DTakeMoney Posted August 7, 2009 ID:106940 Share Posted August 7, 2009 I've recently got a virus in my computer that caused constant popups and such, but a Malwarebyte was able to get rid of most of the most troubling probelms; but somethings still in my system that won't go away. Whenever I scan my computer, Rootkit.Trace and Trojan.Agent keeps showing up and when I restart my computer after the scan, it continues to reside in my computer.And I believe this is related since it's been happening since the day I got the virus, but every few hours or so, and everytime I start my computer up, Norton alerts me that it's unable to remove Trojan.Metajuan.On top of that, I'm getting error pops up from Google Installer.So basically, my symptoms are:Constant Norton alerts of a failure to remove Trojan.MetajuanGoogle Installer errorsGoogle links leading to popupsTrojan.Agent + Rootkit.Trace showing up on Malwarebytes after every scanComputer freezing a few times a dayComputers been alot more slower than it use to beAnd also, I changed my Malwarebyte's name to winlogon.exe so it'll be runable, if it helps.Here's my Malwarebytes Log:Malwarebytes' Anti-Malware 1.39Database version: 2573Windows 5.1.2600 Service Pack 38/7/2009 1:29:39 AMmbam-log-2009-08-07 (01-29-39).txtScan type: Quick ScanObjects scanned: 91918Time elapsed: 4 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.And HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:25:33, on 8/7/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.21073)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Linksys\WUSB300N\WLService.exeC:\Program Files\Linksys\WUSB300N\WUSB300N.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\stsystra.exeC:\Program Files\Common Files\AOL\1236714453\ee\AOLSoftware.exeC:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exeC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\LimeWire\LimeWire.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236714453\ee\AOLSoftware.exeO4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Dan\Application Data\mjusbsp\cdloader2.exe" MAGICJACKO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} (DVROcxEx Control) - http://69.136.66.28:227/DVROcxEx.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cabO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exeO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate1ca15fcb186a094) (gupdate1ca15fcb186a094) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exeO23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exeO23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exeO23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exeO23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exeO23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exeO23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 9388 bytes Link to post Share on other sites More sharing options...
Staff miekiemoes Posted August 7, 2009 Staff ID:107081 Share Posted August 7, 2009 Hi,Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".[*]During the download, rename Combofix to Combo-Fix as follows:[*]It is important you rename Combofix during the download, but not after.[*]Please do not rename Combofix to other names, but only to the one indicated.[*]Close any open browsers.[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers.WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------[*]Double click on combo-Fix.exe & follow the prompts.[*]When finished, it will produce a report for you. [*]Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**If you still cannot get this to run, try booting into Safe Mode, and run it there.To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode." Link to post Share on other sites More sharing options...
DTakeMoney Posted August 7, 2009 Author ID:107217 Share Posted August 7, 2009 Thanks for the reply, miekiemoes.Here's my combofix log:ComboFix 09-08-06.01 - Dan 08/07/2009 12:34.1.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1629 [GMT -4:00]Running from: c:\documents and settings\Dan\Desktop\Combo-Fix.exeAV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\docume~1\Dan\APPLIC~1\inst.exec:\program files\Antispywarec:\program files\Antispyware\Antispyware.urlc:\program files\Antispyware\DataBase.refc:\program files\Antispyware\vistaCPtasks.xmlC:\test.txtc:\windows\Installer\caf39a7.mspc:\windows\Installer\caf39a9.mspc:\windows\system32\404Fix.exec:\windows\system32\Agent.OMZ.Fix.exec:\windows\system32\drivers\UACmsqtqskwpb.sysc:\windows\system32\dumphive.exec:\windows\system32\IEDFix.C.exec:\windows\system32\IEDFix.exec:\windows\system32\o4Patch.exec:\windows\system32\Process.exec:\windows\system32\SrchSTS.exec:\windows\system32\tmp.regc:\windows\system32\UACaistsmlwbl.dbc:\windows\system32\uacinit.dllc:\windows\system32\UACjoeerdbfch.datc:\windows\system32\UACledplfxoyi.dllc:\windows\system32\UACpktarrvxew.dllc:\windows\system32\UACqibeklnbgr.dllc:\windows\system32\UACtoligappot.dllc:\windows\system32\UACvvrdomujhi.dllc:\windows\system32\VACFix.exec:\windows\system32\VCCLSID.exec:\windows\system32\WS2Fix.exe.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_UACd.sys-------\Legacy_UACd.sys((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 ))))))))))))))))))))))))))))))).2009-08-07 06:26 . 2009-08-07 06:26 -------- d-----w- C:\381af0e9803ba697532009-08-07 06:25 . 2009-08-07 15:55 -------- d-----w- c:\windows\SxsCaPendDel2009-08-07 04:55 . 2009-08-07 04:55 -------- d-----w- c:\program files\Trend Micro2009-08-05 23:10 . 2009-08-05 23:10 -------- d-----w- c:\program files\Haali2009-08-05 22:21 . 2009-08-06 18:27 -------- d-----w- C:\ConverterOutput2009-08-05 22:21 . 2009-02-26 20:34 94650 ----a-w- c:\windows\system32\HKCU_GNU.reg2009-08-05 22:21 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg2009-08-05 22:21 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll2009-08-05 22:21 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll2009-08-05 22:21 . 2008-02-04 01:26 364544 ----a-w- c:\windows\system32\cdg.dll2009-08-05 22:21 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll2009-08-05 22:21 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg2009-08-05 22:21 . 2009-08-05 22:21 -------- d-----w- c:\program files\Cucusoft2009-08-05 22:00 . 2009-08-05 22:00 -------- d-----w- c:\program files\WinSCP2009-08-05 21:42 . 2009-08-05 21:42 -------- d-----w- c:\program files\4Media2009-08-05 21:36 . 2009-08-06 18:46 -------- d-----w- c:\docume~1\Dan\APPLIC~1\vlc2009-08-05 21:35 . 