Unsolved

This post is more than 5 years old

20 Posts

4807

February 5th, 2010 06:00

Axwin frame window: svchost.exe-Application Error

Posted in the wrong thread earlier, sorry

Having a similar problem to a number of people with an Axwin frame window: svchost.exe-Application Error

Tackled the main problem of spontaneous restarts by disabling the DCOM error restarts

below are DDS, MBAM and Hijack this logs

 


DDS (Ver_09-09-29.01) - NTFSx86 
Run by mickey at  7:50:02.20 on Fri 02/05/2010
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageworkstation\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageworkstation\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {BA150BE2-D9D8-40D7-B632-CD5FF5C4EA10} = 192.168.1.4,208.67.220.220
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-02-04 13:04   

    --d-----    c:\program files\Trend Micro
2010-02-04 09:32        --d-----    c:\program files\a-squared Free
2010-02-04 08:48        --d-----    c:\program files\Yahoo!
2010-02-04 08:45        --d-----    c:\program files\CCleaner
2010-01-21 08:19    15,880    a-------    c:\windows\system32\lsdelete.exe
2010-01-21 07:08    64,288    a-------    c:\windows\system32\drivers\Lbd.sys
2010-01-21 07:04        -cd-h---    c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-21 07:03        --d-----    c:\program files\Lavasoft
2010-01-20 13:05        --d-----    c:\docume~1\mickey~1.ind\applic~1\EDrawings
2010-01-13 05:29    471,552    --------    c:\windows\system32\dllcache\aclayers.dll

==================== Find3M  ====================

2010-01-07 16:07    38,224    a-------    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07    19,160    a-------    c:\windows\system32\drivers\mbam.sys
2009-12-21 08:19    173,056    --------    c:\windows\system32\dllcache\ie4uinit.exe
2009-12-17 17:14    411,368    a-------    c:\windows\system32\deploytk.dll
2009-11-21 10:51    471,552    a-------    c:\windows\apppatch\aclayers.dll

============= FINISH:  7:51:43.56 ===============

Malwarebytes' Anti-Malware 1.44
Database version: 3692
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/5/2010 9:07:17 AM
mbam-log-2010-02-05 (09-07-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 202801
Time elapsed: 1 hour(s), 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\mickey.INDUSTRIALWOODW\Local Settings\Temporary Internet Files\Content.IE5\CZRIUJB5\Setup_149[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.

 


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

a-squared Free 4.5
Acrobat.com
Acronis True Image Workstation
Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 5.0
Adobe Acrobat 6.0 Standard
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 9.2
Advanced SystemCare 3
ATI Control Panel
ATI Display Driver
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
CCleaner
Compatibility Pack for the 2007 Office system
Crystal Reports XI Release 2
GdiplusUpgrade
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Install Network Printer Wizard
hp LaserJet 1160/1320 series
HP Update
InstallMgr
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 2
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005 Redistributable
MSN
MSN Toolbar
Norton Internet Security
Notification Utility
OMCI
PrintScreen
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Symantec KB-DocID:2003093015493306
The E2 Shop System 7.0
The E2 Shop System 7.1
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
Yahoo! Toolbar

==== End Of File ===========================

 

4 Apprentice

 • 

20.5K Posts

February 5th, 2010 06:00

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

In your other post you stated that you've tried everything. You are missing your Attach.txt log. Please post it. Thanks.

No Reply within 3 days will result in this topic being closed, and I will remove it from my subscriptions. If you require more time, please let me know.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

 

20 Posts

February 5th, 2010 07:00

In answer to your questions....

The only other place I've posted this is http://en.community.dell.com/forums/t/19320030.aspx and you directed me here.

System restore is enabled

no cracked or P2P software

I have admin access

I edited my original post and appended the attach.txt file.

Thanks,

Steve

20 Posts

February 5th, 2010 09:00

I'll try this on the weekend or Monday.

Thanks for your assistance

4 Apprentice

 • 

20.5K Posts

February 5th, 2010 09:00

Thank you for the info.

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Double click on ComboFix.exe & follow the prompts.









  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.




  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log for further review.











 

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

* Additional information on A/V control HERE. * ComboFix is not intended for use with servers.

