Combofix - where a tec was helping me dissappeared - I Could use some help...

Viruses and worms
1

I could really use a hand here…

This all started with the microsoft update of the touchscreen ps2…
I did the upgrade & that little part of it screwed up my mouse &
I did a system restore - win xp restore to put the drivers back to the ones that did work…

After I did this restore the Axel dav file starts showing up EVERYWHERE in my computer files…
Norton AV would not touch this - didn’t see it at all… Scanned using misc malware tools & nothing…

I contacted a tec at another site & the site is gone…
I was told to download combifix & run it & post the logs…
The website has dissappeared on me - I can’t access it to get the help I need…

Files deleted as follows - on the C drive:

\Registry_backups\ tcpip. reg, catchme.log, IE4 Error Log. txt . vir, & several findings in the temp folders of AXEL.DAV.vir…

In the partition holding the restore stuff for this computer D drive
Autorun. inf. vir

What will removing that autorun file do…

I have not rebooted the computer…
Please tell me I did not permenantly screw up my computer by running combofix…

Posted below are the results in the combofix log…

(Also I deleted through a file search using windows explorer every known Axel dev file I could
find on the HP a1210n computer that I ran the comboFix on before I ran it…)

Continued next post…

2

This is the log it left…

[ ComboFix 09-01-13.04 - HP_Administrator 2009-01-15 22:41:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1470.833 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\rm tools\ComboFix.exe
AV: Norton Internet Security On-access scanning disabled (Updated)
FW: Norton Internet Security enabled

  • Created a new restore point
    .((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).

c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\AXEL.DAV
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\AXEL.DAV
c:\windows\IE4 Error Log.txt
D:\Autorun.inf

Cont next post - getting truncated for too much info…

3

.((((((((((( Files Created from 2008-12-16 to 2009-01-16 ))))))))))))))))).

2009-01-15 16:28 . 2009-01-15 16:28 d-------- c:\windows\LastGood
2009-01-15 16:28 . 2009-01-15 17:06 d-------- c:\windows\BDOSCAN8
2009-01-15 09:21 . 2009-01-15 22:43 8,452,128 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-15 09:21 . 2009-01-15 09:33 2,876 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-15 09:20 . 2008-07-08 13:54 148,496 --a------ c:\windows\system32\drivers\37298023.sys
2009-01-15 08:44 . 2008-10-16 13:38 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2009-01-15 08:44 . 2007-04-17 02:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-15 08:44 . 2007-03-07 22:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-15 08:44 . 2008-10-16 13:38 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-15 08:44 . 2008-10-16 13:38 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-15 08:44 . 2008-10-16 13:38 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-01-15 08:44 . 2008-10-16 13:38 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-01-15 08:44 . 2008-10-16 13:38 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-15 08:44 . 2008-10-16 06:11 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-15 08:29 . 2009-01-15 08:29 d–h----- c:\windows\PIF
2009-01-15 08:21 . 2008-12-11 20:28 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-15 01:21 . 2009-01-15 01:21 d-------- c:\windows\system32\scripting
2009-01-15 01:21 . 2009-01-15 01:21 d-------- c:\windows\system32\en
2009-01-15 01:21 . 2009-01-15 01:21 d-------- c:\windows\system32\bits
2009-01-15 00:57 . 2008-04-13 17:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2009-01-15 00:42 . 2009-01-15 00:42 d-------- C:\Symlogs
2009-01-15 00:39 . 2009-01-15 00:39 d-------- c:\program files\Norton Support
2009-01-15 00:28 . 2009-01-15 01:17 d-------- c:\program files\Symantec
2009-01-15 00:28 . 2009-01-15 01:17 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-15 00:28 . 2009-01-15 01:17 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-15 00:28 . 2009-01-15 01:17 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-15 00:28 . 2009-01-15 01:17 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-15 00:27 . 2009-01-15 16:07 d-------- c:\windows\system32\drivers\NIS
2009-01-15 00:27 . 2009-01-15 00:27 d-------- c:\program files\Windows Sidebar
2009-01-15 00:27 . 2009-01-15 00:28 d-------- c:\program files\Norton Internet Security
2009-01-15 00:26 . 2009-01-15 00:26 d-------- c:\program files\NortonInstaller
2009-01-15 00:14 . 2009-01-15 00:14 d-------- c:\documents and settings\HP_Administrator\Application Data\Windows Search
2009-01-14 23:15 . 2009-01-14 23:15 d-------- c:\program files\MSBuild
2009-01-14 23:12 . 2009-01-14 23:34 d-------- c:\windows\system32\XPSViewer
2009-01-14 23:12 . 2009-01-14 23:12 d-------- c:\program files\Reference Assemblies
2009-01-14 23:07 . 2009-01-14 23:07 d-------- c:\windows\system32\LogFiles
2009-01-14 23:07 . 2009-01-14 23:08 d-------- c:\windows\system32\drivers\UMDF
2009-01-14 22:59 . 2006-03-20 20:23 23,040 --------- c:\windows\kb913800.exe
2009-01-14 22:27 . 2009-01-14 22:27 d-------- C:\2655930676282e458f97a16de3f0a5
2009-01-14 22:27 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-14 22:24 . 2008-04-13 11:45 46,592 --------- c:\windows\system32\drivers\irbus.sys
2009-01-14 22:24 . 2008-04-13 11:45 19,200 --------- c:\windows\system32\drivers\hidir.sys
2009-01-14 22:20 . 2009-01-15 21:49 d-------- C:\My things
2009-01-14 22:19 . 2009-01-14 22:19 d-------- c:\windows\system32\GroupPolicy
2009-01-14 22:19 . 2009-01-14 22:19 d-------- c:\documents and settings\HP_Administrator\Application Data\Windows Desktop Search
2009-01-14 22:00 . 2008-12-11 03:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-01-14 21:59 . 2008-08-14 03:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-14 21:59 . 2008-08-14 03:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-14 21:59 . 2008-08-14 02:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-14 21:59 . 2008-08-14 02:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-14 21:59 . 2008-09-15 05:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-14 21:59 . 2008-10-24 04:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-14 21:59 . 2008-10-15 09:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-14 21:59 . 2008-10-23 05:36 286,720 --------- c:\windows\system32\dllcache\gdi32.dll
2009-01-14 21:56 . 2007-03-23 06:07 1,683,280 --------- c:\windows\system32\XpsSvcs.dll
2009-01-14 21:56 . 2007-03-23 06:07 1,683,280 --------- c:\windows\system32\dllcache\XpsSvcs.dll
2009-01-14 21:56 . 2008-04-13 17:12 712,704 --------- c:\windows\system32\windowscodecs.dll

