Rapid Antivirus Infection and other garbage

View previous topic View next topic Go down

Solved Rapid Antivirus Infection and other garbage

Post by mrmccleve on 7th December 2008, 6:14 pm

My computer has been infected with the Rapid Antivirus bug and other problems have been showing up too. There are a couple of web link shortcuts that automatically appear on the desktop no matter how many times I delete them. These links are to porn sites.

I had a firewall on. I had Symantec Antivirus with all the current updates running. I had all Windows updates installed. I am not sure how the Rapid Antivirus bug got on the computer or these other problems. My son was on the computer for a short while. Maybe something happened then.

Anyway, I did some searching for ways to get rid of the Rapid Antivirus bug and followed some instructions that included doing a file search and deleting files I found. Checking for any running processes via the Windows Task Manager and deleting any associated with the Rapid Antivirus bug. Also, I did a search in the Registry Keys and deleted a couple of keys that the instructions said were related to it.

But, the problems don't go away. Usually, soon after I start the computer a bubble pops up over in the System Tray that says, "Attention! Low Performance!" and then goes on to explain that there may be a malware infection. This message sometimes says other problems, but essentially lead to the same recommendation that I need to scan for malware. I have not followed any of those instructions.

I will also get a window pop-up saying that "Excessive SMTP email traffic has been detected. Probable spambot infection. Do you wish to scan for spambot type malware now? (recommended)" This comes with a Yes and a No choice. The "Close Dialog Box" red X in the upper right hand corner is dimmed and not functioning. I have ignored this window, not checking either Yes or No, but the window won't go away. This window also remains as the top most window at all times.

My Symantec Antivirus does scan and find problems, such as a "Backdoor..." virus, but it won't get rid of it. It just leaves it alone.

I have downloaded, installed, and run "Hijack This" on the computer. Here is a copy of the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:45 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiconf.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Michael\Desktop\Hijack(GP)This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6514 bytes

Thanks for your help. The second part of the required files will follow in a 2nd post, as requested.

Michael

Email removed for users safety and privacy - Belahzur

mrmccleve
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-07
OS OS : Windows XP Pro
Points Points : 29250
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Rapid Antivirus Infection and other garbage

Post by mrmccleve on 7th December 2008, 6:16 pm

Here is the Uninstall List from Hijack This:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9
Blue CoatŪ K9 Web Protection 4.0.284
Broadcom 440x 10/100 Integrated Controller
Cisco Systems VPN Client 5.0.01.0600
Conexant HDA D330 MDC V.92 Modem
Dell Resource CD
Dell Touchpad
Dell Wireless WLAN Card Utility
GameTap Web Player
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
IntelliSonic Speech Enhancement
Jewelry Designer Manager Pro
LiveUpdate 3.2 (Symantec Corporation)
Microsoft Access 2000 SR-1 Runtime
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
NVIDIA Drivers
Pdf995
PowerDVD 5.7
QuickSet
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SigmaTel Audio
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Symantec AntiVirus
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3

Thanks,
Michael

mrmccleve
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-07
OS OS : Windows XP Pro
Points Points : 29250
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Rapid Antivirus Infection and other garbage

Post by Belahzur on 7th December 2008, 6:17 pm

Hello.
I have removed your email adress from your post for your safety and privacy.


  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe


  • Press "Fix Checked"
  • Close Hijack This.


Delete this file in bold:
C:\windows\system32\msiconf.exe


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved First of 2 posts of the ComboFix.txt