2009-08-05 21:35 -------- d-----w- c:\program files\VideoLAN2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Temp2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google2009-08-05 18:47 . 2009-08-05 18:47 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Real2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Common Files\xing shared2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Real2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google2009-08-02 06:32 . 2009-08-02 06:33 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Antispyware2009-08-02 02:35 . 2009-08-02 02:35 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Malwarebytes2009-08-02 02:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-08-02 02:24 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys2009-08-02 02:24 . 2009-08-02 02:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- c:\documents and settings\Dan\DoctorWeb2009-08-01 21:31 . 2009-08-07 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----r- c:\program files\Norton Support2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec2009-08-01 20:31 . 2009-08-02 06:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\133776542009-07-29 15:11 . 2009-06-29 16:23 17408 -c----w- c:\windows\system32\dllcache\corpol.dll2009-07-22 05:51 . 2009-07-22 05:51 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Yahoo2009-07-22 05:50 . 2009-07-22 17:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion2009-07-22 05:49 . 2009-07-22 05:51 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!2009-07-15 18:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll2009-07-15 18:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll2009-07-11 07:03 . 2009-07-15 01:23 -------- d-----w- c:\program files\AutoHotkey2009-07-10 20:40 . 2009-07-10 22:50 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Audacity2009-07-08 19:14 . 2009-07-08 19:14 -------- d-----w- c:\program files\DivX.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-08-07 16:33 . 2009-03-10 20:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sonic2009-08-07 16:30 . 2009-06-13 03:27 -------- d-----w- c:\docume~1\Dan\APPLIC~1\LimeWire2009-08-05 18:47 . 2009-04-03 21:29 -------- d-----w- c:\program files\Common Files\Real2009-08-05 18:44 . 2009-03-10 19:16 -------- d-----w- c:\program files\Google2009-08-01 21:03 . 2009-08-01 21:07 170818 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat2009-07-22 05:51 . 2009-04-03 21:29 -------- d-----w- c:\program files\Yahoo!2009-07-18 04:28 . 2009-05-01 02:54 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Azureus2009-07-17 01:59 . 2009-03-10 19:21 41264 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-07-14 04:31 . 2009-07-17 01:16 28932 ----a-w- c:\windows\Fonts\Rmnce_fatal_Srif.ttf2009-07-11 03:49 . 2009-03-10 20:01 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Vso2009-06-29 16:23 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll2009-06-29 16:23 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll2009-06-29 16:23 . 2007-06-24 07:41 17408 ----a-w- c:\windows\system32\corpol.dll2009-06-27 21:51 . 2009-06-27 21:51 -------- d-----w- c:\program files\Linksys2009-06-25 15:17 . 2009-03-10 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information2009-06-25 04:56 . 2009-06-25 04:56 -------- d-----w- c:\program files\MixMeister BPM Analyzer2009-06-24 18:37 . 2009-06-24 18:38 20044 ----a-w- c:\windows\Fonts\YolksEmoticons.otf2009-06-24 00:40 . 2009-06-24 00:40 -------- d-----w- c:\docume~1\Dan\APPLIC~1\WindSolutions2009-06-23 03:46 . 2009-06-23 03:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PMB Files2009-06-23 03:45 . 2009-06-23 03:45 -------- d-----w- c:\program files\Pando Networks2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iTunes2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iPod2009-06-19 18:59 . 2009-03-10 20:43 -------- d-----w- c:\program files\Common Files\Apple2009-06-19 18:58 . 2009-03-10 20:14 -------- d-----w- c:\program files\Bonjour2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\program files\QuickTime2009-06-19 18:55 . 2009-03-10 20:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple2009-06-16 14:36 . 2007-06-24 07:40 119808 ----a-w- c:\windows\system32\t2embed.dll2009-06-16 14:36 . 2007-06-24 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll2009-06-13 20:02 . 2009-03-10 20:45 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Apple Computer2009-06-13 03:26 . 2009-06-13 03:25 -------- d-----w- c:\program files\LimeWire2009-06-13 03:25 . 2009-06-13 03:26 410984 ----a-w- c:\windows\system32\deploytk.dll2009-06-13 03:25 . 2009-06-13 03:25 -------- d-----w- c:\program files\Java2009-06-12 17:01 . 2009-07-17 01:16 34156 ----a-w- c:\windows\Fonts\CaviarDreams_Bold.ttf2009-06-12 17:01 . 2009-07-17 01:16 35124 ----a-w- c:\windows\Fonts\CaviarDreams.ttf2009-06-12 07:01 . 2009-03-10 19:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help2009-06-12 02:06 . 2009-03-12 03:42 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Roxio2009-06-05 15:42 . 2009-06-19 18:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll2009-06-05 15:42 . 2009-03-10 20:43 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys2009-06-03 19:09 . 2007-06-24 07:39 1291264 ----a-w- c:\windows\system32\quartz.dll2009-05-23 03:13 . 2009-05-23 03:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2009-05-23 03:13 . 2009-05-23 03:13 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2009-05-23 03:13 . 2009-05-23 03:14 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]"cdloader"="c:\documents and settings\Dan\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]"HostManager"="c:\program files\Common Files\AOL\1236714453\ee\AOLSoftware.exe" [2008-11-06 41264]"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 136600]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160]"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"ShowDeskFix"="shell32" [X]c:\documents and settings\Dan\Start Menu\Programs\Startup\LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]@="FSFilter Activity Monitor"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"="0x00000000"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"="c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"="c:\\Program Files\\Common Files\\aol\\1236714453\\ee\\aolsoftware.exe"="c:\\Program Files\\AOL 9.5\\waol.exe"="c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"="c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"="c:\\Documents and Settings\\Dan\\Application Data\\mjusbsp\\magicJack.