cont next post

4

2009-01-14 21:56 . 2007-03-22 20:25 677,376 --------- c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe
2009-01-14 21:56 . 2007-03-23 06:07 583,504 --------- c:\windows\system32\XPSSHHDR.dll
2009-01-14 21:56 . 2007-03-23 06:07 583,504 --------- c:\windows\system32\dllcache\XPSSHHDR.dll
2009-01-14 21:56 . 2008-04-13 17:12 412,160 --------- c:\windows\system32\photometadatahandler.dll
2009-01-14 21:56 . 2008-04-13 17:12 346,112 --------- c:\windows\system32\windowscodecsext.dll
2009-01-14 21:56 . 2008-04-13 17:12 276,992 --------- c:\windows\system32\wmphoto.dll
2009-01-14 21:56 . 2007-03-22 20:25 124,928 --------- c:\windows\system32\prntvpt.dll
2009-01-14 21:56 . 2007-03-22 20:24 28,160 --------- c:\windows\system32\dllcache\FilterPipelinePrintProc.dll
2009-01-14 21:53 . 2008-04-11 12:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-14 21:53 . 2008-07-07 13:26 253,952 --------- c:\windows\system32\dllcache\es.dll
2009-01-14 21:53 . 2008-06-24 09:43 74,240 --------- c:\windows\system32\dllcache\mscms.dll
2009-01-14 21:52 . 2008-05-06 22:12 1,288,192 --------- c:\windows\system32\dllcache\quartz.dll
2009-01-14 21:52 . 2008-06-20 04:51 361,600 --------- c:\windows\system32\dllcache\tcpip.sys
2009-01-14 21:52 . 2008-06-13 04:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-01-14 21:52 . 2008-06-13 04:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-01-14 21:52 . 2008-06-20 10:46 245,248 --------- c:\windows\system32\dllcache\mswsock.dll
2009-01-14 21:52 . 2008-06-20 04:08 225,856 --------- c:\windows\system32\dllcache\tcpip6.sys
2009-01-14 21:52 . 2008-05-08 07:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-01-14 21:52 . 2008-06-20 10:46 147,968 --------- c:\windows\system32\dllcache\dnsapi.dll
2009-01-14 21:52 . 2008-08-14 03:04 138,496 --------- c:\windows\system32\dllcache\afd.sys
2009-01-14 21:48 . 2008-04-13 17:12 28,672 --------- c:\windows\system32\verclsid.exe
2009-01-14 21:46 . 2005-10-28 23:49 151,552 --------- c:\windows\system32\ifxcardm.dll
2009-01-14 21:46 . 2005-10-28 23:49 133,120 --------- c:\windows\system32\axaltocm.dll
2009-01-14 21:46 . 2005-10-28 16:40 96,792 --------- c:\windows\system32\basecsp.dll
2009-01-14 21:46 . 2005-10-28 23:49 84,480 --------- c:\windows\system32\pintool.exe
2009-01-14 21:46 . 2005-10-28 23:49 25,600 --------- c:\windows\system32\bcsprsrc.dll
2009-01-14 21:37 . 2009-01-14 21:37 d—s---- c:\documents and settings\HP_Administrator\UserData
2009-01-14 21:29 . 2001-08-20 05:49 6,334 -ra------ c:\windows\system32\DevMngr.vxd
2009-01-14 21:26 . 2009-01-15 21:49 d-------- c:\documents and settings\HP_Administrator\WINDOWS
2009-01-14 21:26 . 2009-01-15 22:35 d-------- c:\documents and settings\HP_Administrator\Application Data\Symantec
2009-01-14 21:26 . 2009-01-15 22:35 d-------- c:\documents and settings\HP_Administrator\Application Data\SampleView
2009-01-14 21:26 . 2009-01-15 22:35 d-------- c:\documents and settings\HP_Administrator\Application Data\Intuit
2009-01-14 21:26 . 2009-01-15 22:35 d-------- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-01-14 21:26 . 2009-01-15 22:32 d-------- c:\documents and settings\HP_Administrator
2009-01-14 21:18 . 2004-10-25 15:17 90,112 --a------ c:\windows\system32\ps2.EXE
2009-01-14 21:14 . 2009-01-15 21:52 d-------- c:\windows\system32\config\systemprofile\WINDOWS
2009-01-14 21:00 . 2009-01-15 21:49 d-------- c:\windows\WinSxS
2009-01-14 20:58 . 2009-01-15 21:49 d-------- c:\windows\system32\URTTemp
2009-01-14 20:58 . 2009-01-15 21:49 d-------- c:\windows\system32\ShellExt
2009-01-14 20:58 . 2009-01-15 21:49 d-------- c:\windows\system32\Setup
2009-01-14 20:58 . 2009-01-15 21:49 d-------- c:\windows\system32\Restore
2009-01-14 20:58 . 2009-01-15 16:07 dr-hs---- c:\windows\system32\dllcache
2009-01-14 20:58 . 2009-01-15 21:49 d-------- c:\windows\system32\config
2009-01-14 20:46 . 2009-01-14 20:32 248 --a------ c:\windows\system\hpsysdrv.dat.oth
2009-01-14 20:08 . 2007-08-13 18:52 66,048 --a------ c:\windows\ieResetIcons.exe
2009-01-14 19:00 . 2009-01-14 19:00 d-------- C:\5da3e8901d0406746219036105f3
2009-01-14 18:45 . 2009-01-14 18:45 d-------- c:\program files\MSXML 6.0
2009-01-14 14:45 . 2009-01-14 17:35 d-------- c:\documents and settings\Administrator\Contacts
2009-01-14 14:44 . 2009-01-14 14:44 d-------- c:\program files\MSN Messenger
2009-01-14 13:18 . 2009-01-14 13:18 d—s---- c:\documents and settings\Administrator\UserData
2009-01-14 13:02 . 2009-01-14 13:02 d-------- c:\program files\Microsoft
2009-01-14 13:00 . 2009-01-14 22:07 d-------- c:\documents and settings\HP_Administrator.ROSIE
2009-01-14 12:37 . 2009-01-15 22:35 dr-h----- C:\MSOCache
2009-01-14 12:04 . 2009-01-14 12:04 d-------- c:\program files\Labtec
2009-01-05 05:48 . 2009-01-05 05:48 d-------- c:\program files\Sony
2009-01-05 05:47 . 2009-01-06 06:53 d-------- c:\program files\StarWarsGalaxies
2008-12-25 13:58 . 2008-12-25 13:58 dr------- c:\documents and settings\HP_Administrator\Application Data\Brother
2008-12-25 13:43 . 2008-12-25 13:43 209 --a------ c:\windows\Brpfx04a.ini
2008-12-25 13:43 . 2008-12-25 13:43 92 --a------ c:\windows\brpcfx.ini
2008-12-25 13:43 . 2008-12-25 13:43 52 --a------ c:\windows\BRPP2KA.INI
2008-12-25 13:42 . 2008-12-25 13:42 d-------- c:\program files\Brother
2008-12-25 13:42 . 2008-12-25 13:42 d-------- C:\Brother
2008-12-25 13:42 . 2004-12-10 16:35 147,456 --a------ c:\windows\brunin03.dll
2008-12-25 13:42 . 2001-11-15 01:00 6,224 --------- c:\windows\CVRPAGE.BMP
2008-12-25 13:42 . 2003-11-28 18:57 0 --a------ c:\windows\brdfxspd.dat
2008-12-25 13:38 . 2008-12-25 13:38 d-------- c:\documents and settings\All Users\Application Data\Brother
2008-12-25 13:35 . 2009-01-11 06:06 426 --a------ c:\windows\BRWMARK.INI

