View Full Version : Virtumonde problem?
compProgram
2008-05-22, 23:34
hi i had a malware problem a few months ago and you guys helped me out then, so i was hoping someone could help me out again.
i recently got infected with something and i noticed this when my comp started opening internet browsers slower and it's cpu usage on my cpu meter (in my vista sidebar) was almost always above 90%. so then i scanned with spybot and it found two entries of virtumonde i deleted with spybot and it seemed to work, however EVERY SECOND my computer was on a teatimer message came up saying that something called msserver was trying to add two or three files to my registry, i wasnt sure what it was and it KEPT on coming up so when i clicked 'agree' to allow it the virtumonde came back (leading me to believe this is the cause of it). scanning with spybot seemed to only be a temp solution because whenever i restarted the tt message kept coming back asking if i wanted to add it to the registry. the files were iifddbaB.dll, jkkttwQgF.dll, and novnhetr.dll (these were in my temp files, btw and could not be deleted by pressing 'delete'
so then i tried vundofix and it found an infection in poweriso (which is this virtual drive program) and when i clicked remove vundo it didnt work, then gave me a message saying it will restart the comp and vundofix will come up again at reboot so it could delete it before , but that didnt work cause when i restarted vundofix didnt even come up at startup.
then i tried virtumondebegone but that didnt even find anything..
then i tried even Malwarebytes antimalware and that found like 12 infections, it quarantined and deleted most of it and got two of them on reboot.
the problem is that everytime on startup a rundll message comes up saying that the file iifddbaB.dll, jkkttwQgF.dll, or novnhetr.dll could not be found or w/e so that should mean there are still some traces of the vundo on my comp so can someone please help me get rid of it?
heres my hjt log:
---------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:58 PM, on 22/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Computer\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Computer\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Computer\AppData\Local\Temp\iifddbaB.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10762 bytes
---------------------------------------------------------
thanks, compprogram
Rorschach112
2008-05-23, 00:32
Hello
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Please visit this web page for instructions for downloading and running ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
compProgram
2008-05-23, 01:39
thank you for the quick reply.
i already had atf cleaner on my comp because i use it regularily, but do u want me to delete this and reinstall or is it ok? (btw i have VISTA and atf cleaner works for it but it does not delete anything in the prefetch.
also, for combofix, is there a way to install a vista recovery console because i only quickly looked through it and it had something to do with the command prompt.
also, to note, i rescanned with malwarebytes this time with full scan and it found one more infection i deleted. and apparently the file that vundofix thought was malware i think is not because it thought a file of poweriso's was infected however i uninstalled it, scanned to double check and it showed no malware, then installed a newer version straight off the website, scanned, and it thought that same file is malware so i think that specifically from vundofix is wrong but malwarebytes still found some so im sure im still infected.
finally, i will carry on with this but i cant right now so i will be back in a few hours (like less than 4) thanks.
Rorschach112
2008-05-23, 01:55
No need to re-download ATF Cleaner
Can leave the Recovery Console
compProgram
2008-05-23, 06:16
ok so here is the combofix log. there is one thing i should note, that at first i tried running combo fix but i realized i would not have enough time to do it before i left so i closed it (only change i noticed was my system clock was 24h now) then recently i opened it again and it seemed to pick up where it left off but then it lagged for a while so i closed it and then ran again and i think it picked up from there again and created the log. so hopefully all is well if not i can redo the combo fix thing and post another log.
-----------------------------------------------
ComboFix 08-05-21.3 - Computer 2008-05-22 23:04:49.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1851 [GMT -4:00]
Running from: C:\Users\Computer\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_navapsvc
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.
