Virtumonde.dll

[girlie100]

the timestamp is correct so here is the log file:

ComboFix 10-02-19.04 - Any Authorised User 20/02/2010 12:25:20.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.267 [GMT 0:00]
Running from: C:\Documents and Settings\Any Authorised User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Any Authorised User\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 )))))))))))))))))))))))))))))))
.

2010-02-20 12:25:12 . 2010-02-20 12:25:13 150528 ----a-w- C:\WINDOWS\system32\dllcache\uploadm.exe
2010-02-20 10:52:47 . 2009-10-28 22:37:21 811896 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\Scxpx86.dll
2010-02-20 10:52:46 . 2009-10-28 22:37:22 329592 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys
2010-02-20 10:52:45 . 2009-10-28 22:37:22 343088 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys
2010-02-20 10:52:45 . 2009-10-28 22:37:21 488312 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSxpx86.dll
2010-02-20 10:52:44 . 2009-10-28 22:37:21 466992 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys
2010-02-18 15:55:24 . 2010-02-09 21:07:28 84912 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100217.069\NAVENG.SYS
2010-02-18 15:55:24 . 2010-02-09 21:07:28 177520 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100217.069\NAVENG32.DLL
2010-02-18 15:55:24 . 2010-02-09 21:07:28 1647984 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100217.069\NAVEX32A.DLL
2010-02-18 15:55:24 . 2010-02-09 21:07:28 1324720 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100217.069\NAVEX15.SYS
2010-02-18 15:55:23 . 2010-02-09 21:07:28 371248 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100217.069\EECTRL.SYS
2010-02-18 15:55:23 . 2010-02-09 21:07:28 2747440 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100217.069\CCERASER.DLL
2010-02-18 15:55:23 . 2010-02-09 21:07:28 259440 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100217.069\ECMSVR32.DLL
2010-02-18 15:55:23 . 2010-02-09 21:07:28 102448 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100217.069\ERASER.SYS
2010-02-15 16:20:30 . 2010-02-15 16:20:30 388096 ----a-r- C:\Documents and Settings\Any Authorised User\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-15 16:16:20 . 2010-02-15 16:16:36 -------- d-----w- C:\Program Files\ERUNT
2010-02-15 14:01:49 . 2010-02-15 14:01:49 -------- d-----w- C:\Documents and Settings\Any Authorised User\Application Data\Malwarebytes
2010-02-15 14:01:39 . 2010-01-07 16:07:14 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-02-15 14:01:36 . 2010-02-15 14:01:36 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-15 14:01:33 . 2010-02-15 14:01:47 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-15 14:01:33 . 2010-01-07 16:07:04 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-02-14 21:39:33 . 2010-02-14 21:41:25 -------- d-----w- C:\Program Files\Windows Live Safety Center
2010-02-14 21:20:06 . 2010-02-14 21:22:01 -------- dc-h--w- C:\WINDOWS\ie8
2010-02-14 19:42:08 . 2010-02-14 20:46:32 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-02-14 19:42:08 . 2010-02-14 20:43:13 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-14 19:24:45 . 2010-02-14 19:24:45 48544 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2010-02-14 19:03:10 . 2009-10-28 22:37:22 343088 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSvix86.sys
2010-02-14 19:03:10 . 2009-10-28 22:37:22 329592 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSXpx86.sys
2010-02-14 19:03:10 . 2009-10-28 22:37:21 811896 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\Scxpx86.dll
2010-02-14 19:03:10 . 2009-10-28 22:37:21 488312 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSxpx86.dll
2010-02-14 19:03:10 . 2009-10-28 22:37:21 466992 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100210.001\IDSviA64.sys
2010-02-05 21:35:53 . 2010-02-05 21:35:53 -------- d-----w- C:\Documents and Settings\Any Authorised User\C
2010-02-05 19:07:24 . 2010-02-05 22:46:28 -------- d-----w- C:\Program Files\iTunes
2010-02-05 19:07:24 . 2010-02-05 19:08:30 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-05 19:06:10 . 2010-02-05 19:06:10 -------- d-----w- C:\Program Files\Bonjour
2010-02-05 19:04:25 . 2010-02-05 19:04:25 -------- d-----w- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\Apple
2010-02-05 19:04:04 . 2010-02-05 19:04:04 -------- d-----w- C:\Program Files\Apple Software Update
2010-02-05 19:03:41 . 2009-08-28 19:42:52 40448 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys
2010-02-05 19:03:41 . 2009-08-28 19:42:52 2065696 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll
2010-02-05 19:02:02 . 2010-02-05 19:07:37 -------- d-----w- C:\Program Files\Common Files\Apple
2010-02-05 19:02:02 . 2010-02-05 19:02:02 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple
2010-01-31 16:45:02 . 2010-01-31 16:45:07 -------- d-----w- C:\WINDOWS\SQLTools9_KB970892_ENU
2010-01-31 14:19:55 . 2010-01-31 14:19:55 -------- d-----w- C:\WINDOWS\system32\Registry Patrol
2010-01-31 14:18:56 . 2010-01-31 14:22:35 -------- d-----w- C:\Program Files\Registry Patrol
2010-01-31 13:45:51 . 2010-01-31 13:45:52 -------- d-----r- C:\Program Files\Norton Support
2010-01-30 17:47:28 . 2010-01-30 17:47:29 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2010-01-30 17:39:15 . 2010-01-30 17:39:17 -------- d-----w- C:\f71b5c25fa32883ca5706365d257924a
2010-01-30 17:23:14 . 2010-01-30 17:23:17 -------- d-----w- C:\b3c4cb4810021e8ab02912d6
2010-01-30 16:38:56 . 2009-08-06 19:23:46 274288 ----a-w- C:\WINDOWS\system32\mucltui.dll
2010-01-30 15:47:04 . 2010-01-30 15:47:04 503808 ----a-w- C:\Documents and Settings\Any Authorised User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4478271f-n\msvcp71.dll
2010-01-30 15:47:04 . 2010-01-30 15:47:04 499712 ----a-w- C:\Documents and Settings\Any Authorised User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4478271f-n\jmc.dll
2010-01-30 15:47:04 . 2010-01-30 15:47:04 348160 ----a-w- C:\Documents and Settings\Any Authorised User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4478271f-n\msvcr71.dll
2010-01-30 15:47:03 . 2010-01-30 15:47:03 61440 ----a-w- C:\Documents and Settings\Any Authorised User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7526f901-n\decora-sse.dll
2010-01-30 15:47:03 . 2010-01-30 15:47:03 12800 ----a-w- C:\Documents and Settings\Any Authorised User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7526f901-n\decora-d3d.dll
2010-01-30 15:36:55 . 2010-01-30 15:36:55 -------- d-----w- C:\spoolerlogs
2010-01-30 14:38:00 . 2010-01-30 14:37:42 36400 ----a-r- C:\WINDOWS\system32\drivers\SymIM.sys
2010-01-30 14:37:50 . 2010-01-30 14:37:49 60808 ----a-w- C:\WINDOWS\system32\S32EVNT1.DLL
2010-01-30 14:37:49 . 2010-01-30 14:37:50 -------- d-----w- C:\Program Files\Symantec
2010-01-30 14:37:49 . 2010-01-30 14:37:49 124976 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2010-01-30 14:37:38 . 2010-01-30 14:37:38 1291104 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-01-30 14:37:35 . 2010-01-30 14:37:35 136840 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-01-30 14:37:30 . 2010-01-30 14:37:30 771440 ----a-w- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-01-30 14:37:10 . 2010-02-05 18:16:44 -------- d-----w- C:\WINDOWS\system32\drivers\N360
2010-01-30 14:37:07 . 2010-01-30 14:37:23 -------- d-----w- C:\Program Files\Norton 360
2010-01-30 14:37:06 . 2010-01-30 14:38:29 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Norton
2010-01-30 14:33:16 . 2010-01-30 14:33:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-01-30 14:33:16 . 2010-01-30 14:33:16 -------- d-----w- C:\Program Files\NortonInstaller
2010-01-30 13:47:42 . 2010-01-30 13:47:42 -------- d-----w- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\ICS
2010-01-22 19:51:36 . 2010-01-22 19:51:36 72488 ----a-w- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 12:25:13 . 2010-02-20 12:25:12 150528 ----a-w- C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe
2010-02-14 19:23:45 . 2006-05-13 20:32:11 -------- d-----w- C:\Documents and Settings\Any Authorised User\Application Data\Apple Computer
2010-02-05 19:07:39 . 2006-05-13 20:30:19 -------- d-----w- C:\Program Files\iPod
2010-02-05 19:05:11 . 2006-05-13 20:31:52 -------- d-----w- C:\Program Files\QuickTime
2010-02-05 19:04:54 . 2006-05-13 20:31:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-02-05 18:28:42 . 2006-05-15 14:35:13 -------- d-----w- C:\Documents and Settings\Any Authorised User\Application Data\objects
2010-02-05 17:16:52 . 2006-05-12 17:23:34 64160 ----a-w- C:\Documents and Settings\Any Authorised User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-05 17:14:45 . 2006-05-10 17:49:43 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-02-05 17:14:43 . 2006-06-29 11:38:20 -------- d-----w- C:\Program Files\Intermediary Mortgages
2010-02-05 17:12:04 . 2006-06-29 11:02:02 -------- d-----w- C:\Program Files\Northern Rock Online
2010-02-05 17:11:14 . 2006-07-29 12:03:36 -------- d-----w- C:\Program Files\Alliance and Leicester Online Forms
2010-02-04 10:14:54 . 2006-05-13 20:31:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\QuickTime
2010-01-31 16:55:12 . 2006-05-15 13:52:58 -------- d-----w- C:\Program Files\Microsoft SQL Server
2010-01-31 11:59:55 . 2006-06-28 11:57:00 -------- d-----w- C:\Documents and Settings\Any Authorised User\Application Data\U3
2010-01-30 17:22:26 . 2006-07-18 09:08:57 -------- d-----w- C:\Program Files\Abbey
2010-01-30 15:15:15 . 2006-05-12 14:41:26 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-01-30 14:37:49 . 2010-01-30 14:37:50 7456 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2010-01-30 14:37:49 . 2010-01-30 14:37:49 806 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.INF
2010-01-30 14:37:41 . 2008-01-29 11:01:28 26600 ----a-r- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2010-01-30 14:37:32 . 2008-01-29 11:02:30 107368 ----a-r- C:\WINDOWS\system32\GEARAspi.dll
2010-01-30 14:19:38 . 2006-05-12 14:41:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Symantec
2010-01-30 14:17:52 . 2006-05-12 14:48:13 -------- d-----w- C:\Documents and Settings\Any Authorised User\Application Data\Symantec
2010-01-27 09:25:24 . 2006-05-10 17:45:01 -------- d-----w- C:\Program Files\Common Files\Java
2010-01-27 09:23:54 . 2006-05-10 17:45:02 -------- d-----w- C:\Program Files\Java
2010-01-05 10:00:21 . 2010-01-05 10:00:21 78336 ------w- C:\WINDOWS\system32\ieencode.dll
2009-12-31 16:50:03 . 2005-02-02 19:01:18 353792 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2009-12-21 19:14:05 . 2005-02-02 18:59:20 916480 ------w- C:\WINDOWS\system32\wininet.dll
2009-12-17 17:14:00 . 2008-12-08 09:55:38 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-12-16 18:43:27 . 2005-02-02 18:58:46 343040 ----a-w- C:\WINDOWS\system32\mspaint.exe
2009-12-14 07:08:23 . 2005-02-02 18:58:15 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2009-12-08 19:27:51 . 2005-02-02 18:58:53 2189184 ------w- C:\WINDOWS\system32\ntoskrnl.exe
2009-12-08 18:43:50 . 2005-02-02 18:58:52 2066048 ------w- C:\WINDOWS\system32\ntkrnlpa.exe
2009-12-04 18:22:22 . 2005-02-02 19:01:16 455424 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2009-11-27 17:11:44 . 2005-02-02 18:59:00 1291776 ----a-w- C:\WINDOWS\system32\quartz.dll
2009-11-27 17:11:44 . 2005-02-02 18:58:49 17920 ----a-w- C:\WINDOWS\system32\msyuv.dll
2009-11-27 16:07:35 . 2005-02-02 18:59:13 8704 ----a-w- C:\WINDOWS\system32\tsbyuv.dll
2009-11-27 16:07:35 . 2005-02-02 18:58:47 28672 ----a-w- C:\WINDOWS\system32\msvidc32.dll
2009-11-27 16:07:34 . 2005-02-02 18:58:46 11264 ----a-w- C:\WINDOWS\system32\msrle32.dll
2009-11-27 16:07:34 . 2005-02-02 18:58:31 48128 ----a-w- C:\WINDOWS\system32\iyuv_32.dll
2009-11-27 16:07:34 . 2005-02-02 18:58:07 84992 ----a-w- C:\WINDOWS\system32\avifil32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-18_16.20.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-18 16:54:09 . 2010-02-18 16:54:09 16384 C:\WINDOWS\Temp\Perflib_Perfdata_704.dat
+ 2010-02-18 16:53:07 . 2010-02-18 16:53:07 16384 C:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat
+ 2010-02-18 16:53:07 . 2010-02-18 16:53:07 16384 C:\WINDOWS\Temp\Perflib_Perfdata_454.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 00:12:28 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-03-22 12:57:38 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-03-22 12:53:52 126976]
"SMSERIAL"="sm56hlpr.exe" [2005-04-26 10:15:00 544768]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 15:25:10 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 15:24:28 688218]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 11:01:23 1397760]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-11-10 23:08:18 417792]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 15:21:52 246504]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03:04 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-01-22 19:16:42 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