cont next post

5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-16 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-01-16 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\SBSI
2009-01-16 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-01-16 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-01-16 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-16 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-01-16 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-16 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-16 05:35 --------- d-----w c:\documents and settings\Administrator\Application Data\SampleView
2009-01-16 05:35 --------- d-----w c:\documents and settings\Administrator\Application Data\Intuit
2009-01-16 05:35 --------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-01-15 08:25 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-01-15 08:25 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-01-15 08:25 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-01-15 08:25 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-01-15 08:25 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-01-15 08:25 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-01-15 08:25 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-01-15 08:25 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-01-15 07:27 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-01-15 07:26 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-15 07:00 --------- d-----w c:\documents and settings\Administrator\Application Data\Symantec
2009-01-14 02:52 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-02 13:05 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2008-11-27 18:47 10,240 ----a-w c:\windows\system32\RtNicProp32.dll
2008-11-14 05:52 105,168 ----a-w c:\windows\NSUninst.exe
2008-11-14 05:51 105,168 ----a-w c:\windows\GREUninstall.exe
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-17 09:08 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
1998-12-09 00:53 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 00:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 00:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 00:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 00:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL
1998-12-09 00:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL
.

cont next post

6

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“c:\windows\ehome\ehtray.exe” [2005-08-05 64512]
“HPHUPD08”=“c:\program files\HP\Digital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe” [2005-06-01 49152]
“PCDrProfiler”=“c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe” [2005-05-10 53248]
“SetDefaultPrinter”=“c:\hp\bin\cloaker.exe” [1999-11-07 27136]
“HPBootOp”=“c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe” [2005-02-25 245760]
“BJCFD”=“c:\program files\BroadJump\Client Foundation\CFD.exe” [2002-09-10 368706]
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2005-08-22 180269]
“SMSERIAL”=“sm56hlpr.exe” [2005-01-24 c:\windows\sm56hlpr.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS → \SystemRoot\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-15 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-15 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090115.001\IDSxpx86.sys [2009-01-15 274808]
R1 is-HC1Q9drv;is-HC1Q9drv;c:\windows\system32\drivers\37298023.sys [2009-01-15 148496]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-15 99376]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-15 115560]

cont next post

7

— Other Services/Drivers In Memory —

NewlyCreated - IDSVC
.
Contents of the ‘Scheduled Tasks’ folder

2009-01-14 c:\windows\Tasks\Easy Internet Sign-up.job

  • c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 16:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://beta.mytelus.com/telusen/portal/index.aspx
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
    .

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 22:43:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
“ImagePath”=“"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll" /prefetch:1”
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2617419569-4189967179-3388199215-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

              • ‘winlogon.exe’(1004)
                c:\windows\system32\Ati2evxx.dll
                .
                Completion time: 2009-01-15 22:45:17
                ComboFix-quarantined-files.txt 2009-01-16 05:45:15

Pre-Run: 145,329,790,976 bytes free
Post-Run: 145,619,677,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=“Windows XP Media Center Edition” /noexecute=optin /fastdetect

299

end of log…

8

Is this what it should have done, is my computer going to continue to function or did I screw it up…

Please - can someone assist with this… The tec that I was dealing with - their server on their site
crashed & I have no one else to ask… The website isn’t there…

Kat…

9

The Axel Davis virus what Trend Micro calls it VBS_Redlof.A.

Some others say it’s a rootkit, some others say it’s legit.

The .dav extension stands for Distributed Authoring and Versioning.

And I would suggest removing Symantec and install Avast!.

10

:slight_smile: Hi :

In case JTaylor was not clear enough, this is the Avast Antivirus Support
Forums; to assist users of Avast Antivirus, not Norton . Hopefully the Info
provided by JTaylor will all that will be forthcoming on this forum unless you
completely remove the Norton program, including use of the “Norton Removal
Tool” found on several Sites and the subsequent installation of Avast .

11

I the case you want protection and support from avast…

  1. Remove NAV or Norton 360 through Add/Remove programs from Control Panel. Boot.
  2. Use Norton Removal Tool for Windows 2000/XP/Vista or Norton Removal Tool for Windows 98/Me. Boot.
  3. Install avast! (or repair the installation) and boot.

The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.