problems with trojan

View previous topic View next topic Go down

problems with trojan

Post by rachel10173 on Wed Jan 06, 2010 2:21 pm

Hi,

My mums pc has a Trojan on I and need some help in removing it, it can't find the name of it Norton detects it and says it's a file c:\windows\tremp\bpvd.tmp\svchost.exe. I've ran Hijackthis and created a log file, please can someone take a look at it and give me some advice .
Many Thanks
Rachel

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:01, on 06/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\sdra64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [userinit] C:\Users\Chris & Derek\AppData\Roaming\sdra64.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll
O13 - Gopher Prefix:
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - [You must be registered and logged in to see this link.]
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6712 bytes

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Wed Jan 06, 2010 6:04 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
    O4 - HKCU\..\Run: [userinit] C:\Users\Chris & Derek\AppData\Roaming\sdra64.exe



  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: problems with trojan

Post by rachel10173 on Thu Jan 07, 2010 3:15 pm

Hi,

Thanks for taking a look at this for me.
Malwarebytes' Anti-Malware 1.43
Database version: 3507
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

07/01/2010 15:08:29
mbam-log-2010-01-07 (15-08-29).txt

Scan type: Quick Scan
Objects scanned: 101434
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
C:\Windows\System32\sdra64.exe (Spyware.Passwords) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Passwords) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Passwords) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\sdra64.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Chris & Derek\AppData\Roaming\sdra64.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Thu Jan 07, 2010 4:34 pm

Hello.
You may want to change your passwords once were done, this malware has keylogging abilities.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: problems with trojan

Post by rachel10173 on Fri Jan 08, 2010 5:13 pm

Hi,

Where do you think she may have picked up this malware? She mainly goes on ebay, paypal, youtube and her grandson sometimes plays on online games. It would be handy to know just so she can be extra vigilant. Also why didn't my Norton 360 stop it from coming in?

DDS (Ver_09-12-01.01) - NTFSx86
Run by Chris & Derek at 17:06:02.15 on 08/01/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.903 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Iconix\IconixService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbtcoms.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chris & Derek\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_41.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m
uRun: [Uniblue SpeedUpMyPC] c:\program files\uniblue\speedupmypc 3\StartSUMP2.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_41.dll
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_41.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris&~1\appdata\roaming\mozilla\firefox\profiles\v196jpcw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2016-4-12 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2016-4-12 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2016-4-12 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091230.004\IDSvix86.sys [2010-1-4 343088]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 IconixService;Iconix Update Service;c:\program files\common files\iconix\IconixService.exe [2009-1-14 282968]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2016-4-12 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-17 102448]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0305020.00b\symndisv.sys [2016-4-12 48688]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

=============== Created Last 30 ================

2016-04-14 13:07:22 0 d-----w- c:\users\chris&~1\appdata\roaming\iMaxGen
2016-04-13 18:01:13 0 d-----w- c:\users\chris&~1\appdata\roaming\Gamers Digital
2016-04-13 18:01:13 0 d-----w- c:\programdata\Gamers Digital
2016-04-12 17:11:11 0 d-----w- c:\users\chris&~1\appdata\roaming\Game Mill Entertainment
2016-04-12 17:07:06 0 d-----w- c:\users\chris&~1\appdata\roaming\BrokenHearts
2016-04-12 00:00:59 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2016-04-12 00:00:59 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2016-04-12 00:00:58 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2016-04-12 00:00:52 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2016-04-12 00:00:52 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2016-04-12 00:00:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2016-04-12 00:00:51 0 d-----w- c:\program files\Symantec
2016-04-12 00:00:18 0 d-----w- c:\windows\system32\drivers\N360
2016-04-12 00:00:14 0 d-----w- c:\program files\Norton 360
2016-04-12 00:00:12 0 d-----w- c:\programdata\Office Genuine Advantage
2010-01-07 14:55:51 0 d-----w- c:\users\chris&~1\appdata\roaming\Malwarebytes
2010-01-07 14:55:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:55:44 0 d-----w- c:\programdata\Malwarebytes
2010-01-07 14:55:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:55:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 18:47:08 0 d-----w- c:\users\chris&~1\appdata\roaming\BlamGames
2010-01-06 14:05:52 0 d-----w- c:\program files\Trend Micro
2010-01-04 13:13:11 0 d-----r- c:\program files\Norton Support
2010-01-04 09:27:34 0 dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-01-01 19:10:43 0 d-----w- c:\programdata\TheFallTrilogy
2009-12-31 20:03:59 0 d-----w- c:\users\chris&~1\appdata\roaming\Virtual City
2009-12-31 19:18:01 0 d-----w- c:\users\chris&~1\appdata\roaming\Aveyond 3
2009-12-31 19:15:58 0 d-----w- c:\users\chris&~1\appdata\roaming\MastersOfMystery2
2009-12-31 16:40:29 0 d-----w- c:\users\chris&~1\appdata\roaming\Scholastic
2009-12-31 16:33:08 0 d-----w- c:\windows\I Spy Spooky Mansion
2009-12-31 16:33:08 0 d-----w- c:\program files\I Spy Spooky Mansion
2009-12-30 18:47:23 0 d-----w- c:\users\chris&~1\appdata\roaming\Scrabble Plus
2009-12-27 17:02:46 0 d-----w- c:\users\chris&~1\appdata\roaming\Virtual Prophecy
2009-12-26 16:14:03 0 d-----w- c:\programdata\The Mirror Mysteries
2009-12-26 16:14:01 78 ----a-w- c:\windows\Numerical
2009-12-26 16:14:01 76 ----a-w- c:\windows\Spatial
2009-12-26 16:14:01 75 ----a-w- c:\windows\Verbal
2009-12-26 16:14:01 75 ----a-w- c:\windows\Memory
2009-12-26 16:14:01 74 ----a-w- c:\windows\Logic
2009-12-26 16:14:01 73 ----a-w- c:\windows\Times New Roman
2009-12-26 16:14:01 454 ----a-w- c:\windows\0
2009-12-26 16:13:47 0 d-----w- c:\program files\The Mirror Mysteries
2009-12-26 09:47:23 0 d-----w- c:\users\chris&~1\appdata\roaming\OtherSide Realm of Eons
2009-12-25 23:16:20 1772 ----a-w- c:\users\chris & derek\Desktop4 Elements.lnk
2009-12-19 09:36:54 0 d-----w- c:\windows\system32\drivers\NSS
2009-12-19 09:36:54 0 d-----w- c:\program files\Norton Security Scan
2009-12-17 18:22:30 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-17 18:11:24 0 d-----w- c:\programdata\PCSettings
2009-12-17 18:11:09 0 d-----w- c:\programdata\Norton
2009-12-17 18:11:01 0 d-----w- c:\programdata\NortonInstaller
2009-12-17 18:11:01 0 d-----w- c:\program files\NortonInstaller
2009-12-17 18:02:48 154 ----a-w- c:\users\chris&~1\appdata\roaming\wklnhst.dat
2009-12-17 17:59:18 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-10 09:41:11 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 09:41:09 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 09:41:09 30720 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2016-04-12 00:00:54 51200 ----a-w- c:\windows\inf\infpub.dat
2016-04-12 00:00:53 143360 ----a-w- c:\windows\inf\infstrng.dat
2016-04-12 00:00:53 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 09:14:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:14:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 09:14:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 04:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-09-01 03:04:14 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:07:52.58 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16/09/2008 20:03:30
System Uptime: 01/08/2010 10:50:59 (-4913 hours ago)

Motherboard: OEM_MB | | Acacia
Processor: AMD Athlon(tm) Dual Core Processor 4450e | Socket AM2 | 2300/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 194.784 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.719 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#920321111113&1#
Manufacturer: Generic
Name: USB CF Reader
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#920321111113&1#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB MS Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#920321111113&3#
Manufacturer: Generic
Name: USB MS Reader
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#920321111113&3#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SD Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#920321111113&0#
Manufacturer: Generic
Name: USB SD Reader
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#920321111113&0#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SM Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#920321111113&2#
Manufacturer: Generic
Name: USB SM Reader
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#920321111113&2#
Service: WUDFRd

==== System Restore Points ===================

RP295: 04/12/2009 00:00:06 - Scheduled Checkpoint
RP296: 04/12/2009 12:22:08 - Scheduled Checkpoint
RP297: 04/12/2009 14:55:09 - Uniblue RegistryBooster 2009
RP298: 05/12/2009 13:24:54 - Scheduled Checkpoint
RP299: 06/12/2009 15:01:13 - Scheduled Checkpoint
RP300: 07/12/2009 09:37:57 - Scheduled Checkpoint
RP301: 08/12/2009 13:52:35 - Scheduled Checkpoint
RP302: 09/12/2009 09:20:35 - Scheduled Checkpoint
RP303: 10/12/2009 00:00:05 - Scheduled Checkpoint
RP304: 10/12/2009 09:37:09 - Windows Update
RP305: 10/12/2009 15:34:24 - Uniblue RegistryBooster 2009
RP306: 11/12/2009 16:53:13 - Scheduled Checkpoint
RP309: 17/12/2009 17:58:48 - Windows Update
RP310: 17/12/2009 18:20:10 - Windows Update
RP312: 25/12/2009 08:33:54 - Windows Update
RP307: 12/04/2016 01:54:07 - Scheduled Checkpoint
RP308: 12/04/2016 19:19:55 - Scheduled Checkpoint
RP311: 13/04/2016 14:41:21 - Scheduled Checkpoint