4 Apprentice

 • 

20.5K Posts

February 5th, 2010 10:00

Thank you for letting me know.:emotion-1:

20 Posts

February 8th, 2010 05:00

I have run combofix

As a special added bonus after running combofix i get a new 'Generic Host Process for Win32 Services' error

below are the combofix and hijackthis logs

Combofix

ComboFix 10-02-07.07 - mickey 02/08/2010   7:41.1.2 - x86
Running from: s:\`software\anti stuff\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2010-01-08 to 2010-02-08  )))))))))))))))))))))))))))))))
.

2010-02-05 10:29 . 2010-02-05 10:29    --------    d-sh--w-    c:\documents and settings\NetworkService\IETldCache
2010-02-04 18:04 . 2010-02-04 18:04    --------    d-----w-    c:\program files\Trend Micro
2010-02-04 14:32 . 2010-02-04 15:42    --------    d-----w-    c:\program files\a-squared Free
2010-02-04 13:56 . 2010-02-04 13:56    503808    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-706e056a-n\msvcp71.dll
2010-02-04 13:56 . 2010-02-04 13:56    499712    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-706e056a-n\jmc.dll
2010-02-04 13:56 . 2010-02-04 13:56    348160    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-706e056a-n\msvcr71.dll
2010-02-04 13:56 . 2010-02-04 13:56    61440    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-707ac4a2-n\decora-sse.dll
2010-02-04 13:56 . 2010-02-04 13:56    12800    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-707ac4a2-n\decora-d3d.dll
2010-02-04 13:48 . 2010-02-04 13:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-04 13:48 . 2010-02-04 13:48    --------    d-----w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Yahoo!
2010-02-04 13:48 . 2010-02-04 13:48    --------    d-----w-    c:\program files\Yahoo!
2010-02-04 13:45 . 2010-02-04 13:45    --------    d-----w-    c:\program files\CCleaner
2010-02-04 13:12 . 2010-02-04 13:12    5115824    ----a-w-    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-01 10:32 . 2009-10-28 22:37    811896    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\Scxpx86.dll
2010-02-01 10:32 . 2009-10-28 22:37    329592    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys
2010-02-01 10:32 . 2009-10-28 22:37    343088    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSvix86.sys
2010-02-01 10:32 . 2009-10-28 22:37    488312    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSxpx86.dll
2010-02-01 10:32 . 2009-10-28 22:37    466992    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSviA64.sys
2010-01-21 12:07 . 2010-02-04 18:09    3803208    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-01-21 12:07 . 2010-01-27 12:08    816784    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-21 12:07 . 2010-02-04 18:08    823928    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-21 12:07 . 2010-01-27 12:08    1643272    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-21 12:07 . 2010-01-27 12:08    788880    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-21 12:07 . 2010-02-04 18:08    1181328    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-21 12:04 . 2010-01-21 12:04    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-21 12:04 . 2009-12-07 14:10    2953352    -c--a-w-    c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-21 12:03 . 2010-01-21 12:08    --------    d-----w-    c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-21 12:03 . 2010-01-21 12:03    --------    d-----w-    c:\program files\Lavasoft
2010-01-20 18:05 . 2010-01-20 18:05    --------    d-----w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\EDrawings
2010-01-20 17:10 . 2010-01-20 17:10    --------    d-----w-    c:\documents and settings\administrator.INDUSTRIALWOODW\Application Data\Malwarebytes
2010-01-20 10:39 . 2009-10-28 22:37    343088    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys
2010-01-20 10:39 . 2009-10-28 22:37    329592    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSXpx86.sys
2010-01-20 10:39 . 2009-10-28 22:37    811896    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\Scxpx86.dll
2010-01-20 10:39 . 2009-10-28 22:37    488312    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSxpx86.dll
2010-01-20 10:39 . 2009-10-28 22:37    466992    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSviA64.sys
2010-01-13 10:29 . 2009-11-21 15:51    471552    ------w-    c:\windows\system32\dllcache\aclayers.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 18:09 . 2010-01-21 12:07    389784    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 13:56 . 2005-05-03 18:21    --------    d-----w-    c:\program files\Common Files\Java
2010-02-04 13:55 . 2005-05-03 18:21    --------    d-----w-    c:\program files\Java
2010-02-04 13:13 . 2009-11-18 14:17    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-02-03 09:00 . 2010-02-08 10:39    84912    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100207.021\NAVENG.SYS
2010-02-03 09:00 . 2010-02-08 10:39    1324720    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100207.021\NAVEX15.SYS
2010-01-27 12:09 . 2010-01-21 12:07    862040    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 12:09 . 2010-01-27 12:09    15880    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 12:09 . 2010-01-21 12:07    206944    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 12:09 . 2010-01-21 12:07    390288    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 12:09 . 2010-01-21 12:07    537576    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 12:09 . 2010-01-27 12:09    163728    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 12:09 . 2010-01-21 12:07    8    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 12:09 . 2010-01-21 12:07    6296864    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 12:09 . 2010-01-27 12:09    87496    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 12:09 . 2010-01-27 12:09    327000    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 12:09 . 2010-01-21 12:07    933120    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-07 21:07 . 2009-11-18 14:17    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-11-18 14:17    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14 . 2004-08-04 10:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2009-06-08 12:15    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-12-09 09:00 . 2010-02-08 10:39    2747440    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100207.021\CCERASER.DLL
2009-12-02 13:19 . 2010-01-21 12:08    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2009-12-02 13:19 . 2010-01-21 13:19    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2009-11-22 15:12 . 2009-11-22 15:12    152576    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-22 15:12 . 2009-11-11 10:43    79488    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:51 . 2004-08-04 10:00    471552    ----a-w-    c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 2335880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-11 188416]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2006-07-21 1106528]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageWorkstation\TimounterMonitor.exe" [2006-07-21 1848155]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-07-21 126976]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-01-28 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100204.001\IDSxpx86.sys [2009-10-28 329592]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2009-10-01 1858144]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]

