06/01/2012 18:05:51 - System Checkpoint

RP302: 08/01/2012 14:24:03 - System Checkpoint

RP303: 09/01/2012 18:21:21 - System Checkpoint

RP304: 10/01/2012 18:46:59 - System Checkpoint

RP305: 13/01/2012 05:21:37 - System Checkpoint

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.9

AOL Coach Version 1.0(Build:20040201.2 uk)

AOL Connectivity Services

AOL Spyware Protection

AOL UK (Choose which version to remove)

AOL You've Got Pictures Screensaver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARTEuro

ATI Control Panel

ATI Display Driver

AutoUpdate

Bonjour

BT Broadband Desktop Help

BT Home Hub

BT Yahoo! Applications

CCleaner

Cool MP3 Splitter 3.0

Creative MediaSource

Dell Driver Reset Tool

Dell Media Experience

Dell Picture Studio v3.0

Dell Support Center (Support Software)

Dell System Restore

DellSupport

DiscwareLite

DivX

Driver Detective

EASEUS Todo Backup 1.1

FoneSync

Free RAR Extract Frog

Google Chrome

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976002-v5)

Intel® 537EP V9x DF PCI Modem

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

Internet Explorer Default Page

iTunes

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 8

Jasc Paint Shop Photo Album 5

Jasc Paint Shop Pro Studio, Dell Editon

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java™ 6 Update 2

Java™ 6 Update 29

Java™ 6 Update 3

Java™ 6 Update 5

Java™ 6 Update 7

Java™ SE Runtime Environment 6 Update 1

Learn2 Player (Uninstall Only)

Lexmark 8300 Series

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.7

Microsoft Word 2000 SR-1

Microsoft Works 2001 Setup Launcher

Microsoft Works 6.0

Microsoft Works 7.0

Microsoft Works Suite Add-in for Microsoft Word

Modem Event Monitor

Modem Helper

Modem On Hold

Mozilla Firefox (3.6.15)

MSN

MSVC80_x86

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Nokia Connectivity Cable Driver

Nokia PC Suite

Norton 360

Paint Shop Pro 7

PC Booster

PC Connectivity Solution

PowerDVD 5.5

Presto! Forms 3.50.01

Presto! PageManager 7.12.02

Print to Fax

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB944338-v2)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981350)

Security Update for Windows XP (KB982381)

Segoe UI

Sonic Audio module

Sonic DLA

Sonic MyDVD LE

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sound Blaster Live! 24-bit

SUPERAntiSpyware

Tiscali Internet

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB900485)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925720)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wanadoo Europe Installer

WD SmartWare

WebFldrs XP

Windows Driver Package - Nokia Modem (06/01/2009 4.1)

Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Installer 3.1 (KB893803)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Format Runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

WinZip

Works Suite OS Pack

Works Synchronization

Yahoo! Anti-Spy

Yahoo! Browser Services

Yahoo! Messenger with BT Communicator

.

==== Event Viewer Messages From Past Week ========

.

13/01/2012 00:47:50, error: F-Secure Standalone Minifilter [1] -

08/01/2012 13:20:36, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

07/01/2012 13:47:14, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

07/01/2012 13:47:14, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.

.

==== End Of File ===========================

F-Secure Scanning Report

Friday, January 13, 2012 00:28:15 - 07:00:28

Computer name: KEVIN

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

1 malware found

Suspicious:W32/Malware!Gemini (virus)

C:\PROGRAM FILES\WANADOO EUROPE\FSCOMMAND\FSCOMMAND\INSTALAR_CONEXIONGRATIS.EXE (Not cleaned & Submitted)

Statistics

Scanned:

Files: 111143

System: 3856

Not scanned: 18

Actions:

Disinfected: 0

Renamed: 0

Deleted: 0

Not cleaned: 1

Submitted: 1

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\SYMDS\TEMP\MUSDMYS_ABMZX7WSKQO1ULZBBHLO

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\SYMDS\TEMP\MUSDMYS_QDDCHWCZQQTQNEWYEMNI

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CMNCLNT\_LCK\_AVPAPP_{BB639333-810A-4BF8-85F5-C537857F55FC}0

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CMNCLNT\_LCK\_NPC.TRAY.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CMNCLNT\_LCK\_ISDATAPR_{E8EFD4CD-DE52-4444-9511-EFF3B158724B}0

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CMNCLNT\_LCK\_ISDATAPR_{FF9AC67A-E394-46AE-B150-B3365343F166}G

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CMNCLNT\_LCK\_UI.HOST.{1AFE47BB-FCF1-4096-9039-1FEBC9A0CCCF}0

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CMNCLNT\_LCK\_SVCMGR-A2B50D70-5EA1-45A0-A983-0DB9E7101676G

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CMNCLNT\_LCK\_SNDPLUGING

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CMNCLNT\_LCK\_{4E9CB39A-5F78-4887-A3D6-2790DE9DDE11}0

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CMNCLNT\_LCK\_RDRPLUGING

Thanks for taking a look, any info would be appreciated. :)

Kevin

Link to post
Share on other sites

  • 1 month later...

Hello Kevin,

Has this been resolved? Please advise.

If not, what do you know about this folder: C:\PROGRAM FILES\WANADOO EUROPE

Make sure your Norton 360 has a current license and is all up-to-date with definitions, and do a complete system scan.

What does it show ?

IF you never subscribed to Norton and this was just a trial edition from your computer-maker, that would be an issue !

Link to post
Share on other sites

Hi Maurice,

Thanks for asking, but I think I've resolved this by simply uninstalling the program.

Wanadoo used to be an ISP in the UK, and came installed on my PC when new many years ago. Already having an ISP, I never accepted this option.

I have a fully paid up subscription of Norton, and all scans since, including F-Secure, have given the all clear.

So fingers crossed, I think I'm clear :) unless you can offer anything further???

Thanks again.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.