Post by mrmccleve on 7th December 2008, 6:33 pm

ComboFix 08-12-06.06 - Michael 2008-12-07 13:28:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1473 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSStkdv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 13:00 . 2008-12-07 13:00 46,640 --a------ c:\windows\system32\msln.exe
2008-12-07 12:56 . 2008-12-07 12:58 d-------- c:\program files\Blue Coat K9 Web Protection
2008-12-06 21:40 . 2008-12-06 21:40 d-------- c:\documents and settings\admin
2008-12-06 21:16 . 2008-12-06 21:16 0 --a------ c:\windows\vpc32.INI
2008-12-06 21:01 . 2008-12-06 21:01 d-------- c:\documents and settings\Michael\Application Data\s_5849_MTF8fHx8MTF8fHwxMjQxMjQxMzQwfA_
2008-12-06 13:18 . 2008-12-06 13:18 d-------- c:\documents and settings\All Users\Application Data\Musicnotes
2008-12-05 18:57 . 2008-12-05 18:57 d-------- c:\documents and settings\Michael\Application Data\CyberLink
2008-12-04 19:31 . 2008-12-04 19:31 d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-12-04 17:18 . 2008-12-04 17:18 d-------- c:\program files\GameTap Web Player
2008-12-04 17:17 . 2008-12-04 18:33 d-------- c:\documents and settings\All Users\Application Data\GameTap Web Player
2008-12-02 12:11 . 2001-05-12 12:39 393,216 --a------ c:\windows\system32\DBPix.ocx
2008-12-02 12:11 . 2003-12-19 14:21 204,800 --a------ c:\windows\system32\SagekeySecurity.ocx
2008-12-02 12:11 . 2003-12-17 10:52 57,344 --a------ c:\windows\system32\sagekey6.dll
2008-12-02 12:10 . 2008-12-02 12:10 d-------- c:\program files\Snapshot Viewer
2008-12-02 12:10 . 2008-12-02 12:11 d-------- c:\program files\Jewelry Designer Manager
2008-12-02 12:10 . 1998-09-16 22:20 393,216 --a------ c:\windows\system32\MSRDO20.DLL
2008-12-02 12:10 . 1998-09-16 22:20 151,552 --a------ c:\windows\system32\RDOCURS.DLL
2008-12-02 12:10 . 1998-08-09 11:07 94,208 --a------ c:\windows\system32\MSSTKPRP.DLL
2008-12-02 12:10 . 1999-03-03 12:05 81,920 --a------ c:\windows\system32\MDT2FW95.DLL
2008-12-02 12:10 . 1998-04-03 19:12 68,080 --a------ c:\windows\system32\DIMM.DLL
2008-12-02 12:10 . 1999-01-22 11:46 65,536 --a------ c:\windows\system32\MSRTEDIT.DLL
2008-12-02 12:10 . 1998-06-17 03:08 53,248 --a------ c:\windows\system32\MFC42ENU.DLL
2008-12-02 12:10 . 1998-08-31 15:05 32,768 --a------ c:\windows\system32\hlinkprx.dll
2008-12-02 12:10 . 1997-08-19 00:00 31,744 --a------ c:\windows\system32\hlp95en.dll
2008-12-02 12:10 . 1998-03-13 18:22 20,080 --a------ c:\windows\system32\WINSSPI.DLL
2008-12-02 11:13 . 2008-12-02 11:13 d-------- c:\documents and settings\All Users\Application Data\espionServerData
2008-12-02 09:15 . 2008-12-02 09:15 d-------- c:\documents and settings\Michael\Application Data\pdf995
2008-12-02 09:15 . 2008-12-02 09:15 28 --a------ c:\windows\pdf995.ini
2008-12-02 09:09 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-02 09:09 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-02 09:09 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-02 09:07 . 2008-12-02 09:08 d-------- c:\program files\pdf995
2008-12-02 09:07 . 2008-12-02 18:14 d-------- c:\documents and settings\All Users\Application Data\pdf995
2008-12-02 09:07 . 2008-12-02 09:07 249,856 --a------ c:\windows\system32\pdfmona.dll
2008-12-02 09:07 . 2008-12-02 09:07 51,716 --a------ c:\windows\system32\pdf995mon.dll
2008-12-02 09:07 . 2008-12-02 18:14 59 --a------ c:\windows\wpd99.drv
2008-11-25 17:06 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2008-11-25 17:05 . 2008-11-25 17:05 d-------- c:\program files\Microsoft Works
2008-11-25 17:00 . 2008-11-25 17:04 d-------- c:\windows\SHELLNEW
2008-11-25 16:59 . 2008-12-03 08:14 d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-25 16:58 . 2008-11-25 16:58 dr-h----- C:\MSOCache
2008-11-25 16:50 . 2008-11-25 16:50 d-------- c:\windows\Internet Logs
2008-11-25 16:49 . 2008-11-25 16:49 d-------- c:\program files\Common Files\Deterministic Networks
2008-11-25 16:49 . 2008-11-25 16:49 d-------- c:\program files\Cisco Systems
2008-11-25 16:49 . 2007-01-31 13:45 127,376 --a------ c:\windows\system32\drivers\dne2000.sys
2008-11-25 16:49 . 2007-01-31 13:45 101,904 --a------ c:\windows\system32\dneinobj.dll
2008-11-25 16:48 . 2008-11-25 16:50 1,594 --a------ c:\windows\VPNInstall.MIF
2008-11-25 16:41 . 2008-11-25 16:46 d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 16:41 . 2008-11-25 16:54 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 16:40 . 2008-11-25 16:40 d-------- c:\program files\Common Files\Adobe AIR
2008-11-25 16:40 . 2008-11-25 16:40 0 --a------ c:\windows\nsreg.dat
2008-11-25 16:39 . 2008-12-02 08:40 d-------- c:\program files\Common Files\Adobe