2008-05-22 18:06 . 2008-05-22 18:06 <DIR> d-------- C:\Program Files\PowerISO
2008-05-22 10:07 . 2008-05-22 10:07 <DIR> d-------- C:\Users\Computer\AppData\Roaming\Malwarebytes
2008-05-22 10:07 . 2008-05-22 10:07 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-22 10:07 . 2008-05-22 10:07 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-22 10:07 . 2008-05-22 10:07 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-22 10:07 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\System32\drivers\mbamcatchme.sys
2008-05-22 10:07 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\System32\drivers\mbam.sys
2008-05-21 23:18 . 2008-05-22 18:21 <DIR> d-------- C:\VundoFix Backups
2008-05-14 20:27 . 2008-05-14 20:28 <DIR> d-------- C:\WINDOWS\System32\Adobe
2008-05-09 21:09 . 2008-05-11 02:02 <DIR> d-------- C:\Users\Computer\AppData\Roaming\MiniDm
2008-05-09 21:06 . 2008-05-09 21:07 <DIR> d-------- C:\Program Files\IEPro
2008-05-02 18:12 . 2008-05-02 18:12 <DIR> d-------- C:\Users\Computer\AppData\Roaming\Talkback
2008-05-02 17:38 . 2008-05-02 17:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-28 17:07 . 2008-04-28 17:10 <DIR> d-------- C:\Program Files\Counter-Strike 1.6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 03:04 --------- d-----w C:\Users\Computer\AppData\Roaming\DNA
2008-05-22 21:49 --------- d-----w C:\Users\Computer\AppData\Roaming\BitTorrent
2008-05-20 22:32 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-17 16:20 --------- d---a-w C:\ProgramData\TEMP
2008-05-17 16:20 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-15 02:26 --------- d-----w C:\Users\Computer\AppData\Roaming\Image Zone Express
2008-05-14 02:39 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 02:39 --------- d-----w C:\Program Files\Windows Mail
2008-05-10 01:07 --------- d-----w C:\ProgramData\Symantec
2008-05-04 04:48 --------- d-----w C:\Program Files\Steam
2008-05-03 02:38 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-19 00:05 --------- d-----w C:\Users\Computer\AppData\Roaming\PrevxCSI
2008-04-17 00:20 --------- d-----w C:\Program Files\DNA
2008-04-16 23:17 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-16 23:17 --------- d-----w C:\Program Files\Common Files\Real
2008-04-16 18:25 29,952 ----a-w C:\Windows\Help\OEM\Scripts\HPScript.exe
2008-04-15 21:32 --------- d-----w C:\Program Files\CCleaner
2008-04-13 21:35 --------- d-----w C:\ProgramData\WildTangent
2008-04-12 01:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-12 00:41 --------- d-----w C:\Program Files\Lavasoft
2008-04-11 20:41 --------- d-----w C:\Program Files\Valve
2008-04-10 00:09 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-04-10 00:09 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-04-10 00:09 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-04-08 01:02 --------- d-----w C:\Program Files\Total Video Converter
2008-04-06 04:23 --------- d-----w C:\Users\Computer\AppData\Roaming\Uniblue
2008-04-06 04:16 --------- d-----w C:\Program Files\Uniblue
2008-04-06 02:52 --------- d-----w C:\Program Files\HP
2008-04-04 21:52 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-03-27 19:02 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-26 01:28 174 --sha-w C:\Program Files\desktop.ini
2008-03-26 01:19 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-26 01:19 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-26 01:19 --------- d-----w C:\Program Files\Windows Journal
2008-03-26 01:19 --------- d-----w C:\Program Files\Windows Defender
2008-03-26 01:19 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-26 01:19 --------- d-----w C:\Program Files\Windows Calendar
2008-03-26 00:53 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-26 00:53 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-23 23:31 --------- d-----w C:\Program Files\NetConeal
2008-03-23 23:27 --------- d-----w C:\Users\Computer\AppData\Roaming\FreeCap
2008-03-08 20:16 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-06 23:18 4,502 ----a-w C:\Windows\System32\tmp.reg
2008-03-06 03:29 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-02 04:12 86,016 ----a-w C:\Windows\System32\VACFix.exe
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2007-11-04 14:16 440 ----a-w C:\Users\Computer\AppData\Roaming\wklnhst.dat
2007-09-04 23:36 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 03:36 2153472 C:\WINDOWS\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 09:50 1424648]
"BitTorrent DNA"="C:\Users\Computer\Program Files\DNA\btdna.exe" [2008-05-08 11:47 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 09:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 06:59 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\WINDOWS\RtHDVCpl.exe]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 09:12 71176]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 22:05 116328]
"SnapfishMediaDetector"="C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 17:55 1441792]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 03:33 227840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-01-24 09:22 2476408]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-05-05 20:46 1179256]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 19:50 233472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [3/2/2007 5:55:02 PM 1441792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\Windows\pss\Microsoft Office Groove.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2354960861-141067943-2326317658-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{54977830-5DAA-452E-89C5-D41D88273689}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{41FBDAB9-34F2-42E0-9E2D-E393373FC67D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{929CD735-7BBD-47E5-9806-CE8885D84057}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8AAC98F5-E5E7-4ACC-93AF-71A04BF4D1CA}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{44CDF252-411B-4121-8647-FC6CF3748606}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D403D48C-2C68-403C-9DB3-621454BE35E3}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7AB53790-ADF7-4001-AF26-866F69621ED1}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{02125C7D-3B27-4F08-9EFB-0BEEED35D227}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{147A54C4-B07A-4EDD-AA51-45A4B71741DE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5DDB0D55-AA17-455A-B0DE-3FB1DAC3B2EA}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C9C9205A-0A1D-4453-A0EE-82C9E2F82F0C}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7912511B-F37A-4ACE-889F-89E03B6711AB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{46D8B631-7DFA-4597-B9A6-AA4B5C6C8FED}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{4E4EBBE6-BB02-4604-AFEA-57FD3C4E8F76}C:\\program files\\microsoft office\\office12\\groove.exe"= UDP:C:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove
"UDP Query User{4E333A80-66FD-4156-8BBA-6439C084849A}C:\\program files\\microsoft office\\office12\\groove.exe"= TCP:C:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove
"{6F8E648A-E75E-4233-BCD2-B5AEE92DD6DD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D31D44C4-6592-4AA8-8C35-A2CD7BAC29F7}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{9692C3E6-330D-4243-A271-80C2D0922E15}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{D2C9746E-967D-4AA4-A97F-12B88FBCB6F4}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{3AEF1CA1-7B2C-4E74-BC00-90ADD66BD187}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080521.001\IDSvix86.sys [2008-02-13 12:18]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 07:36]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 16:30]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\Windows\system32\drivers\libusb0.sys [2005-03-09 21:50]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 15:22]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-11-27 17:38]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-01 18:05]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\SETUP.EXE
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-18 00:54:55 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Computer.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2008-05-12 00:17:57 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-22 16:36:37 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-17 23:00:01 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-22 23:18:33 C:\Windows\Tasks\User_Feed_Synchronization-{62E94CC9-2D78-43E7-84C0-454D26D2160C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 23:07:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-22 23:08:25
ComboFix-quarantined-files.txt 2008-05-23 03:07:58
Pre-Run: 257,440,481,280 bytes free
Post-Run: 257,405,255,680 bytes free
232 --- E O F --- 2008-05-20 22:32:16
----------------------------------------------------
and the hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:24 PM, on 22/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Computer\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Computer\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10659 bytes
Rorschach112
2008-05-23, 14:59
Hello
1. Close any open browsers.
2. Open notepad and copy/paste the text in the quotebox below into it:
File::
K:\SETUP.EXE
J:\Setup.exe
Folder::
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
Click on Kaspersky Online Scanner and click Accept
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
Also tell me how your PC is running
compProgram
2008-05-24, 03:38
ok so here is the scan log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 23, 2008 8:35:03 PM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/05/2008
Kaspersky Anti-Virus database records: 799359
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 149160
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:02:58
Infected Object Name / Virus Name / Last Action
C:\Bug.txt Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\LiveUpdate\2008-05-23_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped
C:\ProgramData\Lavasoft\Ad-Aware 2007\logs\AWProcessesLog.log Object is locked skipped
C:\ProgramData\Lavasoft\Ad-Aware 2007\logs\CoreEngineCommunicationLog.log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\864da5be2adb28c7711b08a95f5dd038_390a2636-5a2e-43c1-9914-129ca03a9f40 Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\Users\Computer\AppData\Roaming\microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Computer\AppData\Roaming\microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Messenger\ibrahim--a@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Messenger\ibrahim--a@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Messenger\ibrahim--a@hotmail.com\SharingMetadata\Working\database_F8AE_9DCE_AE9D_85B2\dfsr.db Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Messenger\ibrahim--a@hotmail.com\SharingMetadata\Working\database_F8AE_9DCE_AE9D_85B2\fsr.log Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Messenger\ibrahim--a@hotmail.com\SharingMetadata\Working\database_F8AE_9DCE_AE9D_85B2\fsrtmp.log Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Messenger\ibrahim--a@hotmail.com\SharingMetadata\Working\database_F8AE_9DCE_AE9D_85B2\tmp.edb Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052320080524\index.dat Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\UsrClass.dat{2e03b47a-5649-11dc-a105-001bfc51b749}.TM.blf Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\UsrClass.dat{2e03b47a-5649-11dc-a105-001bfc51b749}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows\UsrClass.dat{2e03b47a-5649-11dc-a105-001bfc51b749}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows Live Contacts\ibrahim--a@hotmail.com\real\members.stg Object is locked skipped
C:\Users\Computer\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Computer\AppData\Local\Temp\~DFD9D5.tmp Object is locked skipped
C:\Users\Computer\AppData\Local\Temp\~DFDCB4.tmp Object is locked skipped
C:\Users\Computer\AppData\Local\VirtualStore\ProgramData\muvee Technologies\030625\0103\0399\ProductKey.val Object is locked skipped
C:\Users\Computer\AppData\Local\VirtualStore\ProgramData\muvee Technologies\030625\0103\0399\template.mmdf Object is locked skipped
C:\Users\Computer\AppData\Local\VirtualStore\ProgramData\muvee Technologies\030625\0103\0399\values Object is locked skipped
C:\Users\Computer\NTUSER.DAT Object is locked skipped
C:\Users\Computer\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Computer\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Computer\NTUSER.DAT{c566d2e8-26bc-11dd-a89c-001bfc51b749}.TM.blf Object is locked skipped
C:\Users\Computer\NTUSER.DAT{c566d2e8-26bc-11dd-a89c-001bfc51b749}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Computer\NTUSER.DAT{c566d2e8-26bc-11dd-a89c-001bfc51b749}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_2929558962_5701632_113546 Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\MSDVRMM_2929558962_7143424_116253 Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\SBE2A79.tmp Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\TempSBE\SBE2CEA.tmp Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\{5359DEC2-47C8-436B-A8AA-569C50C22448}.TmpSBE Object is locked skipped
C:\Users\Public\Recorded TV\TempRec\{BF8B54D4-4982-4DC6-921A-2EC7DCA17B76}.TmpSBE Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\WIA\wiatrace.log Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.log Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.persist.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setupact.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setuperr.log Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\setupact.log Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\WINDOWS\security\database\secedit.sdb Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\System32\restore\MachineGuid.txt Object is locked skipped
C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof Object is locked skipped
C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job Object is locked skipped
C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job Object is locked skipped
C:\WINDOWS\Tasks\Uniblue SpyEraser.job Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped
D:\$RECYCLE.BIN\Desktop.ini Object is locked skipped
D:\$RECYCLE.BIN\Protect.ed Object is locked skipped
Scan process completed.
--------------------------------------
its returned clean so im sure thats good and i dont see anything in the hjt that could be bad, and my comp seems to be working fine again.
but just in case please dont close this topic at least for a few days or unless i say im sure its all fine. thanks a lot for the help.
one question though, what happened when i created that cfscript file and dragged it to combofix? is it sort of like a custom scan?
Rorschach112
2008-05-24, 14:55
It deletes the files we tell it to delete
Your logs are clean
Follow these steps to uninstall Combofix and tools used in the removal of malware
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here (http://java.sun.com/javase/downloads/index.jsp)
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) protects against bad ActiveX
IE-SPYAD (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)
* SpywareGuard (http://www.javacoolsoftware.com/sgdownload.html) offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here (http://www.mozilla.org/products/firefox/)
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here (http://forums.spywareinfo.com/index.php?showtopic=60955)
Thank you for your patience, and performing all of the procedures requested.
compProgram
2008-05-25, 07:38
ok thank you so much for helping me. i uninstalled combofix, updated java (though i thought i uninstalled all previous versions when i updated it a few months ago), and my computer is already set to auto update through windows update, so i will know when there are updates available through windows update.
i already had spywareblaster on my comp, and i have to say it is really useful, but i read in IE-SPYAD that it only works for ie6 or less, but i have ie7. Also, i think i remember trying spywareguard a few months ago but it had some sort of conflict with the other programs on my comp (i think Teatimer, but im not exactly sure).