==== Installed Programs ======================

10 Days To Save The World-The Adventures Of Diana Salinger .
10 Days To Save The World 1.00
1001 Nights The Adventures Of Sindbad 1.00
4 Elements .
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
Agatha Christie - Dead Mans Folly
Age Of Oracles-Tara's Journey .
Alabama Smith in the Quest of Fate 1.00
Alexandra Fortune Mystery of the Lunar Archipelago 1.00
Amazing Adventures The Caribbean Secret 1.00
AOL Toolbar 5.0
µTorrent
Becky Brogan The Mystery of Meane Manor
Between the Worlds 1.00
Big Fish Games Client
Born Into Darkness 1.00
Brain Trainer
Broken Hearts - A Soldier's Duty 1.00
Campfire Legends The Hookman 1.00
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Coupon Printer
Curse of the Pharaoh Tears of Sekhmet 1.00
CyberLink DVD Suite Deluxe
Dark Tales - Edgar Allan Poes Murders in the Rue Morgue Collectors Edition 1.00
Detective Agency .
Dream Sleuth 1.00
Enhanced Multimedia Keyboard Solution
Express Burn
Forgotten Riddles - The Moonlight Sonatas
GearDrvs
GHOST Hunters-The Haunting Of Majesty Manor .
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
Harlequin Presents hȋdden Object of Desire 1.00
hȋdden Magic .
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Easy Setup - Frontend
HP Games
HP MediaSmart DVD
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Update
HPAsset component for HP Active Support Library
HPPhotoSmartPhotobookWebPack1
I Spy Spooky Mansion
Iconix® eMail ID
Insider Tales The Secret Of Casanova 1.00
iTunes
Jane Angel Templar Mystery 1.00
Java(TM) 6 Update 17
Java(TM) SE Runtime Environment 6 Update 1
LabelPrint
Lexmark 5200 Series
LightScribe System Software
Lost City of Z 1.00
Lost Realms The Curse of Babylon 1.00
Magic Desktop
Malwarebytes' Anti-Malware
Masters Of Mystery-Blood Of Betrayal .
Microsoft .NET Framework 3.5 SP1
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Mishap An Accidental Haunting 1.00
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Murder, She Wrote 1.00
muvee autoProducer 6.1
myibay eBay bid sniper 1.0.39
Mystery of Cleopatra 1.00
NCH Toolbox
Norton 360
Norton Security Scan
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
Profiler The Hopscotch Killer
PSSWCORE
PuppetShow Mystery of Joyville 1.00
Python 2.5.2
QuickTime
RealArcade
Realtek High Definition Audio Driver
Reincarnations Awakening 1.00
Route 66 .
Samantha Swift and the Mystery From Atlantis 1.00
Scrabble Plus 1.00
Slice Audio File Splitter
Superior Save .
Syberia 1 1.00
The Dark Hills of Cherai 1.00
The Fall Trilogy 1.00
The Mirror Mysteries
The Otherside Realm of Eons 1.10
The Return of Monte Cristo
The Tudors 1.00
Uniblue DriverScanner 2009
Uniblue PowerSuite
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Vuze
WavePad Sound Editor
WinRAR archiver
Youda Legend - The Curse of the Amsterdam Diamond 1.00

==== Event Viewer Messages From Past Week ========

14/04/2016 12:47:16, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -199144617 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
13/04/2016 00:54:00, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -198857118 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
12/04/2016 04:45:51, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -199200384 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
12/04/2016 01:08:32, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/04/2016 01:07:39, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/04/2016 01:05:36, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
12/04/2016 01:01:16, Error: Service Control Manager [7030] - The -- service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/04/2016 01:01:16, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the -- service to connect.
12/04/2016 01:01:16, Error: Service Control Manager [7000] - The -- service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/04/2016 01:00:41, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -199205509 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
12/04/2016 01:00:34, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -199098095 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
12/04/2016 01:00:15, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -199339633 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
12/04/2016 01:00:13, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -199148433 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
12/04/2016 01:00:12, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -199196570 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
12/04/2016 01:00:12, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -199134282 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
12/04/2016 01:00:00, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -199140836 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
08/01/2010 10:53:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
08/01/2010 10:53:00, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
08/01/2010 10:53:00, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
04/01/2010 19:49:31, Error: EventLog [6008] - The previous system shutdown at 19:47:09 on 04/01/2010 was unexpected.
04/01/2010 09:29:46, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
04/01/2010 09:24:42, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
04/01/2010 09:10:19, Error: EventLog [6008] - The previous system shutdown at 11:30:20 on 03/01/2010 was unexpected.
03/01/2010 09:44:38, Error: EventLog [6008] - The previous system shutdown at 09:20:05 on 03/01/2010 was unexpected.
01/01/2010 09:24:50, Error: EventLog [6008] - The previous system shutdown at 05:43:14 on 01/01/2010 was unexpected.

==== End Of File ===========================

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Fri Jan 08, 2010 5:36 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: problems with trojan

Post by rachel10173 on Sun Jan 10, 2010 12:55 pm

ComboFix 10-01-04.01 - Chris & Derek 10/01/2010 12:31:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.855 [GMT 0:00]
Running from: c:\users\Chris
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2631842476-866639417-522640654-500
c:\$recycle.bin\S-1-5-21-3484115970-504693198-750260859-500
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx

Infected copy of c:\windows\system32\DRIVERS\nvstor32.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2016-04-14 13:07 . 2016-04-14 13:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\iMaxGen
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Gamers Digital
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\programdata\Gamers Digital
2016-04-12 17:11 . 2016-04-12 17:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Game Mill Entertainment
2016-04-12 17:07 . 2016-04-12 17:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BrokenHearts
2016-04-12 00:00 . 2016-04-12 00:00 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2016-04-12 00:00 . 2016-04-12 00:00 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2016-04-12 00:00 . 2016-04-12 00:00 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2016-04-12 00:00 . 2016-04-12 00:00 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Symantec
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\windows\system32\drivers\N360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Norton 360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Friday's games
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\programdata\AlawarWrapper
2010-01-09 08:48 . 2010-01-09 08:48 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Dragon Altar Games
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Malwarebytes
2010-01-07 14:55 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 14:55 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 18:47 . 2010-01-06 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BlamGames
2010-01-06 14:05 . 2010-01-06 14:05 -------- d-----w- c:\program files\Trend Micro
2010-01-04 13:13 . 2010-01-04 13:13 -------- d-----r- c:\program files\Norton Support
2010-01-04 09:27 . 2010-01-04 09:28 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-01-02 16:46 . 2010-01-02 16:46 -------- d-----w- c:\users\Chris & Derek\AppData\Local\Menge
2010-01-01 19:10 . 2010-01-01 19:10 -------- d-----w- c:\programdata\TheFallTrilogy
2009-12-31 20:03 . 2009-12-31 20:05 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual City
2009-12-31 19:18 . 2009-12-31 19:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Aveyond 3
2009-12-31 19:15 . 2009-12-31 19:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MastersOfMystery2
2009-12-31 16:40 . 2009-12-31 16:40 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scholastic
2009-12-31 16:33 . 2009-12-31 16:33 -------- d-----w- c:\program files\I Spy Spooky Mansion
2009-12-31 16:33 . 2009-12-31 16:33 -------- d-----w- c:\windows\I Spy Spooky Mansion
2009-12-30 18:47 . 2009-12-30 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scrabble Plus
2009-12-27 17:02 . 2009-12-27 17:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual Prophecy
2009-12-26 16:14 . 2009-12-26 16:14 -------- d-----w- c:\programdata\The Mirror Mysteries
2009-12-26 16:13 . 2009-12-26 16:13 -------- d-----w- c:\program files\The Mirror Mysteries
2009-12-26 09:47 . 2009-12-29 15:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\OtherSide Realm of Eons
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\program files\Norton Security Scan
2009-12-17 18:22 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-17 18:11 . 2009-12-17 18:11 -------- d-----w- c:\programdata\PCSettings
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\programdata\Norton
2009-12-17 18:11 . 2016-04-12 00:00 -------- d-----w- c:\programdata\NortonInstaller
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\program files\NortonInstaller
2009-12-17 18:02 . 2009-12-17 18:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Template
2009-12-17 17:59 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-14 12:55 . 2009-07-21 12:52 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Games
2016-04-13 18:10 . 2009-09-29 08:21 -------- d-----w- c:\program files\Alawar games
2016-04-12 00:42 . 2009-09-10 10:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ERS G-Studio
2016-04-12 00:00 . 2016-04-12 00:00 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2016-04-12 00:00 . 2016-04-12 00:00 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-10 12:29 . 2009-11-28 16:39 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Azureus
2010-01-10 12:08 . 2009-10-13 09:14 -------- d-----w- c:\program files\Cybertek Games
2010-01-09 08:59 . 2009-05-13 18:21 -------- d-----w- c:\program files\Games
2010-01-09 08:58 . 2009-01-17 11:21 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\uTorrent
2010-01-04 09:47 . 2009-10-19 11:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Uniblue
2010-01-04 09:31 . 2009-10-19 11:15 -------- d-----w- c:\program files\Uniblue
2010-01-04 09:28 . 2009-10-19 11:18 -------- d-----w- c:\programdata\DriverScanner
2010-01-01 18:05 . 2009-08-30 13:50 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\YoudaGames
2009-12-28 13:17 . 2009-01-24 10:55 -------- d-----w- c:\program files\Lx_cats
2009-12-26 09:46 . 2009-09-07 13:22 -------- d-----w- c:\programdata\PlayFirst
2009-12-26 09:46 . 2009-03-15 14:46 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PlayFirst
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PoBros
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\programdata\PoBros
2009-12-25 23:05 . 2009-10-26 19:23 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\HdO Adventure
2009-12-19 09:36 . 2008-08-31 18:57 -------- d-----w- c:\programdata\Symantec
2009-12-18 20:05 . 2009-07-19 14:37 -------- d-----w- c:\programdata\MumboJumbo
2009-12-18 20:04 . 2009-11-28 16:38 -------- d-----w- c:\program files\Vuze
2009-12-17 18:55 . 2008-08-31 18:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-17 18:26 . 2009-01-12 12:58 -------- d-----w- c:\program files\Microsoft Works
2009-12-17 18:13 . 2009-01-12 13:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Symantec
2009-12-17 18:02 . 2009-12-17 18:02 154 ----a-w- c:\users\Chris & Derek\AppData\Roaming\wklnhst.dat
2009-12-10 14:19 . 2009-09-06 15:57 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Big Fish Games
2009-12-10 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-07 19:15 . 2009-12-07 19:14 -------- d-----w- c:\program files\Find Your Own Way Home
2009-12-07 18:33 . 2009-11-15 17:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MysteryStudio
2009-12-05 22:53 . 2009-12-05 22:53 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ChaYoWo Games
2009-12-02 18:19 . 2008-08-31 18:55 -------- d-----w- c:\program files\EasyBits For Kids
2009-11-30 14:34 . 2009-09-08 20:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\SpinTop Games
2009-11-30 13:21 . 2009-11-30 13:07 -------- d-----w- c:\program files\Lexmark 5200 Series
2009-11-28 16:39 . 2009-11-28 16:39 -------- d-----w- c:\programdata\Azureus
2009-11-26 11:25 . 2009-11-26 11:25 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Orneon
2009-11-22 20:35 . 2008-08-31 18:17 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-21 06:40 . 2009-12-17 18:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-17 18:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-17 18:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-17 18:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 16:11 . 2009-11-20 16:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\EscapeTheMuseum2
2009-11-18 09:14 . 2009-11-18 09:14 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 09:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 21:42 . 2009-11-16 21:42 -------- d-----w- c:\program files\MSXML 4.0
2009-11-15 18:44 . 2008-08-31 18:50 -------- d-----w- c:\programdata\Hewlett-Packard
2009-11-15 18:44 . 2008-08-31 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-14 09:59 . 2009-11-14 09:59 -------- d-----w- c:\program files\Sony Online Entertainment
2009-11-09 12:31 . 2009-12-10 09:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 09:41 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 09:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-26 09:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-03-31 21:47 . 2009-01-21 10:46 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-01 03:04 . 2008-09-01 03:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2007-08-16 1269000]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [2007-08-16 202008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 14:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-03 03:53 103344 ----a-w- c:\program files\Lexmark 5200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 14:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 12:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
2007-02-22 05:46 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-22 14:49 13539872 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-22 14:49 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-12 12:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,52,ff,7d,38,39,ca,01