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\Launcher.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"58683:TCP"= 58683:TCP:Pando Media Booster"58683:UDP"= 58683:UDP:Pando Media Booster"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/22/2009 11:13 PM 310320]R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/22/2009 11:13 PM 258608]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/22/2009 11:13 PM 482352]R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys [7/30/2009 7:48 PM 276344]R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/22/2009 11:13 PM 115560]R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [6/27/2009 5:51 PM 53307]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/22/2009 11:13 PM 101936]S2 gupdate1ca15fcb186a094;Google Update Service (gupdate1ca15fcb186a094);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 2:43 PM 133104]S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]S2 wjysofqm;wjysofqm;c:\windows\system32\drivers\zdtjfvx.sys --> c:\windows\system32\drivers\zdtjfvx.sys [?]S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848].- - - - ORPHANS REMOVED - - - -WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file).------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://69.136.66.28:227/DVROcxEx.cab.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-08-07 12:40Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1".Completion time: 2009-08-07 12:42ComboFix-quarantined-files.txt 2009-08-07 16:42Pre-Run: 90,116,673,536 bytes freePost-Run: 90,705,436,672 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer232 --- E O F --- 2009-08-07 06:30And the new HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:44:15, on 8/7/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.21073)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Linksys\WUSB300N\WLService.exeC:\Program Files\Linksys\WUSB300N\WUSB300N.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236714453\ee\AOLSoftware.exeO4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Dan\Application Data\mjusbsp\cdloader2.exe" MAGICJACKO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} (DVROcxEx Control) - http://69.136.66.28:227/DVROcxEx.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cabO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exeO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate1ca15fcb186a094) (gupdate1ca15fcb186a094) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exeO23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exeO23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exeO23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exeO23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exeO23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exeO23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 8830 bytes Link to post Share on other sites More sharing options...
Staff miekiemoes Posted August 7, 2009 Staff ID:107218 Share Posted August 7, 2009 Hi,You were dealing with a rootkit that was locking mbam detection for it. Next version of mbam will be able to deal with it * Go to start > run and copy and paste next command in the field:ComboFix /uMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.Let me know in your next reply how things are now. Link to post Share on other sites More sharing options...
DTakeMoney Posted August 7, 2009 Author ID:107284 Share Posted August 7, 2009 It's been working very well since I've followed your instructions; for almost 6 hours. But when I closed two of my internet explorers windows and opened a new one, the Norton's alert of the Metajuan.Trojan popped up, and at the same time when i was opening Limewire, my taskbar frozed for a bit with my startup menu up. This may be because I had too many things going on with my computer though (had a game up, a new internet explorers window opening up, and Limewire opening up). Well for the most part everything seems to be fine, my latest Malwarebytes quick scan didn't find anything, the only thing that seems to be out of place is the Norton alerts. Anyways, thanks ALOT for the help, miekiemoes, you've helped me alot. =P I'll let you know how everything goes as the day goes on. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted August 8, 2009 Staff ID:107444 Share Posted August 8, 2009 Hi,Can you tell me what file Norton alerts? What file and in what folder it is present.Do you let Norton delete it?When do you get that alert? Because from what I'm understanding here is, you get it when you open Limewire?Most probably you got infected via Limewire as well, because after all, you never know what you download. Could be a file in your "completed" or "incompleted" folder (shared folder) which is infected.Also, I do not recommend to have Limewire startup with Windows anyway, so I suggest you disable its startup via msconfig. Link to post Share on other sites More sharing options...
DTakeMoney Posted August 12, 2009 Author ID:109092 Share Posted August 12, 2009 Sorry for the late reply, been too busy to stay on long enough to type this out. =]Here's a picture of the alert. And no, from the past few days; from what I observed, it pops up whenever I start my computer up. And it pops up at random after that, about every few hours or so. For the most part, things been okay with my computer thanks to your help. Only symptoms I've seen so far is my computer freezing (then unfreezing after a minute or two, but sometimes only the taskbar freezes). and I think when I don't have an internet connect, it kind of seems it ceases to exist (something i observed during my fight with the trojan). If that helps. I haven't ran a Malwarebytes scan in a while; I'm gonna do one now. =P Link to post Share on other sites More sharing options...
Staff miekiemoes Posted August 12, 2009 Staff ID:109127 Share Posted August 12, 2009 Hi,Can't you generate a logfile where Norton is detecting this file? Because I can't do anything with above info if I don't know where it is detected. All it says is that it detected this infection.Also, please redownload and rerun Combofix again, this to make sure nothing jumped in again while you were using limewire. After all, p2p programs are always a risk and main cause of an infected computer. Link to post Share on other sites More sharing options...