2008-11-25 16:32 . 2008-11-25 16:32 110,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-25 16:32 . 2008-11-25 16:32 48,768 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-25 16:32 . 2008-11-25 16:32 8,014 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-25 16:32 . 2008-11-25 16:32 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-25 16:31 . 2008-12-07 12:58 d-------- c:\program files\Symantec AntiVirus
2008-11-25 16:31 . 2008-11-25 16:32 d-------- c:\program files\Symantec
2008-11-25 16:31 . 2008-11-25 16:32 d-------- c:\program files\Common Files\Symantec Shared
2008-11-25 16:31 . 2008-11-25 16:31 d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-25 16:21 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-25 16:21 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-25 16:21 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-25 16:21 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-25 16:21 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-25 16:21 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-25 16:21 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-25 16:21 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-25 16:21 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-25 15:20 . 2008-11-25 15:20 d-------- c:\windows\system32\scripting
2008-11-25 15:18 . 2008-11-25 15:18 d-------- c:\windows\ServicePackFiles
2008-11-25 15:18 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-11-25 15:14 . 2006-12-29 00:31 19,569 --a------ c:\windows\002874_.tmp
2008-11-25 15:08 . 2008-11-25 15:08 d-------- c:\program files\CyberLink
2008-11-25 14:52 . 2008-11-25 14:52 d-------- c:\windows\system32\vmm32
2008-11-25 14:52 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-25 14:52 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-25 14:52 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-25 14:52 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-25 14:51 . 2008-11-25 14:51 d--hs---- c:\documents and settings\Michael\UserData
2008-11-25 14:51 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-25 14:51 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-25 14:51 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 14:51 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-25 14:50 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-25 14:48 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-25 14:48 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-25 14:46 . 2008-11-25 14:46 d-------- c:\program files\DIFX
2008-11-25 14:46 . 2004-09-03 10:00 90,112 --a------ c:\windows\system32\snymsico.dll
2008-11-25 14:46 . 2006-11-14 19:42 43,520 --a------ c:\windows\system32\drivers\rimsptsk.sys
2008-11-25 14:46 . 2006-11-14 17:35 37,376 --a------ c:\windows\system32\drivers\rixdptsk.sys
2008-11-25 14:46 . 2006-11-15 00:16 32,256 --a------ c:\windows\system32\drivers\rimmptsk.sys
2008-11-25 14:46 . 2005-05-06 19:06 16,480 --a------ c:\windows\system32\rixdicon.dll
2008-11-25 14:45 . 2008-11-25 14:47 d-------- c:\program files\Dell
2008-11-25 14:45 . 2008-11-25 14:45 d-------- c:\documents and settings\Michael\Application Data\InstallShield
2008-11-25 14:45 . 2008-11-25 14:45 d-------- c:\documents and settings\Michael\Application Data\Dell
2008-11-25 14:45 . 2005-08-12 17:50 16,128 --a------ c:\windows\system32\drivers\APPDRV.SYS
2008-11-25 14:43 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-25 14:40 . 2008-11-25 14:40 d-------- c:\program files\Synaptics
2008-11-25 14:40 . 2007-10-26 13:57 216,800 --a------ c:\windows\system32\drivers\SynTP.sys
2008-11-25 14:40 . 2007-10-26 14:01 196,608 --a------ c:\windows\system32\SynCtrl.dll
2008-11-25 14:40 . 2007-10-26 14:01 163,840 --a------ c:\windows\system32\SynCOM.dll
2008-11-25 14:40 . 2007-10-26 14:09 147,456 --a------ c:\windows\system32\SynTPAPI.dll
2008-11-25 14:40 . 2007-10-26 14:38 110,592 --a------ c:\windows\system32\SynTPCo4.dll
2008-11-25 14:39 . 2008-11-25 14:39 d-------- c:\program files\Intel
2008-11-25 14:39 . 2008-11-25 14:39 d-------- C:\Intel
2008-11-25 14:28 . 2008-11-25 14:28 d-------- c:\program files\CONEXANT
2008-11-25 14:28 . 2007-08-02 17:35 989,952 -ra------ c:\windows\system32\drivers\HSF_DPV.sys
2008-11-25 14:28 . 2007-08-02 17:34 731,136 -ra------ c:\windows\system32\drivers\HSF_CNXT.sys
2008-11-25 14:28 . 2007-07-24 15:08 217,088 -ra------ c:\windows\system32\UCI32M21.dll
2008-11-25 14:28 . 2007-08-02 17:34 211,200 -ra------ c:\windows\system32\drivers\HSFHWAZL.sys
2008-11-25 14:28 . 2006-06-19 14:26 94,208 -ra------ c:\windows\system32\mdmxsdk.dll
2008-11-25 14:28 . 2006-06-19 14:26 12,672 -ra------ c:\windows\system32\drivers\mdmxsdk.sys
2008-11-25 14:22 . 2008-04-14 00:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2008-11-25 14:22 . 2007-09-06 14:04 143,891 --a------ c:\windows\system32\drivers\del1028.cty
2008-11-25 14:22 . 2008-04-13 22:09 142,592 --a------ c:\windows\system32\drivers\aec.sys
2008-11-25 14:22 . 2008-04-14 00:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys

mrmccleve
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-07
OS OS : Windows XP Pro
Points Points : 29250
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Rapid Antivirus Infection and other garbage

Post by mrmccleve on 7th December 2008, 6:34 pm

This is the 2nd half of the ComboFix.txt log

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 13:35 20,640 ------w c:\windows\system32\drivers\PxHelp20.sys
2008-12-02 13:35 109,568 ------w c:\windows\system32\pxinsi64.exe
2008-12-02 13:35 108,544 ------w c:\windows\system32\pxcpyi64.exe
2008-11-25 18:50 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 22:08 72,992 ----a-w c:\windows\system32\drivers\bckd.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"nwiz"="nwiz.exe" [2007-11-17 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-11-17 c:\windows\system32\nvhotkey.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-11-25 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2008-11-21 72992]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2008-11-21 1078560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-25 99376]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2007-10-07 116664]

*Newly Created Service* - BCKD
*Newly Created Service* - BCKWFS
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\updater.csv - c:\windows\Downloaded Program Files\GameTapWebUpdater.dll
O16 -: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}
[You must be registered and logged in to see this link.]
c:\windows\Downloaded Program Files\GameTapWebUpdater.inf
FireFox -: Profile - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\0a74hedd.default\
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmusicn.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-07 13:29:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-07 13:30:26
ComboFix-quarantined-files.txt 2008-12-07 18:30:23

Pre-Run: 137,145,839,616 bytes free
Post-Run: 137,418,952,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

230 --- E O F --- 2008-12-03 13:14:23

mrmccleve
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-07
OS OS : Windows XP Pro
Points Points : 29250
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Rapid Antivirus Infection and other garbage

Post by Belahzur on 7th December 2008, 7:09 pm

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\msln.exe

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Rapid Antivirus Infection and other garbage