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [12/04/2016 00:00 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [12/04/2016 00:00 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [12/04/2016 00:00 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys [08/01/2010 21:02 343088]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [14/01/2009 20:36 282968]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/04/2016 00:00 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/12/2009 04:30 102448]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [24/05/2009 07:36 501248]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [12/04/2016 00:00 48688]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\Norton Security Scan for Chris & Derek.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-19 09:36]

2010-01-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-01-04 09:03]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Chris & Derek\AppData\Roaming\Mozilla\Firefox\Profiles\v196jpcw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
AddRemove-Murder, She Wrote 1.00 - c:\program files\Games\Murder
AddRemove-WT039045 - c:\program files\HP Games\G.H.O.S.T. Hunters
AddRemove-{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F} - c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-10 12:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1668)
c:\windows\System32\SndVolSSO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxbtcoms.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-01-10 12:53:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 12:53

Pre-Run: 215,296,888,832 bytes free
Post-Run: 215,157,239,808 bytes free

- - End Of File - - B4BFF5B959041D1AFA3120368A4A8C9C

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Sun Jan 10, 2010 7:20 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::

    NetSvc::
    ezSharedSvc

    DDS::
    uStart Page = about:blank
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: problems with trojan

Post by rachel10173 on Mon Jan 11, 2010 1:51 pm

ComboFix 10-01-04.01 - Chris & Derek 11/01/2010 13:39:39.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.1116 [GMT 0:00]
Running from: c:\users\Chris
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Chris & Derek\AppData\Local\Temp\swtlib-32\swt-gdip-win32-3550.dll
c:\users\Chris & Derek\AppData\Local\Temp\swtlib-32\swt-win32-3550.dll
c:\users\CHRIS&~1\AppData\Local\Temp\swtlib-32\swt-gdip-win32-3550.dll
c:\users\CHRIS&~1\AppData\Local\Temp\swtlib-32\swt-win32-3550.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2016-04-14 13:07 . 2016-04-14 13:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\iMaxGen
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Gamers Digital
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\programdata\Gamers Digital
2016-04-12 17:11 . 2016-04-12 17:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Game Mill Entertainment
2016-04-12 17:07 . 2016-04-12 17:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BrokenHearts
2016-04-12 00:21 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2016-04-12 00:21 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2016-04-12 00:21 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2016-04-12 00:21 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2016-04-12 00:21 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2016-04-12 00:01 . 2016-04-12 00:00 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2016-04-12 00:00 . 2016-04-12 00:00 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2016-04-12 00:00 . 2016-04-12 00:00 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2016-04-12 00:00 . 2016-04-12 00:00 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2016-04-12 00:00 . 2016-04-12 00:00 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Symantec
2016-04-12 00:00 . 2016-04-12 00:00 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2016-04-12 00:00 . 2016-04-12 00:00 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2016-04-12 00:00 . 2016-04-12 00:00 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2016-04-12 00:00 . 2016-04-12 00:00 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\windows\system32\drivers\N360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Norton 360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-11 13:46 . 2010-01-11 13:46 -------- d-----w- c:\users\Chris & Derek\AppData\Local\temp
2010-01-11 13:46 . 2010-01-11 13:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-11 13:46 . 2010-01-11 13:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-11 13:46 . 2010-01-11 13:46 -------- d-----w- c:\users\chris\AppData\Local\temp
2010-01-11 11:12 . 2009-12-17 04:30 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100110.017\NAVENG.SYS
2010-01-11 11:12 . 2009-12-17 04:30 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100110.017\EECTRL.SYS
2010-01-11 11:12 . 2009-12-17 04:30 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100110.017\CCERASER.DLL
2010-01-11 11:12 . 2009-12-17 04:30 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100110.017\ECMSVR32.DLL
2010-01-11 11:12 . 2009-12-17 04:30 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100110.017\NAVENG32.DLL
2010-01-11 11:12 . 2009-12-17 04:30 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100110.017\NAVEX32A.DLL
2010-01-11 11:12 . 2009-12-17 04:30 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100110.017\NAVEX15.SYS
2010-01-11 11:12 . 2009-12-17 04:30 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100110.017\ERASER.SYS
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Valusoft
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\programdata\Valusoft
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Friday's games
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\programdata\AlawarWrapper
2010-01-09 08:48 . 2010-01-09 08:48 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Dragon Altar Games
2010-01-08 21:02 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-08 21:02 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-08 21:02 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-08 21:02 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-08 21:02 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Malwarebytes
2010-01-07 14:55 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 14:55 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 18:47 . 2010-01-06 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BlamGames
2010-01-06 14:05 . 2010-01-06 14:05 -------- d-----w- c:\program files\Trend Micro
2010-01-04 20:55 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\Scxpx86.dll
2010-01-04 20:55 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSxpx86.dll
2010-01-04 20:55 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSviA64.sys
2010-01-04 20:55 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSvix86.sys
2010-01-04 20:55 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys
2010-01-04 13:13 . 2010-01-04 13:13 -------- d-----r- c:\program files\Norton Support
2010-01-02 16:46 . 2010-01-02 16:46 -------- d-----w- c:\users\Chris & Derek\AppData\Local\Menge
2010-01-01 19:10 . 2010-01-01 19:10 -------- d-----w- c:\programdata\TheFallTrilogy
2009-12-31 20:03 . 2009-12-31 20:05 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual City
2009-12-31 19:18 . 2009-12-31 19:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Aveyond 3
2009-12-31 19:15 . 2009-12-31 19:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MastersOfMystery2
2009-12-31 16:40 . 2009-12-31 16:40 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scholastic
2009-12-31 16:33 . 2009-12-31 16:33 -------- d-----w- c:\program files\I Spy Spooky Mansion
2009-12-31 16:33 . 2009-12-31 16:33 -------- d-----w- c:\windows\I Spy Spooky Mansion
2009-12-30 18:47 . 2009-12-30 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scrabble Plus
2009-12-27 17:02 . 2009-12-27 17:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual Prophecy
2009-12-26 16:14 . 2009-12-26 16:14 -------- d-----w- c:\programdata\The Mirror Mysteries
2009-12-26 16:13 . 2009-12-26 16:13 -------- d-----w- c:\program files\The Mirror Mysteries
2009-12-26 09:47 . 2009-12-29 15:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\OtherSide Realm of Eons
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\program files\Norton Security Scan
2009-12-18 20:57 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-18 20:57 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-18 20:57 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-18 20:57 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-18 20:57 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-17 18:22 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-17 18:11 . 2009-12-17 18:11 -------- d-----w- c:\programdata\PCSettings
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\programdata\Norton
2009-12-17 18:11 . 2016-04-12 00:00 -------- d-----w- c:\programdata\NortonInstaller
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\program files\NortonInstaller
2009-12-17 18:02 . 2009-12-17 18:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Template
2009-12-17 17:59 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-14 12:55 . 2009-07-21 12:52 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Games
2016-04-13 18:10 . 2009-09-29 08:21 -------- d-----w- c:\program files\Alawar games
2016-04-12 00:42 . 2009-09-10 10:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ERS G-Studio
2016-04-12 00:00 . 2016-04-12 00:00 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2016-04-12 00:00 . 2016-04-12 00:00 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-11 13:30 . 2009-11-28 16:39 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Azureus
2010-01-10 15:51 . 2009-10-13 09:14 -------- d-----w- c:\program files\Cybertek Games
2010-01-10 15:49 . 2009-05-13 18:21 -------- d-----w- c:\program files\Games
2010-01-10 15:48 . 2009-01-17 11:21 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\uTorrent
2010-01-04 09:47 . 2009-10-19 11:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Uniblue
2010-01-04 09:31 . 2009-10-19 11:15 -------- d-----w- c:\program files\Uniblue
2010-01-04 09:28 . 2010-01-04 09:27 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-01-04 09:28 . 2009-10-19 11:18 -------- d-----w- c:\programdata\DriverScanner
2010-01-01 18:05 . 2009-08-30 13:50 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\YoudaGames
2009-12-28 13:17 . 2009-01-24 10:55 -------- d-----w- c:\program files\Lx_cats
2009-12-26 09:46 . 2009-09-07 13:22 -------- d-----w- c:\programdata\PlayFirst
2009-12-26 09:46 . 2009-03-15 14:46 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PlayFirst
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PoBros
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\programdata\PoBros
2009-12-25 23:05 . 2009-10-26 19:23 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\HdO Adventure
2009-12-19 09:36 . 2008-08-31 18:57 -------- d-----w- c:\programdata\Symantec
2009-12-18 20:05 . 2009-07-19 14:37 -------- d-----w- c:\programdata\MumboJumbo
2009-12-18 20:04 . 2009-11-28 16:38 -------- d-----w- c:\program files\Vuze
2009-12-17 18:55 . 2008-08-31 18:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-17 18:26 . 2009-01-12 12:58 -------- d-----w- c:\program files\Microsoft Works
2009-12-17 18:13 . 2009-01-12 13:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Symantec
2009-12-17 18:02 . 2009-12-17 18:02 154 ----a-w- c:\users\Chris & Derek\AppData\Roaming\wklnhst.dat
2009-12-10 14:19 . 2009-09-06 15:57 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Big Fish Games
2009-12-10 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-07 19:15 . 2009-12-07 19:14 -------- d-----w- c:\program files\Find Your Own Way Home
2009-12-07 18:33 . 2009-11-15 17:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MysteryStudio
2009-12-05 22:53 . 2009-12-05 22:53 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ChaYoWo Games
2009-12-05 21:00 . 2009-12-05 21:00 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-02 18:19 . 2008-08-31 18:55 -------- d-----w- c:\program files\EasyBits For Kids
2009-11-30 14:34 . 2009-09-08 20:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\SpinTop Games
2009-11-30 13:21 . 2009-11-30 13:07 -------- d-----w- c:\program files\Lexmark 5200 Series
2009-11-28 16:39 . 2009-11-28 16:39 -------- d-----w- c:\programdata\Azureus
2009-11-28 08:58 . 2009-11-28 08:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb22BE.tmp.exe
2009-11-26 11:25 . 2009-11-26 11:25 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Orneon
2009-11-22 20:35 . 2008-08-31 18:17 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-21 06:40 . 2009-12-17 18:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-17 18:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-17 18:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-17 18:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 16:11 . 2009-11-20 16:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\EscapeTheMuseum2
2009-11-18 09:14 . 2009-11-18 09:14 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 09:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 21:42 . 2009-11-16 21:42 -------- d-----w- c:\program files\MSXML 4.0
2009-11-15 18:44 . 2008-08-31 18:50 -------- d-----w- c:\programdata\Hewlett-Packard
2009-11-15 18:44 . 2008-08-31 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 18:42 . 2009-11-15 18:42 36864 ----a-w- c:\programdata\TEMP\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe
2009-11-14 09:59 . 2009-11-14 09:59 -------- d-----w- c:\program files\Sony Online Entertainment
2009-11-09 12:31 . 2009-12-10 09:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 09:41 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 09:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-26 09:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-03-31 21:47 . 2009-01-21 10:46 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-01 03:04 . 2008-09-01 03:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2007-08-16 1269000]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [2007-08-16 202008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 14:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-03 03:53 103344 ----a-w- c:\program files\Lexmark 5200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 14:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 12:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
2007-02-22 05:46 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-22 14:49 13539872 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-22 14:49 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-12 12:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,52,ff,7d,38,39,ca,01