.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 18:08]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 18:08]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 18:08]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 18:08]

2010-02-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 18:08]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {BA150BE2-D9D8-40D7-B632-CD5FF5C4EA10} = 192.168.1.4,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 07:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F3D618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7669f28
\Driver\ACPI -> ACPI.sys @ 0xf755ccb8
\Driver\atapi -> atapi.sys @ 0xf74d6852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> NDIS.sys @ 0xf734ebb0
 PacketIndicateHandler -> NDIS.sys @ 0xf735ba21
 SendHandler -> NDIS.sys @ 0xf733987b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1120)
c:\windows\system32\WININET.dll
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-02-08  07:58:41
ComboFix-quarantined-files.txt  2010-02-08 12:58

Pre-Run: 22,647,099,392 bytes free
Post-Run: 22,668,345,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A74667EBFB49680EEE06462C37C1D65E

 

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:42 AM, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-21-602162358-706699826-725345543-1144\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-602162358-706699826-725345543-1144\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-602162358-706699826-725345543-1144\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (User '?')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = industrialwoodworking.com
O17 - HKLM\Software\..\Telephony: DomainName = industrialwoodworking.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA150BE2-D9D8-40D7-B632-CD5FF5C4EA10}: NameServer = 192.168.1.4,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = industrialwoodworking.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = industrialwoodworking.com
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10642 bytes

 

Thanks,

4 Apprentice

 • 

20.5K Posts

February 8th, 2010 06:00

ComboFix will not run correctly unless you follow the instructions. ComboFix needs to be running directly from the Desktop of the infected computer.

Yours is running from a folder here: s:\`software\anti stuff\ComboFix.exe

20 Posts

February 9th, 2010 04:00

D'oh!

OK, I've run it from the desktop.

ComboFix 10-02-08.09 - mickey 02/09/2010   7:12.2.2 - x86
Running from: c:\documents and settings\mickey.INDUSTRIALWOODW\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2010-01-09 to 2010-02-09  )))))))))))))))))))))))))))))))
.