DTakeMoney Posted August 13, 2009 Author ID:109431 Share Posted August 13, 2009 Here's the new Combofix log; and when my norton finishes scanning, I'll post a pic of the info/location/etc of the trojan. =]ComboFix 09-08-10.06 - Dan 08/13/2009 0:27.2.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1309 [GMT -4:00]Running from: c:\documents and settings\Dan\Desktop\abc.exeAV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\test.txt.((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))))).2009-08-13 01:13 . 2004-08-03 23:56 221184 ----a-w- c:\windows\system32\wmpns.dll2009-08-13 00:20 . 2009-08-13 04:17 -------- d-----w- c:\documents and settings\Dan\Tracing2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Microsoft2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live SkyDrive2009-08-13 00:15 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live2009-08-13 00:13 . 2009-08-13 00:13 -------- d-----w- c:\program files\Common Files\Windows Live2009-08-12 23:37 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG.SYS2009-08-12 23:37 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX15.SYS2009-08-12 23:37 . 2009-05-23 03:13 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\EECTRL.SYS2009-08-12 23:37 . 2009-05-23 03:13 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ERASER.SYS2009-08-12 23:37 . 2009-05-23 03:13 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG32.DLL2009-08-12 23:37 . 2009-05-23 03:13 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX32A.DLL2009-08-12 23:37 . 2009-05-23 03:13 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ECMSVR32.DLL2009-08-12 23:37 . 2009-05-23 03:13 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\CCERASER.DLL2009-08-12 18:19 . 2009-06-12 12:31 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe2009-08-12 18:19 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe2009-08-12 18:19 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll2009-08-12 18:19 . 2009-06-10 14:13 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll2009-08-12 18:19 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll2009-08-12 18:19 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll2009-08-12 18:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll2009-08-12 05:39 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys2009-08-12 05:39 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys2009-08-12 05:39 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll2009-08-12 05:39 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll2009-08-12 05:39 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys2009-08-11 04:21 . 2009-08-11 04:21 528088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2009-08-11 03:50 . 2009-08-11 04:14 64597 ----a-w- c:\windows\War3Unin.dat2009-08-11 03:50 . 2009-08-11 03:55 2829 ----a-w- c:\windows\War3Unin.pif2009-08-11 03:50 . 2009-08-11 03:55 139264 ----a-w- c:\windows\War3Unin.exe2009-08-11 03:42 . 2009-08-12 22:19 -------- d-----w- c:\program files\Warcraft III2009-08-11 03:31 . 2007-08-30 12:00 244608 ----a-w- c:\windows\system32\drivers\c2scsi.sys2009-08-11 03:21 . 2009-08-11 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite2009-08-11 03:21 . 2009-08-11 15:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar2009-08-11 02:46 . 2009-08-11 02:46 721904 ----a-w- c:\windows\system32\drivers\sptd.sys2009-08-11 02:46 . 2009-08-11 03:26 -------- d-----w- c:\documents and settings\Dan\Application Data\DAEMON Tools Lite2009-08-08 16:21 . 2009-08-08 16:21 -------- d-sh--w- C:\found.0002009-08-07 18:04 . 2009-08-07 18:04 -------- d-s---w- C:\Combo-Fix2009-08-07 06:26 . 2009-08-07 06:26 -------- d-----w- C:\381af0e9803ba697532009-08-07 06:25 . 2009-08-07 15:55 -------- d-----w- c:\windows\SxsCaPendDel2009-08-07 04:55 . 2009-08-07 04:55 -------- d-----w- c:\program files\Trend Micro2009-08-07 04:54 . 2009-08-07 04:54 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe2009-08-05 23:10 . 2009-08-05 23:10 -------- d-----w- c:\program files\Haali2009-08-05 22:21 . 2009-08-12 23:23 -------- d-----w- C:\ConverterOutput2009-08-05 22:21 . 2009-02-26 20:34 94650 ----a-w- c:\windows\system32\HKCU_GNU.reg2009-08-05 22:21 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg2009-08-05 22:21 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll2009-08-05 22:21 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll2009-08-05 22:21 . 2008-02-04 01:26 364544 ----a-w- c:\windows\system32\cdg.dll2009-08-05 22:21 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll2009-08-05 22:21 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg2009-08-05 22:21 . 2009-08-05 22:21 -------- d-----w- c:\program files\Cucusoft2009-08-05 21:36 . 2009-08-11 03:22 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc2009-08-05 21:35 . 2009-08-05 21:35 -------- d-----w- c:\program files\VideoLAN2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Temp2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google2009-08-05 18:47 . 2009-08-05 18:47 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Real2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Common Files\xing shared2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Real2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google2009-08-02 06:32 . 2009-08-02 06:33 -------- d-----w- c:\documents and settings\Dan\Application Data\Antispyware2009-08-02 02:35 . 2009-08-02 02:35 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes2009-08-02 02:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-08-02 02:24 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys2009-08-02 02:24 . 2009-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- c:\documents and settings\Dan\DoctorWeb2009-08-01 21:31 . 2009-08-07 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----r- c:\program files\Norton Support2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec2009-08-01 20:31 . 2009-08-02 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\133776542009-07-30 23:48 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys2009-07-30 23:48 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys2009-07-30 23:48 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll2009-07-30 23:48 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll2009-07-30 23:48 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys2009-07-29 15:11 . 2009-06-29 16:23 17408 -c----w- c:\windows\system32\dllcache\corpol.dll2009-07-22 05:51 . 2009-07-22 05:51 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Yahoo2009-07-22 05:49 . 2009-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!2009-07-15 18:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll2009-07-15 18:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-08-13 04:20 . 2009-06-13 03:27 -------- d-----w- c:\documents and settings\Dan\Application Data\LimeWire2009-08-13 04:16 . 2009-03-10 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic2009-08-09 14:27 . 2009-04-03 21:29 -------- d-----w- c:\program files\Yahoo!2009-08-08 21:17 . 