Also, i have to say thank you for the link to the hosts files i already had a list on my comp but i saw how this was rated #1 and all so thanks again.
And as a note, i also use ff, its just that my comp is windows and windows bundles ie with all its pcs so unfortunately i cant get rid of it (do you know of some way to uninstall ie so i can ONLY use ff? because i use both equally right now).
As a final note, im not sure if you can help or not but, i have a program called Uniblue SpyEraser on my comp, and i set it up to scan it weekly and every week it seems to find this same spyware on it. SpyEraser labels it as "Malware (General Components)" and it says like "threat level: moderate" and its always these 8 infections. they are in things like hkey_current_user\software\wget\
or entversion\internet settings\zonemap\domains\blazefind.com\
is there any way i can permanently delete these? or any other good scanning programs etc? im just wondering if you may know what this is.
and FINALLY, i would like to thank you for your patience in helping me and would like to say you have done a good job. thanks.
Rorschach112
2008-05-25, 14:30
I think IE-SPYAD should still work on IE7
SpywareGuard will conflict with TeaTimer, make sure you only use one of those
You cant uninstall IE as it is needed. Would be dangerous to try do that
I wouldn't worry about SpyEraser detecting that, it is nothing to worry about that. That program is not very good at all, I would recommend removing it.
is there any way i can permanently delete these? or any other good scanning programs etc? im just wondering if you may know what this is.
We can delete it but there is no need, it is not dangerous at all. MBAM is the best program, if that is giving you a clean bill of health then you are good to go
Any other questions ?
compProgram
2008-05-26, 05:07
well thats about it thanks.
ill give ie spyad a try, and ya so since im more used to teatimer i will keep that.
and ya i guess ur rite its best just to keep ie and leave it.
and thanks so mbam is highly recommended then?
however, is spyeraser unrecommended? like do you think its unneeded or smthng? cause ive used the other uniblue programs like speedupmypc and registrybooster and they work very well for me so i thought i'd give this a try
Rorschach112
2008-05-26, 15:26
MBAM is the best anti-spyware program out now, and it is free
Spyeraser is junk, you wont find anybody recommending it here. Also it isn't free is it ?
I would uninstall it if I were you
Anything else ?
compProgram
2008-05-28, 04:07
well spyeraser comes in a package with powersuite, and no its not free, but if its no good i'd be ready to give it up.
well, one final thing im wondering if you can give me any feedback on some of these programs ive seen over the internet. because right now i am using norton internet security 07 which has like all of the features but im looking for a better one, or a better recommended one because ive noticed that it slows down my comps boot up time noticably.
so the programs i have seen are:
TDS-3 for trojan detection,
Wormgaurd for worms
Port Explorer for viewing your ports to see if any unwanted things are sneaking in.
Black Ice, a firewall w/ intrusion detection + it comes with application protection which prevents programs from installing or accessing the internet w/o user consent.
and pest patrol which is supposed to kill adware right away.
As i said, im just wondering if there is a program, or group of programs i can use that could replace my norton internet security (some of the programs listed are trials also wihch i havent tried yet ive only heard about them)
So im wondering if you have any ideas as to how effective these programs are or if you have any to recommend.
Oh and as a final note i have heard that NOD32 is the best Anti virus protection?
Rorschach112
2008-05-28, 18:53
Norton is terrible and slows your PC down loads, I recommend the following
* You should also consider changing your anti-virus protection considering how badly infected your pc was. Here are some good programs, make sure you only use one though :
AVG (http://free.grisoft.com/doc/2/lng/us/tpl/v5) makes an excellent free antivirus client, as do AntiVir (http://www.free-av.com) or avast! (http://www.avast.com/eng/avast_4_home.html).
TDS-3 for trojan detection,
Wormgaurd for worms
Port Explorer for viewing your ports to see if any unwanted things are sneaking in.
Black Ice, a firewall w/ intrusion detection + it comes with application protection which prevents programs from installing or accessing the internet w/o user consent.
and pest patrol which is supposed to kill adware right away.