2010-02-09 10:34 . 2010-02-03 09:00    84912    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100208.048\NAVENG.SYS
2010-02-09 10:34 . 2010-02-03 09:00    1324720    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100208.048\NAVEX15.SYS
2010-02-09 10:34 . 2009-12-09 09:00    2747440    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100208.048\CCERASER.DLL
2010-02-09 10:34 . 2009-09-22 08:00    259440    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100208.048\ECMSVR32.DLL
2010-02-09 10:34 . 2009-08-26 08:00    371248    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100208.048\EECTRL.SYS
2010-02-09 10:34 . 2009-08-26 08:00    102448    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100208.048\ERASER.SYS
2010-02-09 10:34 . 2009-08-25 08:00    177520    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100208.048\NAVENG32.DLL
2010-02-09 10:34 . 2009-08-25 08:00    1647984    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100208.048\NAVEX32A.DLL
2010-02-08 10:39 . 2009-10-28 22:37    811896    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-08 10:39 . 2009-10-28 22:37    343088    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-08 10:39 . 2009-10-28 22:37    329592    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-08 10:39 . 2009-10-28 22:37    488312    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-08 10:39 . 2009-10-28 22:37    466992    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSviA64.sys
2010-02-05 10:29 . 2010-02-05 10:29    --------    d-sh--w-    c:\documents and settings\NetworkService\IETldCache
2010-02-04 18:04 . 2010-02-04 18:04    --------    d-----w-    c:\program files\Trend Micro
2010-02-04 14:32 . 2010-02-04 15:42    --------    d-----w-    c:\program files\a-squared Free
2010-02-04 13:56 . 2010-02-04 13:56    503808    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-706e056a-n\msvcp71.dll
2010-02-04 13:56 . 2010-02-04 13:56    499712    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-706e056a-n\jmc.dll
2010-02-04 13:56 . 2010-02-04 13:56    348160    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-706e056a-n\msvcr71.dll
2010-02-04 13:56 . 2010-02-04 13:56    61440    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-707ac4a2-n\decora-sse.dll
2010-02-04 13:56 . 2010-02-04 13:56    12800    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-707ac4a2-n\decora-d3d.dll
2010-02-04 13:48 . 2010-02-04 13:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-04 13:48 . 2010-02-04 13:48    --------    d-----w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Yahoo!
2010-02-04 13:48 . 2010-02-04 13:48    --------    d-----w-    c:\program files\Yahoo!
2010-02-04 13:45 . 2010-02-04 13:45    --------    d-----w-    c:\program files\CCleaner
2010-02-04 13:12 . 2010-02-04 13:12    5115824    ----a-w-    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-01 10:32 . 2009-10-28 22:37    811896    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\Scxpx86.dll
2010-02-01 10:32 . 2009-10-28 22:37    329592    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys
2010-02-01 10:32 . 2009-10-28 22:37    343088    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSvix86.sys
2010-02-01 10:32 . 2009-10-28 22:37    488312    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSxpx86.dll
2010-02-01 10:32 . 2009-10-28 22:37    466992    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSviA64.sys
2010-01-21 12:07 . 2010-02-04 18:09    3803208    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-01-21 12:07 . 2010-01-27 12:08    816784    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-21 12:07 . 2010-02-04 18:08    823928    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-21 12:07 . 2010-01-27 12:08    1643272    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-21 12:07 . 2010-01-27 12:08    788880    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-21 12:07 . 2010-02-04 18:08    1181328    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-21 12:04 . 2010-01-21 12:04    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-21 12:04 . 2009-12-07 14:10    2953352    -c--a-w-    c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-21 12:03 . 2010-01-21 12:08    --------    d-----w-    c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-21 12:03 . 2010-01-21 12:03    --------    d-----w-    c:\program files\Lavasoft
2010-01-20 18:05 . 2010-01-20 18:05    --------    d-----w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\EDrawings
2010-01-20 17:10 . 2010-01-20 17:10    --------    d-----w-    c:\documents and settings\administrator.INDUSTRIALWOODW\Application Data\Malwarebytes
2010-01-20 10:39 . 2009-10-28 22:37    343088    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys
2010-01-20 10:39 . 2009-10-28 22:37    329592    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSXpx86.sys
2010-01-20 10:39 . 2009-10-28 22:37    811896    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\Scxpx86.dll
2010-01-20 10:39 . 2009-10-28 22:37    488312    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSxpx86.dll
2010-01-20 10:39 . 2009-10-28 22:37    466992    ----a-w-    c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSviA64.sys
2010-01-13 10:29 . 2009-11-21 15:51    471552    ------w-    c:\windows\system32\dllcache\aclayers.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 18:09 . 2010-01-21 12:07    389784    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 13:56 . 2005-05-03 18:21    --------    d-----w-    c:\program files\Common Files\Java
2010-02-04 13:55 . 2005-05-03 18:21    --------    d-----w-    c:\program files\Java
2010-02-04 13:13 . 2009-11-18 14:17    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-01-27 12:09 . 2010-01-21 12:07    862040    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 12:09 . 2010-01-27 12:09    15880    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 12:09 . 2010-01-21 12:07    206944    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 12:09 . 2010-01-21 12:07    390288    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 12:09 . 2010-01-21 12:07    537576    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 12:09 . 2010-01-27 12:09    163728    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 12:09 . 2010-01-21 12:07    8    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 12:09 . 2010-01-21 12:07    6296864    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 12:09 . 2010-01-27 12:09    87496    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 12:09 . 2010-01-27 12:09    327000    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 12:09 . 2010-01-21 12:07    933120    ----a-w-    c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-07 21:07 . 2009-11-18 14:17    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-11-18 14:17    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14 . 2004-08-04 10:00    916480    ------w-    c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2009-06-08 12:15    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-12-02 13:19 . 2010-01-21 12:08    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
2009-12-02 13:19 . 2010-01-21 13:19    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2009-11-22 15:12 . 2009-11-22 15:12    152576    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-22 15:12 . 2009-11-11 10:43    79488    ----a-w-    c:\documents and settings\mickey.INDUSTRIALWOODW\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:51 . 2004-08-04 10:00    471552    ----a-w-    c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-02-08_12.53.01   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-09 11:47 . 2010-02-09 11:47    16384              c:\windows\Temp\Perflib_Perfdata_2f4.dat
+ 2010-02-09 10:22 . 2010-02-09 10:22    16384              c:\windows\Temp\Perflib_Perfdata_23c.dat
- 2010-02-05 15:52 . 2010-02-05 15:52    16384              c:\windows\Temp\Perflib_Perfdata_23c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 2335880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-11 188416]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe" [2006-07-21 1106528]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageWorkstation\TimounterMonitor.exe" [2006-07-21 1848155]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-07-21 126976]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-01-28 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100204.001\IDSxpx86.sys [2009-10-28 329592]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2009-10-01 1858144]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]

.
Contents of the 'Scheduled Tasks' folder

2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 18:08]

2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 18:08]

2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 18:08]

2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 18:08]

2010-02-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 18:08]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {BA150BE2-D9D8-40D7-B632-CD5FF5C4EA10} = 192.168.1.4,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 07:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F2B618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7669f28
\Driver\ACPI -> ACPI.sys @ 0xf755ccb8
\Driver\atapi -> atapi.sys @ 0xf74d6852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> NDIS.sys @ 0xf734ebb0
 PacketIndicateHandler -> NDIS.sys @ 0xf735ba21
 SendHandler -> NDIS.sys @ 0xf733987b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1124)
c:\windows\system32\WININET.dll
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4068)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-02-09  07:30:52
ComboFix-quarantined-files.txt  2010-02-09 12:30
ComboFix2.txt  2010-02-08 12:58

Pre-Run: 22,648,033,280 bytes free
Post-Run: 22,631,481,344 bytes free

- - End Of File - - 47D6F019582EEFB9CBFF75B814B1652A

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:17 AM, on 2/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageWorkstation\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-21-602162358-706699826-725345543-1144\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-602162358-706699826-725345543-1144\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-602162358-706699826-725345543-1144\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (User '?')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = industrialwoodworking.com
O17 - HKLM\Software\..\Telephony: DomainName = industrialwoodworking.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA150BE2-D9D8-40D7-B632-CD5FF5C4EA10}: NameServer = 192.168.1.4,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = industrialwoodworking.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = industrialwoodworking.com
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10675 bytes

4 Apprentice

 • 

20.5K Posts

February 9th, 2010 06:00

Did you disable Norton before running ComboFix?

Your Java is showing older versions still installed. Older versions have vulnerabilities that malware can use to infect your system.  Please follow these steps to remove older versions: 

  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • You will remove these:
  • J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 2

Leave Java(TM) 6 Update 18 as is. That is the most recent version.

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each of the Java versions.
    Close Add/Remove.

  • * In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders for those old versions.
    * Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
  • Reboot your computer once all Java components are removed.

Following that please run an online virus scan by Kaspersky from HERE.

  • 1. At the main page. Press on " Accept". After reading the contents.
    2. At the next window Select Update. Allow the Database to update.
    Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
    3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
    4. Select Scan Report.
    5. If any threats were found they will appear in the report
    6. Select "Save error report as"
    Then in the file name just type in kaspersky
    Under "save as type" select text .txt
    Save it to your Desktop.

Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well. Let me know how things are running.

20 Posts

February 9th, 2010 08:00

Just to keep things interesting we had a power outage last week and a couple of computers, this one included, are taking about  15 minutes to complete a login. I haven't let it sit for hours but it seems to lock up when shutting down too.

I will be removing Java and running Kaspersky as soon as it boots up.

20 Posts

February 9th, 2010 08:00

I spoke too soon,

The axwin error is back

20 Posts

February 9th, 2010 08:00

When i restarted the machine it instructed me to change the windows configuration application to a normal boot procedure which i did

it was after this that the computer shut down in a reasonable amount of time.

Restart was closer to 10 than 15 minutes and at this point the axwin error has not returned.

it will not, however, let me uninstall anything.

I get an error telling me that the windows installer could not be accessed.

It is not in safe mode so i can only assume that the installer is screwed up for some reason

20 Posts

February 9th, 2010 08:00

Update: on the last restart it shut down in a reasonable amount of time but startup is still taking approximately 15 minutes.

4 Apprentice

 • 

20.5K Posts

February 9th, 2010 09:00

The fact that you had power issues, and because you have apparently used Advanced SystemCare on there in the past, we may not be able to fix everything, but  let me know what you get from Kaspersky and we'll take it from there,

20 Posts

February 10th, 2010 03:00

Here's the Kaspersky log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Wednesday, February 10, 2010
 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Tuesday, February 09, 2010 19:18:59
 Records in database: 3458112
--------------------------------------------------------------------------------

Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

Scan area - My Computer:
    C:\
    D:\
    O:\
    R:\
    S:\

Scan statistics:
    Objects scanned: 193279
    Threats found: 10
    Infected objects found: 74
    Suspicious objects found: 0
    Scan duration: 14:01:15


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00210345.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01B50908.exe    Infected: not-a-virus:AdWare.Win32.WeirWeb.c    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\025946E8.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08E64A27.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BB13F44.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BB13F44.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CCA1B01.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E813B79.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0EC83AF1.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FC70AE9.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10061C23.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10C75AE1.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17266E1E.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17417B43.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AA9300A.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E47401A.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22D23741.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26D2249B.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E627340.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32FA192B.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38512B79.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A19212B.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A297319.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A2C1D15.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A304712.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A33710E.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A33710E.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A361B0A.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A361B0A.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A3A4507.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A3D6F03.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A401900.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A4342FC.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A476CF8.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A4A16F5.IE5    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A4A16F5.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A4D40F1.exe    Infected: not-a-virus:AdWare.Win32.WeirWeb.k    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A592546.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F717D75.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\458E0015.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45E96145.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45E96145.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46914F71.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D4902FD.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F4822ED.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\504772E5.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\514642DC.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51791D43.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51B774A6.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52951F68.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53291F3C.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53BD1F10.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54511EE4.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55791E8C.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57341E08.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57C81DDC.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BB1516D.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D0A5942.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DDF6936.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\609B3AD0.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67BB0CCC.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\689A1540.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EDC5EC8.exe    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EDC5EC8.tmp    Infected: Backdoor.Win32.Agent.so    1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76305258.tmp    Infected: Backdoor.Win32.Agent.so    1
R:\biotec\cnc1backup3_24_05\Program Files\Norton AntiVirus\Quarantine\16A35D8C.exe    Infected: Trojan.Win32.StartPage.kp    1
R:\biotec\cnc1backup3_24_05\Program Files\Norton AntiVirus\Quarantine\1CD55102.exe    Infected: Trojan-Downloader.Win32.Tooncom.i    1
R:\biotec\cnc1backup3_24_05\Program Files\Norton AntiVirus\Quarantine\1D0C1AC5.exe    Infected: Trojan-Downloader.Win32.Tooncom.i    1
R:\biotec\cnc1backup3_24_05\Program Files\Norton AntiVirus\Quarantine\1D1044C1.exe    Infected: Trojan-Downloader.Win32.Tooncom.f    1
R:\biotec\cnc1backup3_24_05\Program Files\Norton AntiVirus\Quarantine\1D1618BA.exe    Infected: Trojan.Win32.StartPage.ck    1
R:\biotec\cnc1backup3_24_05\Program Files\Norton AntiVirus\Quarantine\28F2723A.exe    Infected: Trojan.Win32.Small.bm    1
R:\biotec\cnc1backup3_24_05\Program Files\Norton AntiVirus\Quarantine\44621E78.exe    Infected: Trojan-Dropper.Win32.Delf.z    1
R:\biotec\cnc1backup3_24_05\Program Files\Norton AntiVirus\Quarantine\44654874.exe    Infected: Trojan-Dropper.Win32.Delf.z    1
R:\biotec\cnc1backup3_24_05\Program Files\Norton AntiVirus\Quarantine\49A94623.exe    Infected: Trojan-Dropper.Win32.Small.cu    1

Selected area has been scanned.

No Events found!

Top