2009-03-10 19:21 41264 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-08-05 18:47 . 2009-04-03 21:29 -------- d-----w- c:\program files\Common Files\Real2009-08-05 18:44 . 2009-03-10 19:16 -------- d-----w- c:\program files\Google2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll2009-08-01 21:03 . 2009-08-01 21:07 170818 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat2009-07-18 04:28 . 2009-05-01 02:54 -------- d-----w- c:\documents and settings\Dan\Application Data\Azureus2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll2009-07-14 04:31 . 2009-07-17 01:16 28932 ----a-w- c:\windows\Fonts\Rmnce_fatal_Srif.ttf2009-07-14 03:43 . 2007-06-24 07:41 286208 ----a-w- c:\windows\system32\wmpdxm.dll2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys2009-07-11 03:49 . 2009-03-10 20:01 -------- d-----w- c:\documents and settings\Dan\Application Data\Vso2009-07-10 22:50 . 2009-07-10 20:40 -------- d-----w- c:\documents and settings\Dan\Application Data\Audacity2009-07-08 19:14 . 2009-07-08 19:14 -------- d-----w- c:\program files\DivX2009-06-29 16:23 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll2009-06-29 16:23 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll2009-06-29 16:23 . 2007-06-24 07:41 17408 ----a-w- c:\windows\system32\corpol.dll2009-06-27 21:51 . 2009-06-27 21:51 -------- d-----w- c:\program files\Linksys2009-06-25 15:17 . 2009-03-10 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information2009-06-24 18:37 . 2009-06-24 18:38 20044 ----a-w- c:\windows\Fonts\YolksEmoticons.otf2009-06-24 00:40 . 2009-06-24 00:40 -------- d-----w- c:\documents and settings\Dan\Application Data\WindSolutions2009-06-23 03:46 . 2009-06-23 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files2009-06-23 03:45 . 2009-06-23 03:45 -------- d-----w- c:\program files\Pando Networks2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iTunes2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iPod2009-06-19 18:59 . 2009-03-10 20:43 -------- d-----w- c:\program files\Common Files\Apple2009-06-19 18:58 . 2009-03-10 20:14 -------- d-----w- c:\program files\Bonjour2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\program files\QuickTime2009-06-19 18:55 . 2009-03-10 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple2009-06-19 18:52 . 2009-06-19 18:52 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe2009-06-16 14:36 . 2007-06-24 07:40 119808 ----a-w- c:\windows\system32\t2embed.dll2009-06-16 14:36 . 2007-06-24 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll2009-06-13 03:25 . 2009-06-13 03:26 410984 ----a-w- c:\windows\system32\deploytk.dll2009-06-13 03:25 . 2009-06-13 03:25 152576 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\jre1.6.0_11\lzma.dll2009-06-12 17:01 . 2009-07-17 01:16 34156 ----a-w- c:\windows\Fonts\CaviarDreams_Bold.ttf2009-06-12 17:01 . 2009-07-17 01:16 35124 ----a-w- c:\windows\Fonts\CaviarDreams.ttf2009-06-12 12:31 . 2004-08-03 23:56 80896 ----a-w- c:\windows\system32\tlntsess.exe2009-06-12 12:31 . 2005-05-10 23:51 76288 ----a-w- c:\windows\system32\telnet.exe2009-06-10 14:13 . 2004-08-03 23:56 84992 ----a-w- c:\windows\system32\avifil32.dll2009-06-10 13:19 . 2009-03-10 19:53 2066432 ----a-w- c:\windows\system32\mstscax.dll2009-06-10 06:14 . 2007-06-24 07:40 132096 ----a-w- c:\windows\system32\wkssvc.dll2009-06-05 15:42 . 2009-06-19 18:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll2009-06-05 15:42 . 2009-03-10 20:43 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys2009-06-03 19:09 . 2007-06-24 07:39 1291264 ----a-w- c:\windows\system32\quartz.dll2009-05-23 03:13 . 2009-05-23 03:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2009-05-23 03:13 . 2009-05-23 03:13 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2009-05-23 03:13 . 2009-05-23 03:14 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys2009-05-23 03:13 . 2009-05-23 03:13 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll2009-05-23 03:13 . 2009-05-23 03:13 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll2009-05-23 03:13 . 2009-05-23 03:13 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]"cdloader"="c:\documents and settings\Dan\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]"HostManager"="c:\program files\Common Files\AOL\1236714453\ee\AOLSoftware.exe" [2008-11-06 41264]"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 136600]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160]"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"ShowDeskFix"="shell32" [X]c:\documents and settings\Dan\Start Menu\Programs\Startup\LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]@="FSFilter Activity Monitor"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"="c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"="c:\\Program Files\\Common Files\\aol\\1236714453\\ee\\aolsoftware.exe"="c:\\Program Files\\AOL 9.5\\waol.exe"="c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"="c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"="c:\\Documents and Settings\\Dan\\Application Data\\mjusbsp\\magicJack.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\Launcher.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="c:\\Program Files\\Warcraft III\\Warcraft III.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"58683:TCP"= 58683:TCP:Pando Media Booster"58683:UDP"= 58683:UDP:Pando Media Booster"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/22/2009 11:13 PM 310320]R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/22/2009 11:13 PM 258608]R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [8/10/2009 11:31 PM 244608]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/22/2009 11:13 PM 482352]R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/12/2009 1:39 AM 276344]R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/22/2009 11:13 PM 115560]R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [6/27/2009 5:51 PM 53307]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2009 12:33 PM 101936]S2 gupdate1ca15fcb186a094;Google Update Service (gupdate1ca15fcb186a094);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 2:43 PM 133104]S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]S2 wjysofqm;wjysofqm;c:\windows\system32\drivers\zdtjfvx.sys --> c:\windows\system32\drivers\zdtjfvx.sys [?]S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848].Contents of the 'Scheduled Tasks' folder2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43]2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43].- - - - ORPHANS REMOVED - - - -WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file).------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://69.136.66.28:227/DVROcxEx.cab.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-08-13 00:31Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1".Completion time: 2009-08-13 0:33ComboFix-quarantined-files.txt 2009-08-13 04:33ComboFix2.txt 2009-08-07 16:42Pre-Run: 89,994,510,336 bytes freePost-Run: 90,079,682,560 bytes free254 --- E O F --- 2009-08-13 01:14 Link to post Share on other sites More sharing options...