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [12/04/2016 00:00 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [12/04/2016 00:00 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [12/04/2016 00:00 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys [08/01/2010 21:02 343088]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [14/01/2009 20:36 282968]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/04/2016 00:00 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/12/2009 04:30 102448]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [24/05/2009 07:36 501248]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [12/04/2016 00:00 48688]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Norton Security Scan for Chris & Derek.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-19 09:36]

2010-01-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-01-04 09:03]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Chris & Derek\AppData\Roaming\Mozilla\Firefox\Profiles\v196jpcw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-11 13:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3564)
c:\windows\System32\NLSData0009.dll
c:\windows\System32\NLSLexicons0009.dll
.
Completion time: 2010-01-11 13:49:32
ComboFix-quarantined-files.txt 2010-01-11 13:49
ComboFix2.txt 2010-01-10 12:53

Pre-Run: 215,133,270,016 bytes free
Post-Run: 215,099,523,072 bytes free

- - End Of File - - F438CE18626EE3223C142C9F23B94E0A

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Mon Jan 11, 2010 4:51 pm

Hello.
I made a slight error with my script, and the script didn't work properly because of that, so you need to re-run my new script below.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    ezSharedSvc

    NetSvc::
    ezSharedSvc

    DDS::
    uStart Page = about:blank
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: problems with trojan

Post by rachel10173 on Tue Jan 12, 2010 9:08 am

ComboFix 10-01-04.01 - Chris & Derek 12/01/2010 8:57.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.1089 [GMT 0:00]
Running from: c:\users\Chris
Command switches used :: c:\users\Chris & Derek\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2016-04-14 13:07 . 2016-04-14 13:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\iMaxGen
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Gamers Digital
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\programdata\Gamers Digital
2016-04-12 17:11 . 2016-04-12 17:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Game Mill Entertainment
2016-04-12 17:07 . 2016-04-12 17:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BrokenHearts
2016-04-12 00:00 . 2016-04-12 00:00 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2016-04-12 00:00 . 2016-04-12 00:00 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2016-04-12 00:00 . 2016-04-12 00:00 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2016-04-12 00:00 . 2016-04-12 00:00 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Symantec
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\windows\system32\drivers\N360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Norton 360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-12 08:59 . 2010-01-12 08:59 -------- d-----w- c:\users\Chris & Derek\AppData\Local\temp
2010-01-12 08:59 . 2010-01-12 08:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-12 08:59 . 2010-01-12 08:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-12 08:59 . 2010-01-12 08:59 -------- d-----w- c:\users\chris\AppData\Local\temp
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Valusoft
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\programdata\Valusoft
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Friday's games
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\programdata\AlawarWrapper
2010-01-09 08:48 . 2010-01-09 08:48 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Dragon Altar Games
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Malwarebytes
2010-01-07 14:55 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 14:55 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 18:47 . 2010-01-06 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BlamGames
2010-01-06 14:05 . 2010-01-06 14:05 -------- d-----w- c:\program files\Trend Micro
2010-01-04 13:13 . 2010-01-04 13:13 -------- d-----r- c:\program files\Norton Support
2010-01-04 09:27 . 2010-01-04 09:28 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-01-02 16:46 . 2010-01-02 16:46 -------- d-----w- c:\users\Chris & Derek\AppData\Local\Menge
2010-01-01 19:10 . 2010-01-01 19:10 -------- d-----w- c:\programdata\TheFallTrilogy
2009-12-31 20:03 . 2009-12-31 20:05 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual City
2009-12-31 19:18 . 2009-12-31 19:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Aveyond 3
2009-12-31 19:15 . 2009-12-31 19:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MastersOfMystery2
2009-12-31 16:40 . 2009-12-31 16:40 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scholastic
2009-12-31 16:33 . 2009-12-31 16:33 -------- d-----w- c:\windows\I Spy Spooky Mansion
2009-12-30 18:47 . 2009-12-30 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scrabble Plus
2009-12-27 17:02 . 2009-12-27 17:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual Prophecy
2009-12-26 16:14 . 2009-12-26 16:14 -------- d-----w- c:\programdata\The Mirror Mysteries
2009-12-26 16:13 . 2009-12-26 16:13 -------- d-----w- c:\program files\The Mirror Mysteries
2009-12-26 09:47 . 2009-12-29 15:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\OtherSide Realm of Eons
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\program files\Norton Security Scan
2009-12-17 18:22 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-17 18:11 . 2009-12-17 18:11 -------- d-----w- c:\programdata\PCSettings
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\programdata\Norton
2009-12-17 18:11 . 2016-04-12 00:00 -------- d-----w- c:\programdata\NortonInstaller
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\program files\NortonInstaller
2009-12-17 18:02 . 2009-12-17 18:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Template
2009-12-17 17:59 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-14 12:55 . 2009-07-21 12:52 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Games
2016-04-13 18:10 . 2009-09-29 08:21 -------- d-----w- c:\program files\Alawar games
2016-04-12 00:42 . 2009-09-10 10:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ERS G-Studio
2016-04-12 00:00 . 2016-04-12 00:00 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2016-04-12 00:00 . 2016-04-12 00:00 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2016-04-12 00:00 . 2016-04-12 00:00 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2016-04-12 00:00 . 2016-04-12 00:00 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2016-04-12 00:00 . 2016-04-12 00:00 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2016-04-12 00:00 . 2016-04-12 00:01 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2016-04-12 00:00 . 2016-04-12 00:00 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-01-11 21:27 . 2009-11-28 16:39 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Azureus
2010-01-11 21:18 . 2009-10-13 09:14 -------- d-----w- c:\program files\Cybertek Games
2010-01-11 16:52 . 2009-05-13 18:21 -------- d-----w- c:\program files\Games
2010-01-10 15:48 . 2009-01-17 11:21 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\uTorrent
2010-01-04 09:47 . 2009-10-19 11:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Uniblue
2010-01-04 09:31 . 2009-10-19 11:15 -------- d-----w- c:\program files\Uniblue
2010-01-04 09:28 . 2009-10-19 11:18 -------- d-----w- c:\programdata\DriverScanner
2010-01-01 18:05 . 2009-08-30 13:50 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\YoudaGames
2009-12-28 13:17 . 2009-01-24 10:55 -------- d-----w- c:\program files\Lx_cats
2009-12-26 09:46 . 2009-09-07 13:22 -------- d-----w- c:\programdata\PlayFirst
2009-12-26 09:46 . 2009-03-15 14:46 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PlayFirst
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PoBros
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\programdata\PoBros
2009-12-25 23:05 . 2009-10-26 19:23 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\HdO Adventure
2009-12-19 09:36 . 2008-08-31 18:57 -------- d-----w- c:\programdata\Symantec
2009-12-18 20:05 . 2009-07-19 14:37 -------- d-----w- c:\programdata\MumboJumbo
2009-12-18 20:04 . 2009-11-28 16:38 -------- d-----w- c:\program files\Vuze
2009-12-17 18:55 . 2008-08-31 18:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-17 18:26 . 2009-01-12 12:58 -------- d-----w- c:\program files\Microsoft Works
2009-12-17 18:13 . 2009-01-12 13:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Symantec
2009-12-17 18:02 . 2009-12-17 18:02 154 ----a-w- c:\users\Chris & Derek\AppData\Roaming\wklnhst.dat
2009-12-17 04:30 . 2010-01-12 08:45 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100111.024\NAVENG32.DLL
2009-12-17 04:30 . 2010-01-12 08:45 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100111.024\NAVEX32A.DLL
2009-12-17 04:30 . 2010-01-12 08:45 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100111.024\NAVEX15.SYS
2009-12-17 04:30 . 2010-01-12 08:45 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100111.024\NAVENG.SYS
2009-12-17 04:30 . 2010-01-12 08:45 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100111.024\EECTRL.SYS
2009-12-17 04:30 . 2010-01-12 08:45 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100111.024\CCERASER.DLL
2009-12-17 04:30 . 2010-01-12 08:45 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100111.024\ECMSVR32.DLL
2009-12-17 04:30 . 2010-01-12 08:45 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100111.024\ERASER.SYS
2009-12-10 14:19 . 2009-09-06 15:57 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Big Fish Games
2009-12-10 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-07 19:15 . 2009-12-07 19:14 -------- d-----w- c:\program files\Find Your Own Way Home
2009-12-07 18:33 . 2009-11-15 17:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MysteryStudio
2009-12-05 22:53 . 2009-12-05 22:53 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ChaYoWo Games
2009-12-05 21:00 . 2009-12-05 21:00 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-02 18:19 . 2008-08-31 18:55 -------- d-----w- c:\program files\EasyBits For Kids
2009-11-30 14:34 . 2009-09-08 20:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\SpinTop Games
2009-11-30 13:21 . 2009-11-30 13:07 -------- d-----w- c:\program files\Lexmark 5200 Series
2009-11-28 16:39 . 2009-11-28 16:39 -------- d-----w- c:\programdata\Azureus
2009-11-28 08:58 . 2009-11-28 08:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb22BE.tmp.exe
2009-11-26 11:25 . 2009-11-26 11:25 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Orneon
2009-11-22 20:35 . 2008-08-31 18:17 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-21 06:40 . 2009-12-17 18:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-17 18:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-17 18:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-17 18:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 16:11 . 2009-11-20 16:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\EscapeTheMuseum2
2009-11-18 09:14 . 2009-11-18 09:14 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 09:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 21:42 . 2009-11-16 21:42 -------- d-----w- c:\program files\MSXML 4.0
2009-11-15 18:44 . 2008-08-31 18:50 -------- d-----w- c:\programdata\Hewlett-Packard
2009-11-15 18:44 . 2008-08-31 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 18:42 . 2009-11-15 18:42 36864 ----a-w- c:\programdata\TEMP\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe
2009-11-14 09:59 . 2009-11-14 09:59 -------- d-----w- c:\program files\Sony Online Entertainment
2009-11-09 12:31 . 2009-12-10 09:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 09:41 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 09:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-26 09:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-03-31 21:47 . 2009-01-21 10:46 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-01 03:04 . 2008-09-01 03:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [2007-08-16 202008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 14:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-03 03:53 103344 ----a-w- c:\program files\Lexmark 5200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 14:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 12:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
2007-02-22 05:46 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-22 14:49 13539872 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-22 14:49 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-12 12:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,52,ff,7d,38,39,ca,01