C:\Documents and Settings\Any Authorised User\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(2).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-5-12 131584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\N360\0308000.029\SymEFA.sys [05/02/2010 18:09:12 310320]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\N360\0308000.029\BHDrvx86.sys [05/02/2010 18:09:12 259632]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\N360\0308000.029\cchpx86.sys [05/02/2010 18:09:12 482432]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys [20/02/2010 10:52:46 329592]
R2 MSSQL$INERTIA3_SQL2005;SQL Server (INERTIA3_SQL2005);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31:10 29263712]
R2 N360;Norton 360;C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [05/02/2010 18:08:51 117640]
R2 TRUService;Trigold Update Service;C:\Program Files\Trigold\Update\TRUService.exe [14/07/2008 13:24:35 135816]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/02/2010 20:19:31 102448]
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34:12 . 2008-07-30 12:34:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.intrinsicfs.com/
uInternet Connection Wizard,ShellNext = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} - hxxps://exweb.exchange.uk.com/clientbinaries/texInfo.CAB
DPF: {034DA761-EDB7-11D7-A20A-000802318089} - hxxps://exweb.exchange.uk.com/clientbinaries/EWGPHI.CAB
DPF: {090EC279-1378-44B7-B521-888980212E7E} - hxxps://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl3.CAB
DPF: {2F6A847E-2EC2-11D3-AE1B-00508B014C1D} - hxxps://exweb.exchange.uk.com/clientbinaries/XMLParser.CAB
DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} - hxxps://exweb.exchange.uk.com/clientbinaries/EWGPensions.CAB
DPF: {511835FF-EDC9-11D7-A20A-000802318089} - hxxps://exweb.exchange.uk.com/clientbinaries/EWGWholeLife.CAB
DPF: {61DA056C-EDE7-11D7-A20A-000802318089} - hxxps://exweb.exchange.uk.com/clientbinaries/EWGBonds.CAB
DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} - hxxps://exweb.exchange.uk.com/clientbinaries/VersionInfo.CAB
DPF: {A74D724A-AB17-11D2-A96A-006097E20477} - hxxps://exweb.exchange.uk.com/clientbinaries/eXwebUtils.CAB
DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} - hxxps://exweb.exchange.uk.com/clientbinaries/printdll.CAB
DPF: {E7FF5332-854E-11D2-A952-006097E20477} - hxxps://exweb.exchange.uk.com/clientbinaries/eXwebOcc.CAB
DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} - hxxps://exweb.exchange.uk.com/clientbinaries/pvdt70.CAB
.