Post by mrmccleve on 7th December 2008, 7:23 pm

Here is the 1st half of the Combofix log after I ran the CFscript.txt:

ComboFix 08-12-06.06 - Michael 2008-12-07 14:20:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1422 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\windows\system32\msln.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msln.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 12:56 . 2008-12-07 12:58 d-------- c:\program files\Blue Coat K9 Web Protection
2008-12-06 21:40 . 2008-12-06 21:40 d-------- c:\documents and settings\admin
2008-12-06 21:16 . 2008-12-06 21:16 0 --a------ c:\windows\vpc32.INI
2008-12-06 21:01 . 2008-12-06 21:01 d-------- c:\documents and settings\Michael\Application Data\s_5849_MTF8fHx8MTF8fHwxMjQxMjQxMzQwfA_
2008-12-06 13:18 . 2008-12-06 13:18 d-------- c:\documents and settings\All Users\Application Data\Musicnotes
2008-12-05 18:57 . 2008-12-05 18:57 d-------- c:\documents and settings\Michael\Application Data\CyberLink
2008-12-04 19:31 . 2008-12-04 19:31 d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-04 18:32 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-04 18:32 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-04 18:32 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-12-04 17:18 . 2008-12-04 17:18 d-------- c:\program files\GameTap Web Player
2008-12-04 17:17 . 2008-12-04 18:33 d-------- c:\documents and settings\All Users\Application Data\GameTap Web Player
2008-12-02 12:11 . 2001-05-12 12:39 393,216 --a------ c:\windows\system32\DBPix.ocx
2008-12-02 12:11 . 2003-12-19 14:21 204,800 --a------ c:\windows\system32\SagekeySecurity.ocx
2008-12-02 12:11 . 2003-12-17 10:52 57,344 --a------ c:\windows\system32\sagekey6.dll
2008-12-02 12:10 . 2008-12-02 12:10 d-------- c:\program files\Snapshot Viewer
2008-12-02 12:10 . 2008-12-02 12:11 d-------- c:\program files\Jewelry Designer Manager
2008-12-02 12:10 . 1998-09-16 22:20 393,216 --a------ c:\windows\system32\MSRDO20.DLL
2008-12-02 12:10 . 1998-09-16 22:20 151,552 --a------ c:\windows\system32\RDOCURS.DLL
2008-12-02 12:10 . 1998-08-09 11:07 94,208 --a------ c:\windows\system32\MSSTKPRP.DLL
2008-12-02 12:10 . 1999-03-03 12:05 81,920 --a------ c:\windows\system32\MDT2FW95.DLL
2008-12-02 12:10 . 1998-04-03 19:12 68,080 --a------ c:\windows\system32\DIMM.DLL
2008-12-02 12:10 . 1999-01-22 11:46 65,536 --a------ c:\windows\system32\MSRTEDIT.DLL
2008-12-02 12:10 . 1998-06-17 03:08 53,248 --a------ c:\windows\system32\MFC42ENU.DLL
2008-12-02 12:10 . 1998-08-31 15:05 32,768 --a------ c:\windows\system32\hlinkprx.dll
2008-12-02 12:10 . 1997-08-19 00:00 31,744 --a------ c:\windows\system32\hlp95en.dll
2008-12-02 12:10 . 1998-03-13 18:22 20,080 --a------ c:\windows\system32\WINSSPI.DLL
2008-12-02 11:13 . 2008-12-02 11:13 d-------- c:\documents and settings\All Users\Application Data\espionServerData
2008-12-02 09:15 . 2008-12-02 09:15 d-------- c:\documents and settings\Michael\Application Data\pdf995
2008-12-02 09:15 . 2008-12-02 09:15 28 --a------ c:\windows\pdf995.ini
2008-12-02 09:09 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-02 09:09 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-02 09:09 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-02 09:07 . 2008-12-02 09:08 d-------- c:\program files\pdf995
2008-12-02 09:07 . 2008-12-02 18:14 d-------- c:\documents and settings\All Users\Application Data\pdf995
2008-12-02 09:07 . 2008-12-02 09:07 249,856 --a------ c:\windows\system32\pdfmona.dll
2008-12-02 09:07 . 2008-12-02 09:07 51,716 --a------ c:\windows\system32\pdf995mon.dll
2008-12-02 09:07 . 2008-12-02 18:14 59 --a------ c:\windows\wpd99.drv
2008-11-25 17:06 . 2006-10-26 19:58 30,512 --a------ c:\windows\system32\mdimon.dll