DTakeMoney Posted August 13, 2009 Author ID:109436 Share Posted August 13, 2009 Here's the Norton thing about my infection. Everything in the Details box is the same thing, all of them says "globalroot\systemroot\system32\uactoligappot.dell.There was only 8ish affected files when I first got the infection (Didn't use Limewire at all during that time). Link to post Share on other sites More sharing options...
Staff miekiemoes Posted August 13, 2009 Staff ID:109457 Share Posted August 13, 2009 Hmm,This is strange. Combofix actually already deleted that file as you will see under the "deleted" part in your Combofix log, so not sure why Norton comes up with it again. Combofix doesn't list the presence of this infection anymore.If this one was still present, you certainly would have noticed it. Anyway, let's have a look anyway and delete it with a script, because I see there's an orphaned driver to delete as well there..* Open notepad - don't use any other texteditor than notepad or the script will fail.Copy/paste the text in the quotebox below into notepad:Rootkit::c:\windows\system32\UACaistsmlwbl.dbc:\windows\system32\uacinit.dllc:\windows\system32\UACjoeerdbfch.datc:\windows\system32\UACledplfxoyi.dllc:\windows\system32\UACpktarrvxew.dllc:\windows\system32\UACqibeklnbgr.dllc:\windows\system32\UACtoligappot.dllc:\windows\system32\UACvvrdomujhi.dllc:\windows\system32\drivers\UACmsqtqskwpb.sysDriver::UACd.syswjysofqmSave this as txtfile CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
DTakeMoney Posted August 13, 2009 Author ID:109696 Share Posted August 13, 2009 Here you go. ComboFix 09-08-10.06 - Dan 08/13/2009 10:38.3.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1327 [GMT -4:00]Running from: c:\documents and settings\Dan\Desktop\abc.exeCommand switches used :: c:\documents and settings\Dan\Desktop\CFScript.txtAV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\test.txt.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_wjysofqm((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))))).2009-08-13 01:13 . 2004-08-03 23:56 221184 ----a-w- c:\windows\system32\wmpns.dll2009-08-13 00:20 . 2009-08-13 14:10 -------- d-----w- c:\documents and settings\Dan\Tracing2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Microsoft2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live SkyDrive2009-08-13 00:15 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live2009-08-13 00:13 . 2009-08-13 00:13 -------- d-----w- c:\program files\Common Files\Windows Live2009-08-12 23:37 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG.SYS2009-08-12 23:37 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX15.SYS2009-08-12 23:37 . 2009-05-23 03:13 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\EECTRL.SYS2009-08-12 23:37 . 2009-05-23 03:13 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ERASER.SYS2009-08-12 23:37 . 2009-05-23 03:13 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG32.DLL2009-08-12 23:37 . 2009-05-23 03:13 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX32A.DLL2009-08-12 23:37 . 2009-05-23 03:13 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ECMSVR32.DLL2009-08-12 23:37 . 2009-05-23 03:13 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\CCERASER.DLL2009-08-12 18:19 . 2009-06-12 12:31 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe2009-08-12 18:19 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe2009-08-12 18:19 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll2009-08-12 18:19 . 2009-06-10 14:13 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll2009-08-12 18:19 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll2009-08-12 18:19 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll2009-08-12 18:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll2009-08-12 05:39 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys2009-08-12 05:39 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys2009-08-12 05:39 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll2009-08-12 05:39 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll2009-08-12 05:39 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys2009-08-11 04:21 . 2009-08-11 04:21 528088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2009-08-11 03:50 . 2009-08-11 04:14 64597 ----a-w- c:\windows\War3Unin.dat2009-08-11 03:50 . 2009-08-11 03:55 2829 ----a-w- c:\windows\War3Unin.pif2009-08-11 03:50 . 2009-08-11 03:55 139264 ----a-w- c:\windows\War3Unin.exe2009-08-11 03:42 . 2009-08-13 05:48 -------- d-----w- c:\program files\Warcraft III2009-08-11 03:31 . 2007-08-30 12:00 244608 ----a-w- c:\windows\system32\drivers\c2scsi.sys2009-08-11 03:21 . 2009-08-11 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite2009-08-11 03:21 . 2009-08-11 15:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar2009-08-11 02:46 . 2009-08-11 02:46 721904 ----a-w- c:\windows\system32\drivers\sptd.sys2009-08-11 02:46 . 2009-08-11 03:26 -------- d-----w- c:\documents and settings\Dan\Application Data\DAEMON Tools Lite2009-08-08 16:21 . 2009-08-08 16:21 -------- d-sh--w- C:\found.0002009-08-07 18:04 . 2009-08-07 18:04 -------- d-s---w- C:\Combo-Fix2009-08-07 06:26 . 2009-08-07 06:26 -------- d-----w- C:\381af0e9803ba697532009-08-07 06:25 . 2009-08-07 15:55 -------- d-----w- c:\windows\SxsCaPendDel2009-08-07 04:55 . 2009-08-07 04:55 -------- d-----w- c:\program files\Trend Micro2009-08-07 04:54 . 2009-08-07 04:54 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe2009-08-05 23:10 . 2009-08-05 23:10 -------- d-----w- c:\program files\Haali2009-08-05 22:21 . 2009-08-12 23:23 -------- d-----w- C:\ConverterOutput2009-08-05 22:21 . 2009-02-26 20:34 94650 ----a-w- c:\windows\system32\HKCU_GNU.reg2009-08-05 22:21 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg2009-08-05 22:21 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll2009-08-05 22:21 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll2009-08-05 22:21 . 2008-02-04 01:26 364544 ----a-w- c:\windows\system32\cdg.dll2009-08-05 22:21 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll2009-08-05 22:21 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg2009-08-05 22:21 . 2009-08-05 22:21 -------- d-----w- c:\program files\Cucusoft2009-08-05 21:36 . 