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [12/04/2016 00:00 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [12/04/2016 00:00 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [12/04/2016 00:00 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys [08/01/2010 21:02 343088]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [14/01/2009 20:36 282968]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/04/2016 00:00 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/12/2009 04:30 102448]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [24/05/2009 07:36 501248]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [12/04/2016 00:00 48688]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Norton Security Scan for Chris & Derek.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-19 09:36]

2010-01-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-01-04 09:03]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Chris & Derek\AppData\Roaming\Mozilla\Firefox\Profiles\v196jpcw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-12 08:59
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4040)
c:\windows\System32\netshell.dll
.
Completion time: 2010-01-12 09:06:05
ComboFix-quarantined-files.txt 2010-01-12 09:06
ComboFix2.txt 2010-01-11 13:49
ComboFix3.txt 2010-01-10 12:53

Pre-Run: 217,769,304,064 bytes free
Post-Run: 216,287,031,296 bytes free

- - End Of File - - 1D485F6E2466C6103ED9C266BF4B9DAE

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Tue Jan 12, 2010 6:51 pm

Hello.
Combofix is running in reduced functionality, I need you to delete the copy you have right now, then download a new copy, and re-run my script again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: problems with trojan

Post by rachel10173 on Wed Jan 13, 2010 11:51 am

ComboFix 10-01-12.04 - Chris & Derek 13/01/2010 11:37:22.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.1013 [GMT 0:00]
Running from: c:\users\Chris & Derek\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2016-04-14 13:07 . 2016-04-14 13:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\iMaxGen
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Gamers Digital
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\programdata\Gamers Digital
2016-04-12 17:11 . 2016-04-12 17:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Game Mill Entertainment
2016-04-12 17:07 . 2016-04-12 17:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BrokenHearts
2016-04-12 00:21 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2016-04-12 00:21 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2016-04-12 00:21 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2016-04-12 00:21 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2016-04-12 00:21 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2016-04-12 00:01 . 2016-04-12 00:00 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2016-04-12 00:00 . 2016-04-12 00:00 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2016-04-12 00:00 . 2016-04-12 00:00 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2016-04-12 00:00 . 2016-04-12 00:00 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2016-04-12 00:00 . 2016-04-12 00:00 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Symantec
2016-04-12 00:00 . 2016-04-12 00:00 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2016-04-12 00:00 . 2016-04-12 00:00 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2016-04-12 00:00 . 2016-04-12 00:00 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2016-04-12 00:00 . 2016-04-12 00:00 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\windows\system32\drivers\N360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Norton 360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-13 11:46 . 2010-01-13 11:46 -------- d-----w- c:\users\Chris & Derek\AppData\Local\temp
2010-01-13 11:46 . 2010-01-13 11:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-13 11:46 . 2010-01-13 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 11:46 . 2010-01-13 11:46 -------- d-----w- c:\users\chris\AppData\Local\temp
2010-01-13 11:36 . 2010-01-13 11:36 -------- d-----w- C:\32788R22FWJFW
2010-01-13 08:42 . 2009-12-17 04:30 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.025\NAVEX32A.DLL
2010-01-13 08:42 . 2009-12-17 04:30 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.025\NAVEX15.SYS
2010-01-13 08:42 . 2009-12-17 04:30 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.025\NAVENG.SYS
2010-01-13 08:42 . 2009-12-17 04:30 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.025\NAVENG32.DLL
2010-01-13 08:42 . 2009-12-17 04:30 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.025\ERASER.SYS
2010-01-13 08:42 . 2009-12-17 04:30 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.025\EECTRL.SYS
2010-01-13 08:42 . 2009-12-17 04:30 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.025\CCERASER.DLL
2010-01-13 08:42 . 2009-12-17 04:30 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.025\ECMSVR32.DLL
2010-01-12 14:16 . 2010-01-12 14:16 -------- d-----w- c:\programdata\Uniblue
2010-01-12 09:16 . 2010-01-11 03:41 20232 ----a-w- c:\windows\system32\AntiSpyNative64.exe
2010-01-12 09:16 . 2010-01-11 03:41 16648 ----a-w- c:\windows\system32\AntiSpyNative32.exe
2010-01-12 09:13 . 2010-01-12 09:15 25254808 ----a-w- c:\users\Chris & Derek\AppData\Roaming\Uniblue\SpyEraser\SpyEraser_Setup_1_12_2010.exe
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Valusoft
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\programdata\Valusoft
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Friday's games
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\programdata\AlawarWrapper
2010-01-09 08:48 . 2010-01-09 08:48 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Dragon Altar Games
2010-01-08 21:02 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-08 21:02 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-08 21:02 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-08 21:02 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-08 21:02 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Malwarebytes
2010-01-07 14:55 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 14:55 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 18:47 . 2010-01-06 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BlamGames
2010-01-06 14:05 . 2010-01-06 14:05 -------- d-----w- c:\program files\Trend Micro
2010-01-04 20:55 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\Scxpx86.dll
2010-01-04 20:55 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSxpx86.dll
2010-01-04 20:55 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSviA64.sys
2010-01-04 20:55 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSvix86.sys
2010-01-04 20:55 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys
2010-01-04 13:13 . 2010-01-04 13:13 -------- d-----r- c:\program files\Norton Support
2010-01-02 16:46 . 2010-01-02 16:46 -------- d-----w- c:\users\Chris & Derek\AppData\Local\Menge
2010-01-01 19:10 . 2010-01-01 19:10 -------- d-----w- c:\programdata\TheFallTrilogy
2009-12-31 20:03 . 2009-12-31 20:05 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual City
2009-12-31 19:18 . 2009-12-31 19:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Aveyond 3
2009-12-31 19:15 . 2009-12-31 19:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MastersOfMystery2
2009-12-31 16:40 . 2009-12-31 16:40 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scholastic
2009-12-31 16:33 . 2009-12-31 16:33 -------- d-----w- c:\windows\I Spy Spooky Mansion
2009-12-30 18:47 . 2009-12-30 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scrabble Plus
2009-12-27 17:02 . 2009-12-27 17:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual Prophecy
2009-12-26 16:14 . 2009-12-26 16:14 -------- d-----w- c:\programdata\The Mirror Mysteries
2009-12-26 16:13 . 2009-12-26 16:13 -------- d-----w- c:\program files\The Mirror Mysteries
2009-12-26 09:47 . 2009-12-29 15:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\OtherSide Realm of Eons
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\program files\Norton Security Scan
2009-12-18 20:57 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-18 20:57 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-18 20:57 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-18 20:57 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-18 20:57 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-17 18:22 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-17 18:11 . 2009-12-17 18:11 -------- d-----w- c:\programdata\PCSettings
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\programdata\Norton
2009-12-17 18:11 . 2016-04-12 00:00 -------- d-----w- c:\programdata\NortonInstaller
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\program files\NortonInstaller
2009-12-17 18:02 . 2009-12-17 18:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Template
2009-12-17 17:59 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-14 12:55 . 2009-07-21 12:52 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Games
2016-04-13 18:10 . 2009-09-29 08:21 -------- d-----w- c:\program files\Alawar games
2016-04-12 00:42 . 2009-09-10 10:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ERS G-Studio
2016-04-12 00:00 . 2016-04-12 00:00 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2016-04-12 00:00 . 2016-04-12 00:00 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-13 08:38 . 2009-01-17 11:21 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\uTorrent
2010-01-13 08:38 . 2009-11-28 16:39 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Azureus
2010-01-11 21:18 . 2009-10-13 09:14 -------- d-----w- c:\program files\Cybertek Games
2010-01-11 16:52 . 2009-05-13 18:21 -------- d-----w- c:\program files\Games
2010-01-04 09:47 . 2009-10-19 11:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Uniblue
2010-01-04 09:31 . 2009-10-19 11:15 -------- d-----w- c:\program files\Uniblue
2010-01-04 09:28 . 2010-01-04 09:27 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-01-04 09:28 . 2009-10-19 11:18 -------- d-----w- c:\programdata\DriverScanner
2010-01-01 18:05 . 2009-08-30 13:50 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\YoudaGames
2009-12-28 13:17 . 2009-01-24 10:55 -------- d-----w- c:\program files\Lx_cats
2009-12-26 09:46 . 2009-09-07 13:22 -------- d-----w- c:\programdata\PlayFirst
2009-12-26 09:46 . 2009-03-15 14:46 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PlayFirst
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PoBros
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\programdata\PoBros
2009-12-25 23:05 . 2009-10-26 19:23 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\HdO Adventure
2009-12-19 09:36 . 2008-08-31 18:57 -------- d-----w- c:\programdata\Symantec
2009-12-18 20:05 . 2009-07-19 14:37 -------- d-----w- c:\programdata\MumboJumbo
2009-12-18 20:04 . 2009-11-28 16:38 -------- d-----w- c:\program files\Vuze
2009-12-17 18:55 . 2008-08-31 18:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-17 18:26 . 2009-01-12 12:58 -------- d-----w- c:\program files\Microsoft Works
2009-12-17 18:13 . 2009-01-12 13:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Symantec
2009-12-17 18:02 . 2009-12-17 18:02 154 ----a-w- c:\users\Chris & Derek\AppData\Roaming\wklnhst.dat
2009-12-10 14:19 . 2009-09-06 15:57 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Big Fish Games
2009-12-10 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-07 19:15 . 2009-12-07 19:14 -------- d-----w- c:\program files\Find Your Own Way Home
2009-12-07 18:33 . 2009-11-15 17:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MysteryStudio
2009-12-05 22:53 . 2009-12-05 22:53 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ChaYoWo Games
2009-12-05 21:00 . 2009-12-05 21:00 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-02 18:19 . 2008-08-31 18:55 -------- d-----w- c:\program files\EasyBits For Kids
2009-11-30 14:34 . 2009-09-08 20:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\SpinTop Games
2009-11-30 13:21 . 2009-11-30 13:07 -------- d-----w- c:\program files\Lexmark 5200 Series
2009-11-28 16:39 . 2009-11-28 16:39 -------- d-----w- c:\programdata\Azureus
2009-11-28 08:58 . 2009-11-28 08:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb22BE.tmp.exe
2009-11-26 11:25 . 2009-11-26 11:25 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Orneon
2009-11-22 20:35 . 2008-08-31 18:17 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-21 06:40 . 2009-12-17 18:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-17 18:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-17 18:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-17 18:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 16:11 . 2009-11-20 16:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\EscapeTheMuseum2
2009-11-18 09:14 . 2009-11-18 09:14 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 09:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 21:42 . 2009-11-16 21:42 -------- d-----w- c:\program files\MSXML 4.0
2009-11-15 18:44 . 2008-08-31 18:50 -------- d-----w- c:\programdata\Hewlett-Packard
2009-11-15 18:44 . 2008-08-31 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 18:42 . 2009-11-15 18:42 36864 ----a-w- c:\programdata\TEMP\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe
2009-11-09 12:31 . 2009-12-10 09:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 09:41 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 09:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-26 09:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-03-31 21:47 . 2009-01-21 10:46 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-01 03:04 . 2008-09-01 03:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-17 13:48 . 2009-06-15 14:52 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\lpk.dll
+ 2009-07-17 13:48 . 2009-06-15 14:51 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\dciman32.dll
+ 2009-07-17 13:48 . 2009-04-11 06:28 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\atmlib.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\lpk.dll
+ 2009-07-17 13:48 . 2009-06-15 15:20 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\dciman32.dll
+ 2006-11-02 08:38 . 2006-11-02 09:46 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\atmlib.dll
+ 2008-01-21 01:58 . 2010-01-13 08:33 58090 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-13 08:33 73820 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-01-11 13:33 73820 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-12 12:56 . 2010-01-13 08:33 14958 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3484115970-504693198-750260859-1000_UserData.bin
+ 2008-09-16 19:06 . 2010-01-13 08:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-16 19:06 . 2010-01-11 13:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-16 19:06 . 2010-01-13 08:31 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-16 19:06 . 2010-01-11 13:32 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-16 19:06 . 2010-01-11 13:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-16 19:06 . 2010-01-13 08:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-12 08:39 . 2010-01-12 08:39 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-12-25 08:35 . 2009-12-25 08:35 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2006-10-26 14:03 . 2006-10-26 14:03 78648 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\INTLDATE.DLL
+ 2010-01-13 08:31 . 2010-01-13 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-11 13:32 . 2010-01-11 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-13 08:31 . 2010-01-13 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-11 13:32 . 2010-01-11 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-17 13:48 . 2009-06-15 12:42 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\atmfd.dll
+ 2009-07-17 13:48 . 2009-06-15 12:52 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\atmfd.dll
+ 2009-01-12 17:12 . 2010-01-12 18:46 236424 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2006-11-02 10:33 . 2010-01-11 13:39 599942 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-13 08:39 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-01-11 13:39 105448 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-01-13 08:39 105448 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:22 . 2010-01-13 08:40 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-12-25 08:50 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-04-03 18:21 . 2009-04-03 18:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2010-01-13 11:36 . 2010-01-13 11:36 6434816 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-04-04 07:35 . 2009-04-04 07:35 36977152 c:\windows\Installer\51a0e.msp
+ 2009-04-03 18:46 . 2009-04-03 18:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\MSO.DLL
+ 2009-05-17 07:40 . 2010-01-13 08:41 229752242 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [2007-08-16 202008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 14:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-03 03:53 103344 ----a-w- c:\program files\Lexmark 5200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 14:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 12:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
2007-02-22 05:46 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-22 14:49 13539872 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-22 14:49 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-12 12:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,52,ff,7d,38,39,ca,01