2008-11-25 17:05 . 2008-11-25 17:05 d-------- c:\program files\Microsoft Works
2008-11-25 17:00 . 2008-11-25 17:04 d-------- c:\windows\SHELLNEW
2008-11-25 16:59 . 2008-12-03 08:14 d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-25 16:58 . 2008-11-25 16:58 dr-h----- C:\MSOCache
2008-11-25 16:50 . 2008-11-25 16:50 d-------- c:\windows\Internet Logs
2008-11-25 16:49 . 2008-11-25 16:49 d-------- c:\program files\Common Files\Deterministic Networks
2008-11-25 16:49 . 2008-11-25 16:49 d-------- c:\program files\Cisco Systems
2008-11-25 16:49 . 2007-01-31 13:45 127,376 --a------ c:\windows\system32\drivers\dne2000.sys
2008-11-25 16:49 . 2007-01-31 13:45 101,904 --a------ c:\windows\system32\dneinobj.dll
2008-11-25 16:48 . 2008-11-25 16:50 1,594 --a------ c:\windows\VPNInstall.MIF
2008-11-25 16:41 . 2008-11-25 16:46 d-------- c:\program files\Spybot - Search & Destroy
2008-11-25 16:41 . 2008-11-25 16:54 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 16:40 . 2008-11-25 16:40 d-------- c:\program files\Common Files\Adobe AIR
2008-11-25 16:40 . 2008-11-25 16:40 0 --a------ c:\windows\nsreg.dat
2008-11-25 16:39 . 2008-12-02 08:40 d-------- c:\program files\Common Files\Adobe
2008-11-25 16:32 . 2008-11-25 16:32 110,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-25 16:32 . 2008-11-25 16:32 48,768 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-25 16:32 . 2008-11-25 16:32 8,014 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-25 16:32 . 2008-11-25 16:32 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-25 16:31 . 2008-12-07 12:58 d-------- c:\program files\Symantec AntiVirus
2008-11-25 16:31 . 2008-11-25 16:32 d-------- c:\program files\Symantec
2008-11-25 16:31 . 2008-11-25 16:32 d-------- c:\program files\Common Files\Symantec Shared
2008-11-25 16:31 . 2008-11-25 16:31 d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-25 16:21 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-25 16:21 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-25 16:21 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-25 16:21 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-25 16:21 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-25 16:21 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-25 16:21 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-25 16:21 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-25 16:21 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-25 15:20 . 2008-11-25 15:20 d-------- c:\windows\system32\scripting
2008-11-25 15:18 . 2008-11-25 15:18 d-------- c:\windows\ServicePackFiles
2008-11-25 15:18 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe
2008-11-25 15:14 . 2006-12-29 00:31 19,569 --a------ c:\windows\002874_.tmp
2008-11-25 15:08 . 2008-11-25 15:08 d-------- c:\program files\CyberLink
2008-11-25 14:52 . 2008-11-25 14:52 d-------- c:\windows\system32\vmm32
2008-11-25 14:52 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-25 14:52 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-25 14:52 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-25 14:52 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-25 14:51 . 2008-11-25 14:51 d--hs---- c:\documents and settings\Michael\UserData
2008-11-25 14:51 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-25 14:51 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-25 14:51 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-25 14:51 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-25 14:51 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-25 14:50 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-25 14:48 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-25 14:48 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-25 14:46 . 2008-11-25 14:46 d-------- c:\program files\DIFX