2009-08-13 14:43 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc2009-08-05 21:35 . 2009-08-05 21:35 -------- d-----w- c:\program files\VideoLAN2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Temp2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google2009-08-05 18:47 . 2009-08-05 18:47 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Real2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Common Files\xing shared2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Real2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google2009-08-02 06:32 . 2009-08-02 06:33 -------- d-----w- c:\documents and settings\Dan\Application Data\Antispyware2009-08-02 02:35 . 2009-08-02 02:35 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes2009-08-02 02:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-08-02 02:24 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys2009-08-02 02:24 . 2009-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- c:\documents and settings\Dan\DoctorWeb2009-08-01 21:31 . 2009-08-07 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----r- c:\program files\Norton Support2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec2009-08-01 20:31 . 2009-08-02 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\133776542009-07-30 23:48 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys2009-07-30 23:48 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys2009-07-30 23:48 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll2009-07-30 23:48 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll2009-07-30 23:48 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys2009-07-29 15:11 . 2009-06-29 16:23 17408 -c----w- c:\windows\system32\dllcache\corpol.dll2009-07-22 05:51 . 2009-07-22 05:51 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Yahoo2009-07-22 05:49 . 2009-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!2009-07-15 18:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll2009-07-15 18:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-08-13 14:45 . 2009-06-13 03:27 -------- d-----w- c:\documents and settings\Dan\Application Data\LimeWire2009-08-13 14:45 . 2009-03-10 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic2009-08-09 14:27 . 2009-04-03 21:29 -------- d-----w- c:\program files\Yahoo!2009-08-08 21:17 . 2009-03-10 19:21 41264 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-08-05 18:47 . 2009-04-03 21:29 -------- d-----w- c:\program files\Common Files\Real2009-08-05 18:44 . 2009-03-10 19:16 -------- d-----w- c:\program files\Google2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll2009-08-01 21:03 . 2009-08-01 21:07 170818 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat2009-07-18 04:28 . 2009-05-01 02:54 -------- d-----w- c:\documents and settings\Dan\Application Data\Azureus2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll2009-07-14 04:31 . 2009-07-17 01:16 28932 ----a-w- c:\windows\Fonts\Rmnce_fatal_Srif.ttf2009-07-14 03:43 . 2007-06-24 07:41 286208 ----a-w- c:\windows\system32\wmpdxm.dll2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys2009-07-11 03:49 . 2009-03-10 20:01 -------- d-----w- c:\documents and settings\Dan\Application Data\Vso2009-07-10 22:50 . 2009-07-10 20:40 -------- d-----w- c:\documents and settings\Dan\Application Data\Audacity2009-07-08 19:14 . 2009-07-08 19:14 -------- d-----w- c:\program files\DivX2009-06-29 16:23 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll2009-06-29 16:23 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll2009-06-29 16:23 . 2007-06-24 07:41 17408 ----a-w- c:\windows\system32\corpol.dll2009-06-27 21:51 . 2009-06-27 21:51 -------- d-----w- c:\program files\Linksys2009-06-25 15:17 . 2009-03-10 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information2009-06-24 18:37 . 2009-06-24 18:38 20044 ----a-w- c:\windows\Fonts\YolksEmoticons.otf2009-06-24 00:40 . 2009-06-24 00:40 -------- d-----w- c:\documents and settings\Dan\Application Data\WindSolutions2009-06-23 03:46 . 2009-06-23 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files2009-06-23 03:45 . 2009-06-23 03:45 -------- d-----w- c:\program files\Pando Networks2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iTunes2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iPod2009-06-19 18:59 . 2009-03-10 20:43 -------- d-----w- c:\program files\Common Files\Apple2009-06-19 18:58 . 2009-03-10 20:14 -------- d-----w- c:\program files\Bonjour2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\program files\QuickTime2009-06-19 18:55 . 2009-03-10 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple2009-06-19 18:52 . 2009-06-19 18:52 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe2009-06-16 14:36 . 2007-06-24 07:40 119808 ----a-w- c:\windows\system32\t2embed.dll2009-06-16 14:36 . 2007-06-24 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll2009-06-13 03:25 . 2009-06-13 03:26 410984 ----a-w- c:\windows\system32\deploytk.dll2009-06-13 03:25 . 2009-06-13 03:25 152576 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\jre1.6.0_11\lzma.dll2009-06-12 17:01 . 2009-07-17 01:16 34156 ----a-w- c:\windows\Fonts\CaviarDreams_Bold.ttf2009-06-12 17:01 . 2009-07-17 01:16 35124 ----a-w- c:\windows\Fonts\CaviarDreams.ttf2009-06-12 12:31 . 2004-08-03 23:56 80896 ----a-w- c:\windows\system32\tlntsess.exe2009-06-12 12:31 . 2005-05-10 23:51 76288 ----a-w- c:\windows\system32\telnet.exe2009-06-10 14:13 . 2004-08-03 23:56 84992 ----a-w- c:\windows\system32\avifil32.dll2009-06-10 13:19 . 2009-03-10 19:53 2066432 ----a-w- c:\windows\system32\mstscax.dll2009-06-10 06:14 . 2007-06-24 07:40 132096 ----a-w- c:\windows\system32\wkssvc.dll2009-06-05 15:42 . 2009-06-19 18:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll2009-06-05 15:42 . 2009-03-10 20:43 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys2009-06-03 19:09 . 2007-06-24 07:39 1291264 ----a-w- c:\windows\system32\quartz.dll2009-05-23 03:13 . 2009-05-23 03:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2009-05-23 03:13 . 2009-05-23 03:13 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2009-05-23 03:13 . 2009-05-23 03:14 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys2009-05-23 03:13 . 2009-05-23 03:13 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll2009-05-23 03:13 . 