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [12/04/2016 00:00 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [12/04/2016 00:00 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [12/04/2016 00:00 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys [08/01/2010 21:02 343088]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [14/01/2009 20:36 282968]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/04/2016 00:00 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/12/2009 04:30 102448]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [24/05/2009 07:36 501248]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [12/04/2016 00:00 48688]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Norton Security Scan for Chris & Derek.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-19 09:36]

2010-01-12 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-01-04 03:41]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Chris & Derek\AppData\Roaming\Mozilla\Firefox\Profiles\v196jpcw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-13 11:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5680)
c:\windows\System32\NLSData0009.dll
.
Completion time: 2010-01-13 11:50:16
ComboFix-quarantined-files.txt 2010-01-13 11:50
ComboFix2.txt 2010-01-12 09:06
ComboFix3.txt 2010-01-11 13:49
ComboFix4.txt 2010-01-10 12:53

Pre-Run: 217,275,363,328 bytes free
Post-Run: 217,247,547,392 bytes free

- - End Of File - - EB3CA515F646CB134C8F1C3BADD76C7B

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Wed Jan 13, 2010 4:10 pm


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    ezSharedSvc
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: problems with trojan

Post by rachel10173 on Wed Jan 13, 2010 4:42 pm

ComboFix 10-01-12.05 - Chris & Derek 13/01/2010 16:18:57.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.1007 [GMT 0:00]
Running from: c:\users\Chris & Derek\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2016-04-14 13:07 . 2016-04-14 13:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\iMaxGen
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Gamers Digital
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\programdata\Gamers Digital
2016-04-12 17:11 . 2016-04-12 17:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Game Mill Entertainment
2016-04-12 17:07 . 2016-04-12 17:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BrokenHearts
2016-04-12 00:21 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2016-04-12 00:21 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2016-04-12 00:21 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2016-04-12 00:21 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2016-04-12 00:21 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2016-04-12 00:01 . 2016-04-12 00:00 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2016-04-12 00:00 . 2016-04-12 00:00 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2016-04-12 00:00 . 2016-04-12 00:00 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2016-04-12 00:00 . 2016-04-12 00:00 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2016-04-12 00:00 . 2016-04-12 00:00 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Symantec
2016-04-12 00:00 . 2016-04-12 00:00 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2016-04-12 00:00 . 2016-04-12 00:00 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2016-04-12 00:00 . 2016-04-12 00:00 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2016-04-12 00:00 . 2016-04-12 00:00 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\windows\system32\drivers\N360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Norton 360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-13 16:28 . 2010-01-13 16:28 -------- d-----w- c:\users\Chris & Derek\AppData\Local\temp
2010-01-13 16:28 . 2010-01-13 16:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-13 16:28 . 2010-01-13 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-13 16:28 . 2010-01-13 16:28 -------- d-----w- c:\users\chris\AppData\Local\temp
2010-01-13 16:17 . 2010-01-13 16:18 -------- d-----w- C:\32788R22FWJFW
2010-01-13 13:15 . 2009-12-17 04:30 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.053\NAVENG.SYS
2010-01-13 13:15 . 2009-12-17 04:30 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.053\NAVENG32.DLL
2010-01-13 13:15 . 2009-12-17 04:30 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.053\NAVEX32A.DLL
2010-01-13 13:15 . 2009-12-17 04:30 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.053\NAVEX15.SYS
2010-01-13 13:15 . 2009-12-17 04:30 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.053\EECTRL.SYS
2010-01-13 13:15 . 2009-12-17 04:30 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.053\CCERASER.DLL
2010-01-13 13:15 . 2009-12-17 04:30 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.053\ECMSVR32.DLL
2010-01-13 13:15 . 2009-12-17 04:30 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.053\ERASER.SYS
2010-01-12 14:16 . 2010-01-12 14:16 -------- d-----w- c:\programdata\Uniblue
2010-01-12 09:16 . 2010-01-11 03:41 20232 ----a-w- c:\windows\system32\AntiSpyNative64.exe
2010-01-12 09:16 . 2010-01-11 03:41 16648 ----a-w- c:\windows\system32\AntiSpyNative32.exe
2010-01-12 09:13 . 2010-01-12 09:15 25254808 ----a-w- c:\users\Chris & Derek\AppData\Roaming\Uniblue\SpyEraser\SpyEraser_Setup_1_12_2010.exe
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Valusoft
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\programdata\Valusoft
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Friday's games
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\programdata\AlawarWrapper
2010-01-09 08:48 . 2010-01-09 08:48 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Dragon Altar Games
2010-01-08 21:02 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-08 21:02 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-08 21:02 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-08 21:02 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-08 21:02 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Malwarebytes
2010-01-07 14:55 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 14:55 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 18:47 . 2010-01-06 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BlamGames
2010-01-06 14:05 . 2010-01-06 14:05 -------- d-----w- c:\program files\Trend Micro
2010-01-04 20:55 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\Scxpx86.dll
2010-01-04 20:55 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSxpx86.dll
2010-01-04 20:55 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSviA64.sys
2010-01-04 20:55 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSvix86.sys
2010-01-04 20:55 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys
2010-01-04 13:13 . 2010-01-04 13:13 -------- d-----r- c:\program files\Norton Support
2010-01-02 16:46 . 2010-01-02 16:46 -------- d-----w- c:\users\Chris & Derek\AppData\Local\Menge
2010-01-01 19:10 . 2010-01-01 19:10 -------- d-----w- c:\programdata\TheFallTrilogy
2009-12-31 20:03 . 2009-12-31 20:05 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual City
2009-12-31 19:18 . 2009-12-31 19:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Aveyond 3
2009-12-31 19:15 . 2009-12-31 19:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MastersOfMystery2
2009-12-31 16:40 . 2009-12-31 16:40 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scholastic
2009-12-31 16:33 . 2009-12-31 16:33 -------- d-----w- c:\windows\I Spy Spooky Mansion
2009-12-30 18:47 . 2009-12-30 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scrabble Plus
2009-12-27 17:02 . 2009-12-27 17:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual Prophecy
2009-12-26 16:14 . 2009-12-26 16:14 -------- d-----w- c:\programdata\The Mirror Mysteries
2009-12-26 16:13 . 2009-12-26 16:13 -------- d-----w- c:\program files\The Mirror Mysteries
2009-12-26 09:47 . 2009-12-29 15:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\OtherSide Realm of Eons
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\program files\Norton Security Scan
2009-12-18 20:57 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-18 20:57 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-18 20:57 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-18 20:57 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-18 20:57 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-17 18:22 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-17 18:11 . 2009-12-17 18:11 -------- d-----w- c:\programdata\PCSettings
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\programdata\Norton
2009-12-17 18:11 . 2016-04-12 00:00 -------- d-----w- c:\programdata\NortonInstaller
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\program files\NortonInstaller
2009-12-17 18:02 . 2009-12-17 18:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Template
2009-12-17 17:59 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-14 12:55 . 2009-07-21 12:52 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Games
2016-04-13 18:10 . 2009-09-29 08:21 -------- d-----w- c:\program files\Alawar games
2016-04-12 00:42 . 2009-09-10 10:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ERS G-Studio
2016-04-12 00:00 . 2016-04-12 00:00 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2016-04-12 00:00 . 2016-04-12 00:00 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-13 08:38 . 2009-01-17 11:21 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\uTorrent
2010-01-13 08:38 . 2009-11-28 16:39 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Azureus
2010-01-11 21:18 . 2009-10-13 09:14 -------- d-----w- c:\program files\Cybertek Games
2010-01-11 16:52 . 2009-05-13 18:21 -------- d-----w- c:\program files\Games
2010-01-04 09:47 . 2009-10-19 11:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Uniblue