i am just uninstalling the other stuff you requested

[girlie100]

i cant get the kaspersky online scanner to run:

Program download is in progress. Please wait. To allow further operations of Kaspersky Online Scanner 7.0, agree in the security warning to launch the Java application signed by Kaspersky Lab.

Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program.

i have uninstalled the updates listed, ran the scanner it asked to install java, i followed the link but then it doesnt work? i will await your reply

[Blade81]

Hi,

Let's see if we get better results with ESET online scanner.

* Go here to run an online scanner from ESET.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• Make sure that the option Remove found threats is not checked.
• Click Scan
• Wait for the scan to finish
• Copy and paste that log as a reply to this topic, along with other requested logs that weren't posted yet. How's the system running?

[girlie100]

The scan completed, but no log file that i could see, however i could export this as a txt file:

C:\Program Files\Registry Patrol\RegistryPatrol.exe a variant of Win32/Adware.RegistryPatrol application


this was the only threat found, i cannot find a spybot S&D log file to post, but i can run another scan if you require the log file, the system runs fine but iexporer runs slow.

[girlie100]

apologies, i found the spybot report, if this helps?


--- Report generated: 2010-02-18 18:00 ---

Congratulations!: No immediate threats were found. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-02-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2010-02-09 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-02-09 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-02-09 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-02-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-02-10 Includes\Malware.sbi (*)
2010-02-10 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-02-09 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-02-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-02-09 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2010-02-10 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[Blade81]

Hi,

Uninstall Registry Patrol. Is there some specific situation in which IE is slow?

[girlie100]

its slow starting up, and loading new pages sometimes. where do i uninstall registry patrol from? its not in add/remove? thanks

[Blade81]

Hi,

If Registry Patrol isn't visible on installed programs list then just delete these two folders:
c:\windows\system32\Registry Patrol
c:\program files\Registry Patrol

Have you noticed if IE is slow on some certain sites or does it happen randomly?

[girlie100]

have deleted both folders, its slow loading homepage when you start up and slow loading pages when you go to new websites, however, i'm used to using firefox so it may just be me??

[Blade81]

Hi,

IE is slower compared to Firefox. You may want to see if running IE with addons disabled runs any faster:
Click the Start button, click All Programs, click Accessories, click System Tools, and then click Internet Explorer (No Add-ons).


Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

Next we remove all used tools.

Please download OTC and save it to desktop.

• Double-click OTC.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.