I would remove all of these. This is over kill for sure. Pest Patrol is terrible, have never heard of TSD-3 which isn't good
Use MBAM and the instructions in my previous post, that is enough. Comodo is a good firewall
As i said, im just wondering if there is a program, or group of programs i can use that could replace my norton internet security (some of the programs listed are
I would recommend Avira, Comodo, MBAM, SpywareGuard. That is the best protection
Anything else ?
compProgram
2008-05-30, 06:24
well i dont really have any more questions anymore thanks you have been a lot of help, however i was wondering if lastly you could help clear something up for me.
Right now i have Norton Internet Security running because it is like a total package which contains like everything more or less you need to stay safe (antivirus, firewall etc).
I also have adaware and its adwatch (which is what helped me determine there was something wrong with my comp, and spybot, and spyware blaster, and powersuite (contains registry booster, speedupmypc, and spyeraser (which u suggested i stop using), and mbam.
So i think that spybot and spyware blaster are a must.
mbam too i think, b/c i remember you saying it is the best free anti malware scanner.
Powersuite contained the registry booster and pc optimizing program which is why i have that (spyeraser was included in the package which was the only reason i used it)
and norton i have because it is like a full package of protection i thought i could use.
so i was wondering if you could clarify my best options. i personally know how norton really slows down my pc, and i looked and saw avg's total internet security package and i thought it seemed like a good replacement but wanted your advice. i havent downloaded or used any of those programs i asked you about i just wanted your opinion, so what do you think is the best protection to have, regardless of cost (as long as it does not cost too much)
Would it be that combo of Avira, Comodo, MBAM, SpywareGuard? and would this be enough for complete protection (well, as much is possible i know that you cannot stop ALL infections) compared to avgs internet security or aviras premium security?
thanks again
Rorschach112
2008-05-30, 14:40
Hello
Would it be that combo of Avira, Comodo, MBAM, SpywareGuard? and would this be enough for complete protection (well, as much is possible i know that you cannot stop ALL infections) compared to avgs internet security or aviras premium security?
Yes go for the combo of Avira Comodo MBAM SpywareGuard SpywareBlaster
You can remove everything else
There is no need to buy AVG internet security suite, as the above programs are all free and do a better job
If you do remove Norton, download and run the removal tool from here
http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
Anything else ?
compProgram
2008-05-31, 22:37
well if you are saying that that combo ( avria, comodo, mbam, and spywareblaster (not spywareguard i guess b/c it doesnt work with teatimer))
is probably the best combo to have, regardless of cost, then i will consider this.
thank you very much for your help if you can just confirm that this is probably the best choice regardless of other programs that cost money, i will finally be out of your hair and say my final THANKYOU SO MUCH :)
compProgram
2008-05-31, 23:09
oh, also, i was looking through the protection my norton internet security offers and i saw that the package you have recommended contains most of the protection norton currently offers.
i am just wondering if i have missed some functions of these programs, but do any of these have incoming/outgoing email scanning(is this even needed because hotmail scans them for you i think?)
and phishing protection (but i think internet explorer 7 offers that(not sure about ff)is the one offered by ie trustworthy? and does ff offer one that is trustworthy?)
because i use both ff and ie but im not sure if ff offers phishing protection.
if they do not, are there any free programs that offer them?/ is the email scanning even needed?
compProgram
2008-05-31, 23:38
sorry after looking through the features of the programs further i saw that with this package you have suggested it contains antiphishing, as well as intrusion prevention (which i think i forgot to mention) and also rootkit prevention.
so my last question about this is if email AND IM (instant messaging) scanning is useful or useless and if this package does or doesnt contain this and if there is a program that does this.
THANKS =)
:laugh:
Rorschach112
2008-06-01, 01:54
so my last question about this is if email AND IM (instant messaging) scanning is useful or useless and if this package does or doesnt contain this and if there is a program that does this.
No I don't think they do, it's not something that is needed anyway
Don't know what programs offer that protection
Any other questions
compProgram
2008-06-01, 19:36
nope, that is everything, thank you very much !!
p.s. i started using avira and comodo and its going pretty well. ive noticed how comodo always gives a message to me prompting me to confirm actions but thats fine seeing as how it learns from that.
Thank you for your recommendations and your help this thread can be closed now :)
Rorschach112
2008-06-01, 19:54
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.