2010-01-04 09:31 . 2009-10-19 11:15 -------- d-----w- c:\program files\Uniblue
2010-01-04 09:28 . 2010-01-04 09:27 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-01-04 09:28 . 2009-10-19 11:18 -------- d-----w- c:\programdata\DriverScanner
2010-01-01 18:05 . 2009-08-30 13:50 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\YoudaGames
2009-12-28 13:17 . 2009-01-24 10:55 -------- d-----w- c:\program files\Lx_cats
2009-12-26 09:46 . 2009-09-07 13:22 -------- d-----w- c:\programdata\PlayFirst
2009-12-26 09:46 . 2009-03-15 14:46 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PlayFirst
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PoBros
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\programdata\PoBros
2009-12-25 23:05 . 2009-10-26 19:23 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\HdO Adventure
2009-12-19 09:36 . 2008-08-31 18:57 -------- d-----w- c:\programdata\Symantec
2009-12-18 20:05 . 2009-07-19 14:37 -------- d-----w- c:\programdata\MumboJumbo
2009-12-18 20:04 . 2009-11-28 16:38 -------- d-----w- c:\program files\Vuze
2009-12-17 18:55 . 2008-08-31 18:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-17 18:26 . 2009-01-12 12:58 -------- d-----w- c:\program files\Microsoft Works
2009-12-17 18:13 . 2009-01-12 13:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Symantec
2009-12-17 18:02 . 2009-12-17 18:02 154 ----a-w- c:\users\Chris & Derek\AppData\Roaming\wklnhst.dat
2009-12-10 14:19 . 2009-09-06 15:57 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Big Fish Games
2009-12-10 09:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-07 19:15 . 2009-12-07 19:14 -------- d-----w- c:\program files\Find Your Own Way Home
2009-12-07 18:33 . 2009-11-15 17:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MysteryStudio
2009-12-05 22:53 . 2009-12-05 22:53 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ChaYoWo Games
2009-12-05 21:00 . 2009-12-05 21:00 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-02 18:19 . 2008-08-31 18:55 -------- d-----w- c:\program files\EasyBits For Kids
2009-11-30 14:34 . 2009-09-08 20:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\SpinTop Games
2009-11-30 13:21 . 2009-11-30 13:07 -------- d-----w- c:\program files\Lexmark 5200 Series
2009-11-28 16:39 . 2009-11-28 16:39 -------- d-----w- c:\programdata\Azureus
2009-11-28 08:58 . 2009-11-28 08:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb22BE.tmp.exe
2009-11-26 11:25 . 2009-11-26 11:25 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Orneon
2009-11-22 20:35 . 2008-08-31 18:17 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-21 06:40 . 2009-12-17 18:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-17 18:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-17 18:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-17 18:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 16:11 . 2009-11-20 16:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\EscapeTheMuseum2
2009-11-18 09:14 . 2009-11-18 09:14 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 09:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 21:42 . 2009-11-16 21:42 -------- d-----w- c:\program files\MSXML 4.0
2009-11-15 18:44 . 2008-08-31 18:50 -------- d-----w- c:\programdata\Hewlett-Packard
2009-11-15 18:44 . 2008-08-31 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 18:42 . 2009-11-15 18:42 36864 ----a-w- c:\programdata\TEMP\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe
2009-11-09 12:31 . 2009-12-10 09:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 09:41 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 09:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-26 09:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-03-31 21:47 . 2009-01-21 10:46 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-01 03:04 . 2008-09-01 03:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-17 13:48 . 2009-06-15 14:52 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\lpk.dll
+ 2009-07-17 13:48 . 2009-06-15 14:51 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\dciman32.dll
+ 2009-07-17 13:48 . 2009-04-11 06:28 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\atmlib.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\lpk.dll
+ 2009-07-17 13:48 . 2009-06-15 15:20 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\dciman32.dll
+ 2006-11-02 08:38 . 2006-11-02 09:46 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\atmlib.dll
+ 2008-01-21 01:58 . 2010-01-13 08:33 58090 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-13 08:33 73820 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-01-11 13:33 73820 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-12 12:56 . 2010-01-13 08:33 14958 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3484115970-504693198-750260859-1000_UserData.bin
+ 2008-09-16 19:06 . 2010-01-13 08:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-16 19:06 . 2010-01-11 13:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-16 19:06 . 2010-01-13 08:31 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-16 19:06 . 2010-01-11 13:32 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-16 19:06 . 2010-01-11 13:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-16 19:06 . 2010-01-13 08:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-12 08:39 . 2010-01-12 08:39 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2009-12-25 08:35 . 2009-12-25 08:35 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2006-10-26 14:03 . 2006-10-26 14:03 78648 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.4518\INTLDATE.DLL
+ 2010-01-13 08:31 . 2010-01-13 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-11 13:32 . 2010-01-11 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-13 08:31 . 2010-01-13 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-11 13:32 . 2010-01-11 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-17 13:48 . 2009-06-15 12:42 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\atmfd.dll
+ 2009-07-17 13:48 . 2009-06-15 12:52 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\atmfd.dll
+ 2009-01-12 17:12 . 2010-01-12 18:46 236424 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2006-11-02 10:33 . 2010-01-11 13:39 599942 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-13 08:39 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-01-11 13:39 105448 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-01-13 08:39 105448 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:22 . 2010-01-13 08:40 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-12-25 08:50 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-04-03 18:21 . 2009-04-03 18:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2010-01-13 11:36 . 2010-01-13 16:18 6434816 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-04-04 07:35 . 2009-04-04 07:35 36977152 c:\windows\Installer\51a0e.msp
+ 2009-04-03 18:46 . 2009-04-03 18:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6425\MSO.DLL
+ 2009-05-17 07:40 . 2010-01-13 08:41 229752242 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [2007-08-16 202008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 14:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-03 03:53 103344 ----a-w- c:\program files\Lexmark 5200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 14:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 12:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
2007-02-22 05:46 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-22 14:49 13539872 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-22 14:49 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-12 12:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,52,ff,7d,38,39,ca,01

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [12/04/2016 00:00 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [12/04/2016 00:00 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [12/04/2016 00:00 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys [08/01/2010 21:02 343088]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [14/01/2009 20:36 282968]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/04/2016 00:00 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/12/2009 04:30 102448]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [24/05/2009 07:36 501248]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [12/04/2016 00:00 48688]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Norton Security Scan for Chris & Derek.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-19 09:36]

2010-01-12 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-01-04 03:41]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Chris & Derek\AppData\Roaming\Mozilla\Firefox\Profiles\v196jpcw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-13 16:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4300)
c:\program files\Norton 360\Engine\3.5.2.11\ccVrTrst.dll
c:\program files\Norton 360\Engine\3.5.2.11\ccSet.dll
.
Completion time: 2010-01-13 16:31:37
ComboFix-quarantined-files.txt 2010-01-13 16:31
ComboFix2.txt 2010-01-13 11:50
ComboFix3.txt 2010-01-12 09:06
ComboFix4.txt 2010-01-11 13:49
ComboFix5.txt 2010-01-13 16:18

Pre-Run: 217,229,549,568 bytes free
Post-Run: 217,173,164,032 bytes free

- - End Of File - - F06BB7E9E21AC5D773019A9196B165D4

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Wed Jan 13, 2010 6:47 pm

Hello.
You ran Combofix normally there, I need you to run my CFScript in my above post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: problems with trojan

Post by rachel10173 on Sat Jan 16, 2010 2:41 pm

Hi,

Sorry for the delay in replying.

ComboFix 10-01-15.05 - Chris & Derek 16/01/2010 14:26:18.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.1262 [GMT 0:00]
Running from: c:\users\Chris & Derek\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 )))))))))))))))))))))))))))))))
.