2009-05-23 03:13 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll2009-05-23 03:13 . 2009-05-23 03:13 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll.((((((((((((((((((((((((((((( SnapShot@2009-08-13_04.31.41 ))))))))))))))))))))))))))))))))))))))))).+ 2009-08-13 14:45 . 2009-08-13 14:45 16384 c:\windows\Temp\Perflib_Perfdata_890.dat+ 2009-08-13 14:45 . 2009-08-13 14:45 16384 c:\windows\Temp\Perflib_Perfdata_2cc.dat+ 2009-08-13 14:44 . 2009-08-13 14:44 16384 c:\windows\Temp\Perflib_Perfdata_240.dat+ 2009-08-13 14:42 . 2009-08-13 14:42 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat+ 2009-08-13 14:42 . 2009-08-13 14:42 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat+ 2009-08-13 14:42 . 2009-08-13 14:42 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT+ 2009-08-13 14:42 . 2009-08-13 14:42 233472 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat+ 2009-08-13 14:42 . 2009-08-13 14:42 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT+ 2009-08-13 14:42 . 2009-08-13 14:42 6942720 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]"cdloader"="c:\documents and settings\Dan\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]"HostManager"="c:\program files\Common Files\AOL\1236714453\ee\AOLSoftware.exe" [2008-11-06 41264]"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 136600]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160]"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"ShowDeskFix"="shell32" [X]c:\documents and settings\Dan\Start Menu\Programs\Startup\LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]@="FSFilter Activity Monitor"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"="c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"="c:\\Program Files\\Common Files\\aol\\1236714453\\ee\\aolsoftware.exe"="c:\\Program Files\\AOL 9.5\\waol.exe"="c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"="c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"="c:\\Documents and Settings\\Dan\\Application Data\\mjusbsp\\magicJack.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\Launcher.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="c:\\Program Files\\Warcraft III\\Warcraft III.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"58683:TCP"= 58683:TCP:Pando Media Booster"58683:UDP"= 58683:UDP:Pando Media Booster"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/22/2009 11:13 PM 310320]R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/22/2009 11:13 PM 258608]R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [8/10/2009 11:31 PM 244608]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/22/2009 11:13 PM 482352]R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/12/2009 1:39 AM 276344]R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/22/2009 11:13 PM 115560]R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [6/27/2009 5:51 PM 53307]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2009 12:33 PM 101936]S2 gupdate1ca15fcb186a094;Google Update Service (gupdate1ca15fcb186a094);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 2:43 PM 133104]S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848].Contents of the 'Scheduled Tasks' folder2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43]2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://69.136.66.28:227/DVROcxEx.cab.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-08-13 10:45Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(2328)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\wpdshserviceobj.dllc:\windows\system32\portabledevicetypes.dllc:\windows\system32\portabledeviceapi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\ati2evxx.exec:\documents and settings\Dan\Desktop\New Folder\a2service.exec:\program files\Common Files\aol\acs\AOLacsd.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Linksys\WUSB300N\WUSB300N.exec:\windows\system32\WgaTray.exec:\windows\system32\wscntfy.exec:\program files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2009-08-13 10:51 - machine was rebootedComboFix-quarantined-files.txt 2009-08-13 14:51ComboFix2.txt 2009-08-13 04:33ComboFix3.txt 2009-08-07 16:42Pre-Run: 73,029,353,472 bytes freePost-Run: 72,913,727,488 bytes free292 --- E O F --- 2009-08-13 01:14 Link to post Share on other sites More sharing options...
Staff miekiemoes Posted August 13, 2009 Staff ID:109703 Share Posted August 13, 2009 Hi,According to the log, the infection is not present anymore either. Combofix didn't delete the big set of files we've added in the CFScript since they are not even present there. Combofix should actually show and delete them already though (as you've noticed in the first post).So not sure why Norton is still flagging them, but that could be a glitch as well.* Go to start > run and copy and paste next command in the field:ComboFix /uMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.Then perform a full scan with norton afterwards. Link to post Share on other sites More sharing options...
DTakeMoney Posted August 14, 2009 Author ID:109903 Share Posted August 14, 2009 Done. A full Nortan scan came up with just a tracking cookie; not the metajuan. I'm still getting the popups even after that. So I guess it is a glitch. =] I just remembered I read something a weekish ago about someone having the same Norton Pop Ups and I think they said it was just a glitch too. I guess that's it then, thanks ALOT for the saving my computer, miekiemoes! Link to post Share on other sites More sharing options...
Staff miekiemoes Posted August 14, 2009 Staff ID:109962 Share Posted August 14, 2009 Glad I could help. Please read my Prevention page with lots of info and tips how to prevent this in the future.And if you want to improve speed/system performance after malware removal, take a look here.Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.Happy Surfing again! Link to post Share on other sites More sharing options...
Staff miekiemoes Posted August 18, 2009 Staff ID:111554 Share Posted August 18, 2009 Since this issue appears resolved ... this Topic is closed.If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.Everyone else please begin a New Topic. Link to post Share on other sites More sharing options...
Recommended Posts