2008-11-25 14:46 . 2004-09-03 10:00 90,112 --a------ c:\windows\system32\snymsico.dll
2008-11-25 14:46 . 2006-11-14 19:42 43,520 --a------ c:\windows\system32\drivers\rimsptsk.sys
2008-11-25 14:46 . 2006-11-14 17:35 37,376 --a------ c:\windows\system32\drivers\rixdptsk.sys
2008-11-25 14:46 . 2006-11-15 00:16 32,256 --a------ c:\windows\system32\drivers\rimmptsk.sys
2008-11-25 14:46 . 2005-05-06 19:06 16,480 --a------ c:\windows\system32\rixdicon.dll
2008-11-25 14:45 . 2008-11-25 14:47 d-------- c:\program files\Dell
2008-11-25 14:45 . 2008-11-25 14:45 d-------- c:\documents and settings\Michael\Application Data\InstallShield
2008-11-25 14:45 . 2008-11-25 14:45 d-------- c:\documents and settings\Michael\Application Data\Dell
2008-11-25 14:45 . 2005-08-12 17:50 16,128 --a------ c:\windows\system32\drivers\APPDRV.SYS
2008-11-25 14:43 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-25 14:40 . 2008-11-25 14:40 d-------- c:\program files\Synaptics
2008-11-25 14:40 . 2007-10-26 13:57 216,800 --a------ c:\windows\system32\drivers\SynTP.sys
2008-11-25 14:40 . 2007-10-26 14:01 196,608 --a------ c:\windows\system32\SynCtrl.dll
2008-11-25 14:40 . 2007-10-26 14:01 163,840 --a------ c:\windows\system32\SynCOM.dll
2008-11-25 14:40 . 2007-10-26 14:09 147,456 --a------ c:\windows\system32\SynTPAPI.dll
2008-11-25 14:40 . 2007-10-26 14:38 110,592 --a------ c:\windows\system32\SynTPCo4.dll
2008-11-25 14:39 . 2008-11-25 14:39 d-------- c:\program files\Intel
2008-11-25 14:39 . 2008-11-25 14:39 d-------- C:\Intel
2008-11-25 14:28 . 2008-11-25 14:28 d-------- c:\program files\CONEXANT
2008-11-25 14:28 . 2007-08-02 17:35 989,952 -ra------ c:\windows\system32\drivers\HSF_DPV.sys
2008-11-25 14:28 . 2007-08-02 17:34 731,136 -ra------ c:\windows\system32\drivers\HSF_CNXT.sys
2008-11-25 14:28 . 2007-07-24 15:08 217,088 -ra------ c:\windows\system32\UCI32M21.dll
2008-11-25 14:28 . 2007-08-02 17:34 211,200 -ra------ c:\windows\system32\drivers\HSFHWAZL.sys
2008-11-25 14:28 . 2006-06-19 14:26 94,208 -ra------ c:\windows\system32\mdmxsdk.dll
2008-11-25 14:28 . 2006-06-19 14:26 12,672 -ra------ c:\windows\system32\drivers\mdmxsdk.sys
2008-11-25 14:22 . 2008-04-14 00:15 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2008-11-25 14:22 . 2007-09-06 14:04 143,891 --a------ c:\windows\system32\drivers\del1028.cty
2008-11-25 14:22 . 2008-04-13 22:09 142,592 --a------ c:\windows\system32\drivers\aec.sys
2008-11-25 14:22 . 2008-04-14 00:47 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
2008-11-25 14:22 . 2008-04-14 00:45 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys

mrmccleve
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-07
OS OS : Windows XP Pro
Points Points : 29250
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Rapid Antivirus Infection and other garbage

Post by Belahzur on 7th December 2008, 7:24 pm

Hello.
Looks good, what problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Rapid Antivirus Infection and other garbage

Post by mrmccleve on 7th December 2008, 7:51 pm

I did a full scan of my system with Symantec Antivirus, after being sure it was updated with the latest protection files. Nothing showed up.

Thank you!

Michael

mrmccleve
Novice
Novice

Posts Posts : 6
Joined Joined : 2008-12-07
OS OS : Windows XP Pro
Points Points : 29250
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Rapid Antivirus Infection and other garbage

Post by Belahzur on 7th December 2008, 7:53 pm

Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.


Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Rapid Antivirus Infection and other garbage

Post by Doctor Inferno on 26th December 2008, 4:34 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum