Videoonlineforfree totalsecure2009 [Archive] - The PC Guide Discussion Forums

View Full Version : Videoonlineforfree totalsecure2009

nicky

10-22-2008, 11:43 PM

You need to get a firewall on this thing and then you can look at the processes one at a time....
Hi Victor Frankl
I have the above malware problem with the videoonlinefor free popping up when in file manager and explorer. i followed uyour advice and here is the ,long i got. Please can you help?
ComboFix 08-10-22.02 - Nicola 2008-10-22 19:36:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1464 [GMT -6:00]
Running from: C:\Documents and Settings\Nicola\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\k.txt

.
((((((((((((((((((((((((( Files Created from 2008-09-23 to 2008-10-23 )))))))))))))))))))))))))))))))
.

2008-10-22 18:56 . 2008-10-22 18:56 7,478,208 --a------ C:\windows-kb890830-v2.3.exe
2008-10-21 22:09 . 2008-10-21 22:09 <DIR> d-------- C:\Autoruns
2008-10-21 21:57 . 2008-10-15 09:25 644,976 --a------ C:\autoruns.exe
2008-10-21 21:57 . 2008-10-15 09:25 538,480 --a------ C:\autorunsc.exe
2008-10-21 21:57 . 2008-08-20 14:18 48,986 --a------ C:\autoruns.chm
2008-10-21 21:56 . 2008-10-21 21:58 575,124 --a------ C:\Autoruns.zip
2008-10-19 20:18 . 2008-10-19 20:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-19 14:26 . 2008-10-19 14:26 57,344 --a------ C:\WINDOWS\system32\gopfa.dll
2008-10-18 18:36 . 2008-10-18 18:36 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\WINDOWS\Sun
2008-10-17 21:17 . 2007-05-22 17:39 61,555 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-10-17 21:16 . 2008-10-17 21:17 <DIR> d-------- C:\Program Files\Java
2008-10-17 21:16 . 2008-10-17 21:16 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-17 21:06 . 2008-10-17 21:06 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Nero
2008-10-17 20:26 . 2008-10-21 21:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-10-17 19:49 . 2008-10-17 19:49 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-10-17 19:48 . 2008-10-17 19:48 <DIR> d-------- C:\Documents and Settings\Nicola\Application Data\Nero
2008-10-17 19:46 . 2008-10-17 19:46 <DIR> d-------- C:\Program Files\Nero
2008-10-17 19:46 . 2008-10-17 19:47 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-10-17 19:46 . 2008-10-17 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-10-16 08:49 . 2008-09-15 06:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 08:49 . 2008-09-08 04:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 08:48 . 2008-08-14 04:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 08:48 . 2008-08-14 04:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 08:48 . 2008-08-14 03:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 08:48 . 2008-08-14 03:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 16:27 . 2008-10-15 16:59 <DIR> d-------- C:\Documents and Settings\Nicola\Application Data\U3
2008-10-08 21:10 . 2008-10-08 21:10 <DIR> d-------- C:\Documents and Settings\Nicola\Application Data\AVS4YOU
2008-10-08 20:13 . 2008-10-08 20:13 <DIR> d-------- C:\Program Files\LG Software Innovations
2008-10-08 20:13 . 2008-10-08 20:13 <DIR> d-------- C:\Documents and Settings\Nicola\Application Data\Vso
2008-10-08 20:13 . 2008-10-08 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-10-08 20:13 . 2008-10-08 20:13 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-10-08 20:13 . 2008-10-08 20:13 47,360 --a------ C:\Documents and Settings\Nicola\Application Data\pcouffin.sys
2008-10-08 19:41 . 2008-10-08 19:41 <DIR> d-------- C:\Program Files\THQ
2008-10-08 14:58 . 2008-10-08 14:58 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-10-08 14:58 . 2008-10-22 19:37 <DIR> d-------- C:\Documents and Settings\Nicola\Application Data\Skype
2008-10-07 21:43 . 2008-10-07 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ten Thumbs Typing Tutor
2008-10-07 21:42 . 2008-10-07 21:43 <DIR> d-------- C:\Program Files\Ten Thumbs Typing Tutor 4.7
2008-10-06 22:29 . 2008-10-08 20:02 <DIR> d-------- C:\Documents and Settings\Nicola\Application Data\dvdcss
2008-10-06 18:54 . 2008-10-06 18:54 <DIR> d-------- C:\Documents and Settings\Nicola\Application Data\Creative
2008-10-06 18:45 . 2008-10-06 18:47 <DIR> d-------- C:\Documents and Settings\Satish\Downloads
2008-10-06 00:33 . 2008-10-06 00:33 <DIR> d-------- C:\Documents and Settings\Sophie
2008-10-05 22:57 . 2008-10-21 21:36 <DIR> d-------- C:\Downloads
2008-10-05 22:45 . 2008-10-21 22:04 <DIR> d-------- C:\Program Files\FlashGet
2008-10-05 17:40 . 2008-10-05 17:40 <DIR> d-------- C:\Documents and Settings\Nicola\Application Data\vlc
2008-10-05 15:07 . 2008-10-05 16:07 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Skype
2008-10-05 14:47 . 2008-10-08 14:58 <DIR> d-------- C:\Program Files\Skype
2008-10-05 14:45 . 2003-06-13 00:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-10-05 14:43 . 2008-04-13 18:12 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-10-05 14:43 . 2008-04-13 18:12 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-10-05 14:43 . 2008-04-13 18:12 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-10-05 14:43 . 2008-04-13 18:12 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-10-05 14:43 . 2008-04-13 18:12 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-10-05 14:43 . 2008-04-13 18:12 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-10-05 14:43 . 2008-04-13 18:12 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-10-05 14:43 . 2008-04-13 18:12 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-10-05 14:41 . 2008-10-05 14:43 <DIR> d-------- C:\Program Files\SightSpeed
2008-10-05 14:41 . 2003-03-18 23:19 1,060,864 --------- C:\WINDOWS\system32\MFC71.DLL
2008-10-05 14:41 . 2003-03-18 06:14 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2008-10-05 14:41 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-10-05 14:40 . 2008-10-06 18:54 <DIR> d-------- C:\Program Files\Creative
2008-10-04 20:22 . 2008-10-04 20:22 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-04 19:12 . 2008-10-04 19:12 <DIR> d-------- C:\Documents and Settings\Olivia\Application Data\Apple Computer
2008-10-04 18:56 . 2008-10-04 18:56 <DIR> d-------- C:\Documents and Settings\Nicola\Application Data\Leadertech
2008-10-04 11:53 . 2008-10-04 11:53 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-10-03 22:08 . 2008-10-03 22:08 <DIR> d--hs---- C:\Documents and Settings\Olivia\PrivacIE
2008-10-02 21:28 . 2008-10-02 21:28 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-10-02 21:27 . 2008-10-04 19:10 <DIR> d-------- C:\Documents and Settings\Olivia\Application Data\U3
2008-10-02 20:39 . 2008-10-22 19:20 <DIR> d-------- C:\Documents and Settings\Nicola\Application Data\skypePM
2008-10-02 20:39 . 2008-10-02 20:39 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-02 11:37 . 2008-10-08 14:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-02 10:57 . 2008-10-02 10:57 <DIR> d--------

nicky

10-22-2008, 11:47 PM

Hi Victor Frankl
Here is the rest of the log

2008-10-01 22:57 . 2008-10-01 22:57 <DIR> d-------- C:\Program Files\iTunes
2008-10-01 22:57 . 2008-10-01 22:57 <DIR> d-------- C:\Program Files\iPod
2008-10-01 22:57 . 2008-10-01 22:57 <DIR> d-------- C:\Program Files\Bonjour
2008-10-01 22:57 . 2008-10-14 09:39 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\Apple Computer
2008-10-01 22:57 . 2008-10-01 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 22:57 . 2008-04-17 14:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-10-01 22:57 . 2008-04-17 14:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-10-01 22:56 . 2008-10-01 22:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-01 22:56 . 2008-10-01 22:57 <DIR> d-------- C:\Program Files\QuickTime
2008-10-01 22:56 . 2008-10-01 22:56 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-10-01 22:56 . 2008-10-01 22:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-01 22:56 . 2008-10-01 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-01 22:56 . 2008-10-01 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-10-01 22:56 . 2008-09-10 17:45 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-10-01 22:29 . 2008-10-01 22:31 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\vlc
2008-10-01 22:28 . 2008-10-01 22:28 <DIR> d-------- C:\Program Files\VideoLAN
2008-10-01 22:00 . 2004-11-25 06:07 79,679 --a------ C:\WINDOWS\system32\E_FLMADA.DLL
2008-10-01 22:00 . 2003-05-21 03:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBADA.DLL
2008-10-01 22:00 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHADA.DLL
2008-10-01 22:00 . 2008-04-13 12:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-01 22:00 . 2008-04-13 12:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-01 21:50 . 2008-10-01 22:00 <DIR> d-------- C:\Program Files\epson
2008-10-01 21:50 . 2008-10-01 22:00 <DIR> d-------- C:\EPSON
2008-10-01 21:50 . 2005-02-25 01:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-10-01 21:50 . 2005-02-25 01:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2008-10-01 21:50 . 2005-02-25 01:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2008-10-01 21:46 . 2008-10-01 21:46 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-01 21:45 . 2008-10-04 11:53 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-01 21:32 . 2008-10-01 21:32 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\AVS4YOU
2008-10-01 21:32 . 2008-10-01 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-10-01 21:31 . 2008-10-01 21:31 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-10-01 21:31 . 2008-10-01 21:31 <DIR> d-------- C:\Program Files\AVS4YOU
2008-10-01 21:31 . 2003-02-21 07:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-10-01 21:31 . 2003-05-21 14:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-10-01 21:21 . 2008-10-01 21:21 <DIR> d-------- C:\Program Files\Red Kawa
2008-10-01 21:21 . 2008-10-01 21:21 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-10-01 21:17 . 2008-10-01 21:17 <DIR> d-------- C:\Program Files\7-Zip
2008-10-01 21:10 . 2008-10-18 22:18 <DIR> d-------- C:\Program Files\7-ZipPortable
2008-09-29 22:19 . 2008-09-02 19:16 1,193,218 --a------ C:\Program Files\7-Zip Portable Extractor.exe
2008-09-29 21:55 . 2008-09-29 22:05 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\UseNeXT
2008-09-29 21:36 . 2008-09-29 21:36 <DIR> d-------- C:\Program Files\uTorrent
2008-09-29 21:36 . 2008-10-05 20:42 <DIR> d-------- C:\Documents and Settings\Satish\Application Data\uTorrent
2008-09-29 21:28 . 2008-09-29 21:28 <DIR> d-------- C:\Program Files\Google
2008-09-29 16:57 . 2008-09-29 16:57 <DIR> d--hs---- C:\Documents and Settings\Satish\PrivacIE
2008-09-29 16:03 . 2008-09-29 16:03 <DIR> d--hs---- C:\Documents and Settings\Nicola\PrivacIE
2008-09-29 15:53 . 2008-09-29 15:53 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-29 15:35 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-09-29 15:34 . 2008-09-29 15:34 <DIR> d-------- C:\Program Files\MSBuild
2008-09-29 15:34 . 2008-09-29 15:34 <DIR> d-------- C:\Program Files\Microsoft Works
2008-09-29 15:33 . 2008-09-29 15:33 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-29 15:31 . 2008-09-29 15:31 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-29 15:31 . 2008-09-29 15:31 <DIR> dr-h----- C:\MSOCache
2008-09-29 15:31 . 2008-09-29 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-29 15:46 --------- d-----w C:\Program Files\RGB
2008-09-29 15:45 --------- d-----w C:\Program Files\GemMaster
2008-09-29 15:45 --------- d-----w C:\Program Files\ESPNMotion
2008-09-29 15:45 --------- d-----w C:\Program Files\EnglishOtto
2008-09-29 15:45 --------- d-----w C:\Program Files\DIGStream
2008-09-29 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-09-29 15:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-29 15:20 --------- d-----w C:\Program Files\Windows Plus
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-22 10:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 10:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 10:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 10:06 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-22 10:06 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-22 10:06 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-22 10:05 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 10:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 10:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 10:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 09:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-06 00:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ECB8E85-7A9E-4175-8113-1136D1A325DB}]
2008-10-19 14:26 57344 --a------ C:\WINDOWS\system32\gopfa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 143360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 7323648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 71328]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-10-22 70840]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"EPSON Stylus CX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DA.EXE" [2005-02-02 98304]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe" [2007-05-22 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472]

C:\Documents and Settings\Nicola\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

Thx
Nicky

nicky

10-22-2008, 11:48 PM

and the last bit

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472]

C:\Documents and Settings\Nicola\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V023 0Vfx.sys [2006-03-23 6272]
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-07-24 498464]
.
Contents of the 'Scheduled Tasks' folder

2008-10-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-10-22 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Nicola.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE [2003-12-04 19:22]

2008-10-18 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 19:22]

2008-10-23 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]

2008-10-23 C:\WINDOWS\Tasks\User_Feed_Synchronization-{61A1A0F1-57B9-47D6-A220-2339D0A125FC}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 04:05]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.timesonline.co.uk/
O8 -: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 -: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-10-22 19:37:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-10-22 19:38:31
ComboFix-quarantined-files.txt 2008-10-23 01:38:28
ComboFix2.txt 2008-10-23 01:25:51

Pre-Run: 456,391,872,512 bytes free
Post-Run: 456,389,918,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

268 --- E O F --- 2008-10-19 00:36:05

classicsoftware

10-23-2008, 09:23 AM

First:

How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.[/QUOTE]

Second:

IN THE ORDER LISTED BELOW

Re-boot the system
Post the MBAM log
Post a new HJT log
Tell us how the system is running.