2016-04-14 13:07 . 2016-04-14 13:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\iMaxGen
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Gamers Digital
2016-04-13 18:01 . 2016-04-13 18:01 -------- d-----w- c:\programdata\Gamers Digital
2016-04-12 17:11 . 2016-04-12 17:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Game Mill Entertainment
2016-04-12 17:07 . 2016-04-12 17:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BrokenHearts
2016-04-12 00:21 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2016-04-12 00:21 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2016-04-12 00:21 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2016-04-12 00:21 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2016-04-12 00:21 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2016-04-12 00:01 . 2016-04-12 00:00 554352 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2016-04-12 00:00 . 2016-04-12 00:00 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2016-04-12 00:00 . 2016-04-12 00:00 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2016-04-12 00:00 . 2016-04-12 00:00 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2016-04-12 00:00 . 2016-04-12 00:00 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Symantec
2016-04-12 00:00 . 2016-04-12 00:00 1291104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2016-04-12 00:00 . 2016-04-12 00:00 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2016-04-12 00:00 . 2016-04-12 00:00 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2016-04-12 00:00 . 2016-04-12 00:00 771440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\windows\system32\drivers\N360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\program files\Norton 360
2016-04-12 00:00 . 2016-04-12 00:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-16 14:35 . 2010-01-16 14:35 -------- d-----w- c:\users\Chris & Derek\AppData\Local\temp
2010-01-16 14:35 . 2010-01-16 14:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-16 14:35 . 2010-01-16 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-16 14:35 . 2010-01-16 14:35 -------- d-----w- c:\users\chris\AppData\Local\temp
2010-01-16 11:09 . 2009-12-17 04:30 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVENG.SYS
2010-01-16 11:09 . 2009-12-17 04:30 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVENG32.DLL
2010-01-16 11:09 . 2009-12-17 04:30 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVEX32A.DLL
2010-01-16 11:09 . 2009-12-17 04:30 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\NAVEX15.SYS
2010-01-16 11:09 . 2009-12-17 04:30 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\EECTRL.SYS
2010-01-16 11:09 . 2009-12-17 04:30 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\CCERASER.DLL
2010-01-16 11:09 . 2009-12-17 04:30 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\ECMSVR32.DLL
2010-01-16 11:09 . 2009-12-17 04:30 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100115.050\ERASER.SYS
2010-01-15 10:07 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\Scxpx86.dll
2010-01-15 10:07 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSxpx86.dll
2010-01-15 10:07 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSviA64.sys
2010-01-15 10:07 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys
2010-01-15 10:07 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSXpx86.sys
2010-01-13 16:46 . 2010-01-13 16:46 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Trusteer
2010-01-13 16:46 . 2010-01-13 16:46 -------- d-----w- c:\program files\Trusteer
2010-01-13 16:45 . 2010-01-13 16:45 -------- d-----w- c:\programdata\Trusteer
2010-01-13 08:41 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 08:41 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-12 14:16 . 2010-01-12 14:16 -------- d-----w- c:\programdata\Uniblue
2010-01-12 09:16 . 2010-01-11 03:41 20232 ----a-w- c:\windows\system32\AntiSpyNative64.exe
2010-01-12 09:16 . 2010-01-11 03:41 16648 ----a-w- c:\windows\system32\AntiSpyNative32.exe
2010-01-12 09:13 . 2010-01-12 09:15 25254808 ----a-w- c:\users\Chris & Derek\AppData\Roaming\Uniblue\SpyEraser\SpyEraser_Setup_1_12_2010.exe
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Valusoft
2010-01-10 16:17 . 2010-01-10 16:17 -------- d-----w- c:\programdata\Valusoft
2010-01-09 09:07 . 2010-01-09 09:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Friday's games
2010-01-09 09:07 . 2010-01-14 20:24 -------- d-----w- c:\programdata\AlawarWrapper
2010-01-09 08:48 . 2010-01-09 08:48 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Dragon Altar Games
2010-01-08 21:02 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-08 21:02 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-08 21:02 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-08 21:02 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-08 21:02 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Malwarebytes
2010-01-07 14:55 . 2009-12-30 14:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\programdata\Malwarebytes
2010-01-07 14:55 . 2010-01-07 14:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 14:55 . 2009-12-30 14:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 18:47 . 2010-01-06 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\BlamGames
2010-01-06 14:05 . 2010-01-06 14:05 -------- d-----w- c:\program files\Trend Micro
2010-01-04 13:13 . 2010-01-04 13:13 -------- d-----r- c:\program files\Norton Support
2010-01-02 16:46 . 2010-01-02 16:46 -------- d-----w- c:\users\Chris & Derek\AppData\Local\Menge
2010-01-01 19:10 . 2010-01-01 19:10 -------- d-----w- c:\programdata\TheFallTrilogy
2009-12-31 20:03 . 2009-12-31 20:05 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual City
2009-12-31 19:18 . 2009-12-31 19:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Aveyond 3
2009-12-31 19:15 . 2009-12-31 19:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MastersOfMystery2
2009-12-31 16:40 . 2009-12-31 16:40 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scholastic
2009-12-31 16:33 . 2009-12-31 16:33 -------- d-----w- c:\windows\I Spy Spooky Mansion
2009-12-30 18:47 . 2009-12-30 18:47 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Scrabble Plus
2009-12-27 17:02 . 2009-12-27 17:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Virtual Prophecy
2009-12-26 16:14 . 2009-12-26 16:14 -------- d-----w- c:\programdata\The Mirror Mysteries
2009-12-26 16:13 . 2009-12-26 16:13 -------- d-----w- c:\program files\The Mirror Mysteries
2009-12-26 09:47 . 2009-12-29 15:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\OtherSide Realm of Eons
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-19 09:36 . 2009-12-19 09:36 -------- d-----w- c:\program files\Norton Security Scan
2009-12-18 20:57 . 2009-11-05 00:30 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-18 20:57 . 2009-11-05 00:30 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-18 20:57 . 2009-11-05 00:30 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-18 20:57 . 2009-11-05 00:30 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-18 20:57 . 2009-11-05 00:30 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-17 18:22 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-17 18:11 . 2009-12-17 18:11 -------- d-----w- c:\programdata\PCSettings
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\programdata\Norton
2009-12-17 18:11 . 2016-04-12 00:00 -------- d-----w- c:\programdata\NortonInstaller
2009-12-17 18:11 . 2009-12-19 09:36 -------- d-----w- c:\program files\NortonInstaller
2009-12-17 18:02 . 2009-12-17 18:02 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Template
2009-12-17 17:59 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-14 12:55 . 2009-07-21 12:52 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Games
2016-04-13 18:10 . 2009-09-29 08:21 -------- d-----w- c:\program files\Alawar games
2016-04-12 00:42 . 2009-09-10 10:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ERS G-Studio
2016-04-12 00:00 . 2016-04-12 00:00 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2016-04-12 00:00 . 2016-04-12 00:00 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-15 23:43 . 2009-11-28 16:39 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Azureus
2010-01-14 21:11 . 2009-05-13 18:21 -------- d-----w- c:\program files\Games
2010-01-14 21:09 . 2009-10-13 09:14 -------- d-----w- c:\program files\Cybertek Games
2010-01-14 09:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-13 19:21 . 2009-01-17 11:21 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\uTorrent
2010-01-04 09:47 . 2009-10-19 11:18 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Uniblue
2010-01-04 09:31 . 2009-10-19 11:15 -------- d-----w- c:\program files\Uniblue
2010-01-04 09:28 . 2010-01-04 09:27 -------- dc-h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-01-04 09:28 . 2009-10-19 11:18 -------- d-----w- c:\programdata\DriverScanner
2010-01-01 18:05 . 2009-08-30 13:50 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\YoudaGames
2009-12-28 13:17 . 2009-01-24 10:55 -------- d-----w- c:\program files\Lx_cats
2009-12-26 09:46 . 2009-09-07 13:22 -------- d-----w- c:\programdata\PlayFirst
2009-12-26 09:46 . 2009-03-15 14:46 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PlayFirst
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\PoBros
2009-12-25 23:05 . 2009-08-17 18:07 -------- d-----w- c:\programdata\PoBros
2009-12-25 23:05 . 2009-10-26 19:23 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\HdO Adventure
2009-12-19 09:36 . 2008-08-31 18:57 -------- d-----w- c:\programdata\Symantec
2009-12-18 20:05 . 2009-07-19 14:37 -------- d-----w- c:\programdata\MumboJumbo
2009-12-18 20:04 . 2009-11-28 16:38 -------- d-----w- c:\program files\Vuze
2009-12-17 18:55 . 2008-08-31 18:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-17 18:26 . 2009-01-12 12:58 -------- d-----w- c:\program files\Microsoft Works
2009-12-17 18:13 . 2009-01-12 13:01 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Symantec
2009-12-17 18:02 . 2009-12-17 18:02 154 ----a-w- c:\users\Chris & Derek\AppData\Roaming\wklnhst.dat
2009-12-10 14:19 . 2009-09-06 15:57 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Big Fish Games
2009-12-07 19:15 . 2009-12-07 19:14 -------- d-----w- c:\program files\Find Your Own Way Home
2009-12-07 18:33 . 2009-11-15 17:51 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\MysteryStudio
2009-12-05 22:53 . 2009-12-05 22:53 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\ChaYoWo Games
2009-12-05 21:00 . 2009-12-05 21:00 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-02 18:19 . 2008-08-31 18:55 -------- d-----w- c:\program files\EasyBits For Kids
2009-11-30 14:34 . 2009-09-08 20:16 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\SpinTop Games
2009-11-30 13:21 . 2009-11-30 13:07 -------- d-----w- c:\program files\Lexmark 5200 Series
2009-11-28 16:39 . 2009-11-28 16:39 -------- d-----w- c:\programdata\Azureus
2009-11-28 08:58 . 2009-11-28 08:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb22BE.tmp.exe
2009-11-26 11:25 . 2009-11-26 11:25 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\Orneon
2009-11-22 20:35 . 2008-08-31 18:17 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-21 06:40 . 2009-12-17 18:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-17 18:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-17 18:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-17 18:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 16:11 . 2009-11-20 16:11 -------- d-----w- c:\users\Chris & Derek\AppData\Roaming\EscapeTheMuseum2
2009-11-18 09:14 . 2009-11-18 09:14 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 09:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 09:14 . 2009-11-18 09:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-15 18:42 . 2009-11-15 18:42 36864 ----a-w- c:\programdata\TEMP\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\PostBuild.exe
2009-11-09 12:31 . 2009-12-10 09:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 09:41 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 09:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-26 09:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-03-31 21:47 . 2009-01-21 10:46 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-01 03:04 . 2008-09-01 03:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-12 39408]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [2007-08-16 202008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 22:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 14:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-05-03 03:53 103344 ----a-w- c:\program files\Lexmark 5200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 14:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 12:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBTCATS]
2007-02-22 05:46 73728 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxbttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-22 14:49 13539872 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-22 14:49 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 04:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-12 12:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,52,ff,7d,38,39,ca,01

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [12/04/2016 00:00 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [12/04/2016 00:00 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [12/04/2016 00:00 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSvix86.sys [15/01/2010 10:07 343088]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [11/01/2010 18:05 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/01/2010 18:05 345832]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [14/01/2009 20:36 282968]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/04/2016 00:00 117640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/01/2010 18:05 972008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/12/2009 04:30 102448]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [24/05/2009 07:36 501248]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [12/04/2016 00:00 48688]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-15 c:\windows\Tasks\Norton Security Scan for Chris & Derek.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-19 09:36]

2010-01-12 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2010-01-04 03:41]
.
.
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Chris & Derek\AppData\Roaming\Mozilla\Firefox\Profiles\v196jpcw.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

AddRemove-Something Special 1.00 - c:\program files\Games\Something Special\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-16 14:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(17048)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\stobject.dll
c:\windows\System32\msxml3.dll
c:\windows\system32\imapi2.dll
.
Completion time: 2010-01-16 14:39:09
ComboFix-quarantined-files.txt 2010-01-16 14:39
ComboFix2.txt 2010-01-13 16:31
ComboFix3.txt 2010-01-13 11:50
ComboFix4.txt 2010-01-12 09:06
ComboFix5.txt 2010-01-16 14:25

Pre-Run: 216,547,450,880 bytes free
Post-Run: 216,553,496,576 bytes free

- - End Of File - - 6E48C93D086AB136EF70D9EFED8D843C

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Sat Jan 16, 2010 6:23 pm

Still hasn't worked, your just double clicking on it, did you read my instructions by Dragging/Dropping CFScript.txt onto Combofix?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: problems with trojan

Post by rachel10173 on Thu Jan 21, 2010 1:21 pm

Hi,

Sorry for the delay in replying, yes I have dragged and dropped the CFScript onto the combofix so I don't understand why it's not giving you the correct results.

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Thu Jan 21, 2010 7:27 pm

Now open a new notepad file.
Input this into the notepad file:

@echo off
sc stop "ezSharedSvc"
sc delete "ezSharedSvc"
del fix.bat
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: problems with trojan

Post by rachel10173 on Fri Jan 29, 2010 7:40 pm

Hi,

I've done that step, was there anything that I should have pasted back on here?

rachel10173
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-03
OS : vista

View user profile

Back to top Go down

Re: problems with trojan

Post by Belahzur on Sat Jan 30, 2010 4:48 pm

No.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum