Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with trojan JS/Dursg.A. Help Please !!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby anvosm » August 24th, 2010, 11:00 pm

Good Evening

SystemLook: done
ComboFix: done
Logs posted below

I did not encounter any problems, there was no need to run windpws in the safe mode, comboFix worked right away.
I disabled my anti-virus, but could not find a CA Personal Firewall, do you think I have one on my computer. I checked a few times and couldn't find it anywhere.
Thank you, I will wait for further instructions.

Anne



SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:12 on 24/08/2010 by DEFAULT (Administrator - Elevation successful)

========== filefind ==========

Searching for "KmxAMVet.sys"
C:\WINDOWS\system32\drivers\KmxAMVet.sys --a--- 598656 bytes [20:27 27/03/2009] [20:27 27/03/2009] 041B29C8E3BED6E833ADE367ECFA51F9

========== dir ==========

C:\WINDOWS\sysguard - Unable to find folder.

========== file ==========

C:\WINDOWS\ieguard.dll - Unable to find/read file.

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D032570A-5F63-4812-A094-87D007C23012}]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ieguard.TIEAdvBHO]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sysguard]
(Unable to open key - key not found)

[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}]
(No values found)

[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device]


[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}]
(No values found)

[HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device]


[HKEY_CURRENT_USER\Software\Microsoft\Multimedia\ActiveMovie]
(Unable to open key - key not found)

[HKEY_CURRENT_USER\Software\sysguard]
(Unable to open key - key not found)

-=End Of File=-



ComboFix 10-08-24.0A - DEFAULT 08/24/2010 22:36:00.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.247 [GMT -4:00]
Running from: c:\documents and settings\DEFAULT\Desktop\ComboFix.exe
AV: CA Anti-Virus Plus *On-access scanning disabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
.

((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-21 01:11 . 2010-08-21 01:11 -------- d-----w- C:\rsit
2010-08-13 12:29 . 2010-08-13 12:29 388096 ----a-r- c:\documents and settings\DEFAULT\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-13 11:21 . 2010-08-13 11:21 -------- d-----w- c:\program files\MSSOAP
2010-08-13 11:21 . 2010-08-13 11:21 -------- d-----w- c:\program files\Webroot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 04:32 . 2009-03-05 05:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-20 00:53 . 2006-08-06 19:00 16056 -c--a-w- c:\documents and settings\DEFAULT\Application Data\wklnhst.dat
2010-08-14 05:31 . 2006-08-06 17:03 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-08-09 04:21 . 2004-11-27 01:22 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-23 11:52 . 2010-06-23 11:52 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb16.tmp.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 54784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-01 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2010-04-21 1721680]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-15 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

c:\documents and settings\DEFAULT\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-8-5 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2009-03-27 20:27 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [12/23/2009 11:29 AM 132088]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/8/2009 11:02 AM 108024]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [12/23/2009 11:29 AM 78840]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [4/14/2010 12:39 AM 206160]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [8/4/2009 11:42 AM 887288]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [7/13/2009 11:39 AM 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [7/27/2009 4:40 PM 227832]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [9/30/2009 5:51 PM 239608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:00 PM 135664]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [3/27/2009 4:27 PM 598656]
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:00]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\VetRedir.dll
TCP: {CB0C6283-2840-409F-BF46-1CC7FE0F639A} = 216.252.64.75 216.252.64.76
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 22:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-568730901-4070995279-2856520603-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\UmxWnp.Dll

- - - - - - - > 'explorer.exe'(612)
c:\windows\system32\msi.dll
.
Completion time: 2010-08-24 22:47:29
ComboFix-quarantined-files.txt 2010-08-25 02:47

Pre-Run: 69,535,211,520 bytes free
Post-Run: 69,635,051,520 bytes free

- - End Of File - - 64EC4F269ADEA81B56E43D27B8E807E0
anvosm
Regular Member
 
Posts: 45
Joined: March 1st, 2009, 7:05 pm
Advertisement
Register to Remove

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby vict0r » August 26th, 2010, 7:28 am

Hi

I'm sorry about the delay.

I disabled my anti-virus, but could not find a CA Personal Firewall, do you think I have one on my computer. I checked a few times and couldn't find it anywhere.

There are several entries in the logs suggesting a CA firewall. However I'm not an expert on the software from that company. What I can see is that there seems to be a problem with the install/uninstall/upgrade of the CA security software that is/was installed on the computer. This can be the source to the confusion.

Do you remember when, how, where and which product you bought from CA? Did you buy a 1-year subscription?
You should be able to find the details in a confirmation e-mail sent from CA (Computer Associates) when you registered for the software. If you bought the software online at http://shop.ca.com/ then you should be able to log in to "My Account" there to find the details.

Did you delete the installer or is it still available (saved on your computer)?


SystemLook

This tool should still be located on the Desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    unvet32.exe
    issdm*
    
    :file
    C:\Windows\AVShlExt.dll
    C:\Windows\system32\ISafeIf.dll
    C:\Windows\system32\iSafProd.dll
    C:\Windows\system32\VetRedir.dll
    
    :dir
    C:\WINDOWS\system32\Drivers /n*vet*
    C:\Program Files\CA\eTrust EZ Armor
    %userprofile%\Start menu\Programs /n*EZ*
    %userprofile%\Start menu\Programs /n*eTrust*
    
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\Anti-Virus
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VETEBOOT
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VETEFILE
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VETFDDNT
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VET-FILT
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VETMONNT
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VETMSGNT
    HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VET-REC
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VETWIN32Vp5
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby anvosm » August 27th, 2010, 8:41 am

Hi

I found where my firewall is located, so now I can disable it if needed.
Here is my log.
I will wait to hear from you again.

Thanks, have a nice day
Anne


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:39 on 27/08/2010 by DEFAULT (Administrator - Elevation successful)

========== filefind ==========

Searching for "unvet32.exe"
No files found.

Searching for "issdm*"
No files found.

========== file ==========

C:\Windows\AVShlExt.dll - Unable to find/read file.

C:\Windows\system32\ISafeIf.dll - File found and opened.
MD5: 252910C4D998F094B59B5CA13AC3BA90
Created at 04:39 on 14/04/2010
Modified at 21:18 on 20/11/2009
Size: 128240 bytes
Attributes: --a---
FileDescription: CA ISafe Interface DLL
FileVersion: Version 9.1.0.0
ProductVersion: Version 9.1.0.0
OriginalFilename: ISafeIf.dll
InternalName: ISafeIf
ProductName: Computer Associates Antivirus
CompanyName: Computer Associates International, Inc.
LegalCopyright: © 2004 Computer Associates International, Inc.

C:\Windows\system32\iSafProd.dll - File found and opened.
MD5: CD55F9BEB3523F67943F92CBA77C6600
Created at 04:39 on 14/04/2010
Modified at 21:19 on 20/11/2009
Size: 201968 bytes
Attributes: --a---
FileDescription: CA ISafe Product DLL
FileVersion: Version 2.0.0.257
ProductVersion: Version 2.0.0.257
OriginalFilename: ISafProd.dll
InternalName: ISafeProduct
ProductName: CA Anti-Virus
CompanyName: CA, Inc.
LegalCopyright: (c) Copyright 2008 CA, Inc.

C:\Windows\system32\VetRedir.dll - File found and opened.
MD5: E30C9CE8E96BA48C40E8162FB67E03E0
Created at 04:39 on 14/04/2010
Modified at 21:18 on 20/11/2009
Size: 95472 bytes
Attributes: --a---
FileDescription: CA ISafe LSP DLL
FileVersion: Version 9.1.0.0
ProductVersion: Version 9.1.0.0
OriginalFilename: VetRedir.dll
InternalName: VetRedir
ProductName: Computer Associates Antivirus
CompanyName: Computer Associates International, Inc.
LegalCopyright: © 2004 Computer Associates International, Inc.

========== dir ==========

C:\WINDOWS\system32\Drivers - Parameters: "/n*vet*"

---Files---
KmxAMVet.sys --a--- 598656 bytes [20:27 27/03/2009] [20:27 27/03/2009]

---Folders---
disdn d----- [00:32 27/11/2004]
etc d----- [00:32 27/11/2004]

C:\Program Files\CA\eTrust EZ Armor - Unable to find folder.

C:\Documents and Settings\DEFAULT\Start menu\Programs - Parameters: "/n*EZ*"

---Files---
None found.

---Folders---
Accessories dr---- [15:11 27/11/2004]
Gmail d----- [22:58 28/07/2007]
HiJackThis d----- [12:29 13/08/2010]
Startup dr---- [15:11 27/11/2004]
WebEx Recorder & Player d----- [02:38 22/08/2007]

C:\Documents and Settings\DEFAULT\Start menu\Programs - Parameters: "/n*eTrust*"

---Files---
None found.

---Folders---
Accessories dr---- [15:11 27/11/2004]
Gmail d----- [22:58 28/07/2007]
HiJackThis d----- [12:29 13/08/2010]
Startup dr---- [15:11 27/11/2004]
WebEx Recorder & Player d----- [02:38 22/08/2007]

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\Anti-Virus]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VETEBOOT]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VETEFILE]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VETFDDNT]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VET-FILT]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VETMONNT]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VETMSGNT]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VET-REC]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VETWIN32Vp5]
(Unable to open key - key not found)

-=End Of File=-
anvosm
Regular Member
 
Posts: 45
Joined: March 1st, 2009, 7:05 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby vict0r » August 28th, 2010, 4:19 am

Will you please give me more details about the firewall? Did you find a CA Firewall? Where?


Kaspersky Online Scan

Make sure CA Antivirus is disabled and the firewall is enabled.

  • Hold down Control then click on the following link to open a new window to Kaspersky Online Scan
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan. * This will take a while. Please be patient *.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tutorial will help explain how to use the aforementioned online scan.


You can now enable CA Antivirus.


To post:
  • the Kaspersky log
  • a fresh RSIT log
  • Did any problems occur while following the instructions?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby anvosm » August 30th, 2010, 8:53 am

Good morning

Sorry for the delay, I have had a very busy weekend.
I do not have a firewall with my anti-virus program, it is with my windows xp program.

I started to download the Kaspersky Online Scan this morning before leaving for work, but it is taking very long. Therefore I will do it tonight when I return from work.

Hoping you had a good weekend

Anne
anvosm
Regular Member
 
Posts: 45
Joined: March 1st, 2009, 7:05 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby anvosm » August 30th, 2010, 10:29 pm

Hi

My internet connection is dial-up because high speed is not available where I live, so the download time for the Kaspersky Online Scan will take many hours. I had started the download and after 2.5 hours I lost my connection and had only 32% downloaded. Is there something else we can do ?

Will wait for a reply.
Thanks
Anne
anvosm
Regular Member
 
Posts: 45
Joined: March 1st, 2009, 7:05 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby vict0r » September 2nd, 2010, 4:02 am

I'm sorry for the delay.

You can skip the Kaspersky Online scan.


Upgrade the Adobe and Java installation

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect.

Uninstall Adobe Reader 9.1.1 and Java(TM) 6 Update 11 in Control panel -> Add/Remove programs.
Reboot your computer and delete this folder if still present:
C:\Program Files\Java

Download and install Java Runtime Environment (JRE) 6 Update 21 (15Mb)
Download and install Adobe Reader (50Mb), make sure that you uncheck Free McAfee® Security Scan Plus before you download. Uncheck to install any toolbars during the install.

Note: Foxit Reader (5Mb) is a smaller alternative to Adobe Reader, it uses a lot less resources. You can download the standalone version (no installation required) in the following link. http://cdn01.foxitsoftware.com/pub/foxi ... 11_enu.zip


Antivirus

Please consider using an alternative antivirus software. Our experience is that your current CA Antivirus is a resource hog. You have written earlier that your computer is quite old and slow, the logs also show that only 510Mb of memory (RAM) is installed. It would be a good idea to use a more lightweight antivirus.

Note that CA does not allow manual downloads of signature files, you can't download at work or at friend's or family's house and bring updated definitions home on a memory stick.

Two good lightweight and free antvirus software are listed below:
Avira (<< my favorite ;))
Avast

Here are the updated virus-definitions:
Avira: http://dl.antivir.de/package/fusebundle ... bundle.zip
Avast: http://files.avast.com/iavs5x/vpsupd.exe

Note: Never run more than one antivirus on a computer, it will seriously impact system performance and can lead to conflicts between the programs.


Windows update

It seems to me that the computer does not have all the important security updates released by Microsoft to fix security holes now leaving the computer wide open for reinfection. Support for Service Pack 2 (the one intalled on your computer) ended on July 13, Microsoft will no longer release security updates for it.

Please download Windows XP Service Pack 3. The download is more than 300Mb so you need to download it somewhere with high speed internet and bring it home, preferably, on a burned cd (together with any alternative antivirus and definitions).

Alternately, you could see if a friend or family member has the SP3 update on CD or order it from MS for a fee (about $14 including shipping).


Please post the following:
  • Your decision to use an alternative antivirus.
  • How you will obtain Service Pack 3 for Windows XP.
  • How is the computer running? Are there still no signs of malware?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby muppy03 » September 5th, 2010, 7:40 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum, include a fresh HijackThis log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby muppy03 » September 5th, 2010, 6:27 pm

Re-opened at users request
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby anvosm » September 5th, 2010, 6:38 pm

Thank you, i will post my results tomorrow.

I really appreciate your understanding.
Kind regards,Anne
anvosm
Regular Member
 
Posts: 45
Joined: March 1st, 2009, 7:05 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby anvosm » September 6th, 2010, 9:37 pm

Hi Good evening,

I downloaded and upgraded the Adobe and Java installation.

Antivirus: CA Antivirus is a resource hog !!! oh my, I checked out Avira, is it enough for me to keep the monsters out of my computer, if you think so, I will install. I noticed on their website that they also have software that they sell, what is the difference.
I am just wondering if free software is good enough.

Windows Update, Windows XP Service Pack 3.

I clicked the link and read the following:
DO NOT CLICK DOWNLOAD IF YOU ARE UPDATING JUST ONE COMPUTER: A smaller, more appropriate download is now available on Windows Update.

So, I clicked the update and the result was that it will take me ... are you ready for this .... 43 hours to download, I think not !!! I need high speed here in the woods !!!

Is there another service pack 3 for single computers ? How can I burn a cd on another high speed computer when the update results are on mine ? so confusing.

I think the computer is running better, no signs of malware right now.

I will wait to hear from you again, have a nice evening.

Anne
anvosm
Regular Member
 
Posts: 45
Joined: March 1st, 2009, 7:05 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby vict0r » September 7th, 2010, 8:51 am

Hi

Please note that there is no antivirus solution that will keep your computer completely safe, however Avira Personal is a good free choice. I recommend that you try the free version of Avira before you consider buying the premium version.

The alternate download of Service Pack 3 using Windows Update is still very large and will probably last for about 15 hours (or more) with your dialup connection. The best solution for you is to see if a friend or family member can help with the download and burning a cd for you. This is valid even if the page say not to download if updating only one computer. The service pack must be downloaded with a high speed internet connection. As an alternative, you can always order the service pack on cd from MS.

As a final check, please scan your computer again with RSIT and post the logs. There is no need to wait until you have obtained a cd with the service pack.


RSIT (Random's System Information Tool)

  • Click Start then Run
  • Copy/paste the following line into the run box & click OK:
    "%userprofile%\desktop\rsit.exe" /info
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt <<will be maximized and info.txt <<will be minimized
  • Copy & paste the contents of both logs in your next reply
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby anvosm » September 8th, 2010, 11:40 pm

Hi again,

So, I have decided to oder the CD, too much hassle waiting for someone to copy it for me.
I will also change my anti-virus program this weekend, I will try the free version of Avira and see what it is like.

Here are the logs you requested.

Thanks
Will wait for further instructions
Anne

Logfile of random's system information tool 1.08 (written by random/random)
Run by DEFAULT at 2010-09-08 23:35:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 65 GB (86%) free of 76 GB
Total RAM: 510 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:35:55 PM, on 9/8/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DEFAULT\desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\DEFAULT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB0C6283-2840-409F-BF46-1CC7FE0F639A}: NameServer = 216.252.64.75 216.252.64.76
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 7709 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-08-17 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-02 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-04-24 54784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\casc.exe [2010-08-30 1721680]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-06 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-15 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Documents and Settings\DEFAULT\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2009-03-27 79368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-02 21:31:33 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-09-02 21:31:32 ----D---- C:\Program Files\Common Files\Java
2010-09-02 21:31:08 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-02 21:31:08 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-02 21:31:08 ----A---- C:\WINDOWS\system32\java.exe
2010-09-02 21:31:08 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-09-02 21:30:30 ----D---- C:\Program Files\Java
2010-08-28 17:09:14 ----SHD---- C:\RECYCLER
2010-08-24 22:47:30 ----A---- C:\ComboFix.txt
2010-08-24 22:34:48 ----A---- C:\WINDOWS\zip.exe
2010-08-24 22:34:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-24 22:34:48 ----A---- C:\WINDOWS\SWSC.exe
2010-08-24 22:34:48 ----A---- C:\WINDOWS\SWREG.exe
2010-08-24 22:34:48 ----A---- C:\WINDOWS\sed.exe
2010-08-24 22:34:48 ----A---- C:\WINDOWS\PEV.exe
2010-08-24 22:34:48 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-24 22:34:48 ----A---- C:\WINDOWS\MBR.exe
2010-08-24 22:34:48 ----A---- C:\WINDOWS\grep.exe
2010-08-24 22:32:43 ----D---- C:\Qoobox
2010-08-22 00:32:12 ----A---- C:\mbam-error.txt
2010-08-20 21:11:29 ----D---- C:\rsit
2010-08-13 07:21:34 ----D---- C:\Program Files\MSSOAP
2010-08-13 07:21:09 ----D---- C:\Program Files\Webroot

======List of files/folders modified in the last 1 months======

2010-09-08 23:35:55 ----D---- C:\WINDOWS\Prefetch
2010-09-08 23:34:06 ----A---- C:\WINDOWS\ModemLog_U.S. Robotics V.92 Fax Host Int.txt
2010-09-08 22:06:28 ----D---- C:\WINDOWS\system32
2010-09-08 22:06:28 ----D---- C:\WINDOWS
2010-09-08 22:01:10 ----D---- C:\WINDOWS\temp
2010-09-08 22:01:05 ----D---- C:\WINDOWS\Registration
2010-09-08 08:57:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-06 05:33:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-09-06 05:26:49 ----SHD---- C:\WINDOWS\Installer
2010-09-06 05:26:35 ----D---- C:\Config.msi
2010-09-06 05:25:38 ----D---- C:\Program Files\Common Files\Adobe
2010-09-06 05:24:46 ----D---- C:\Program Files\Adobe
2010-09-02 21:31:32 ----D---- C:\Program Files\Common Files
2010-09-02 21:30:30 ----RD---- C:\Program Files
2010-09-02 19:53:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-24 22:46:18 ----D---- C:\WINDOWS\ERDNT
2010-08-24 22:45:05 ----A---- C:\WINDOWS\system.ini
2010-08-24 22:39:14 ----D---- C:\WINDOWS\system32\drivers
2010-08-24 22:39:14 ----D---- C:\WINDOWS\AppPatch
2010-08-22 00:51:31 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-22 00:32:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-21 18:28:21 ----HD---- C:\WINDOWS\inf
2010-08-18 19:50:47 ----SD---- C:\WINDOWS\Tasks
2010-08-14 01:31:34 ----D---- C:\Program Files\Microsoft Digital Image 2006
2010-08-13 09:34:55 ----D---- C:\Documents and Settings
2010-08-13 07:39:03 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-13 07:22:19 ----AC---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 KmxAMRT;KmxAMRT; C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys [2009-12-23 132088]
R0 KmxStart;KmxStart; C:\WINDOWS\System32\DRIVERS\kmxstart.sys [2009-06-08 108024]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-15 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-03-15 14848]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2009-12-23 78840]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-25 730092]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-15 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\USR_MDMV.sys [2005-08-08 1035008]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\USR_BSC2.sys [2005-08-08 231168]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2009-09-30 239608]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-15 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-03-15 31616]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-15 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_USR.sys [2005-08-08 729728]
S3 catchme;catchme; \??\C:\DOCUME~1\DEFAULT\LOCALS~1\Temp\catchme.sys []
S3 KmxAMVet;KmxAMVet; \??\C:\WINDOWS\system32\Drivers\KmxAMVet.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-15 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2009-11-20 212992]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2010-04-21 206160]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-02 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-08-04 887288]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-07-13 760664]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-07-27 227832]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2010-04-21 251216]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2006-03-15 14336]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-03-15 38912]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-09-08 23:36:00

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec.exe /X{166478EA-A017-43C0-BE42-7560BD5A646B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
AMRT-->MsiExec.exe /I{01A3E75B-54C0-407F-8B95-B77705C7DCC4}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
CA Anti-Virus Plus-->"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\setup\ccinstaller.exe" /u /silent /module="am"
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CanoScan LiDE 90-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412 /L0x0009
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
hp deskjet 3500-->msiexec /x{C7EC0699-D82C-4451-B701-C98C330D43AF}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet-->MsiExec.exe /I{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Macromedia Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Digital Image Standard 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Encarta Encyclopedia Standard 2006-->MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Location Finder-->MsiExec.exe /I{9D18F7F8-B984-4249-8512-CC621BC59F12}
Microsoft Money 2006-->"c:\program files\microsoft money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Streets & Trips 2006-->MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Presto! PageManager 7.15.16-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
U.S. Robotics V.92 Fax Host Int-->C:\Program Files\CONEXANT\USR_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_200114F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F30&SUBSYS_200114F1&REV_01
WebEx Record and Playback-->MsiExec.exe /I{1D243F00-1389-4C63-A7E9-B17E967D1901}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2009-03-24]
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2009-03-24]
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [2009-03-24]
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2009-03-24]
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2009-03-24]
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2009-03-24]
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2009-03-24]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-03-24]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-29]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-29]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-29]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-29]
O4 - HKCU\..\Run: [sysguard] C:\WINDOWS\sysguard.exe [2009-03-29]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [2009-03-29]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2009-03-29]
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe [2009-03-29]
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot [2009-03-29]

======Hosts File======

127.0.0.1 Localhost

======Security center information======

AV: CA Anti-Virus Plus

======System event log======

Computer Name: COMP-DEFAULT
Event Code: 10005
Message: DCOM got error "%1083" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Record Number: 210565
Source Name: DCOM
Time Written: 20100902154708.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: COMP-DEFAULT
Event Code: 7023
Message: The HID Input Service service terminated with the following error:
The specified module could not be found.


Record Number: 210563
Source Name: Service Control Manager
Time Written: 20100902154653.000000-240
Event Type: error
User:

Computer Name: COMP-DEFAULT
Event Code: 7000
Message: The Background Intelligent Transfer Service service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.


Record Number: 210557
Source Name: Service Control Manager
Time Written: 20100902085753.000000-240
Event Type: error
User:

Computer Name: COMP-DEFAULT
Event Code: 10005
Message: DCOM got error "%1083" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Record Number: 210556
Source Name: DCOM
Time Written: 20100902085753.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: COMP-DEFAULT
Event Code: 7023
Message: The HID Input Service service terminated with the following error:
The specified module could not be found.


Record Number: 210555
Source Name: Service Control Manager
Time Written: 20100902085744.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: COMP-DEFAULT
Event Code: 25
Message: Service started

Record Number: 12471
Source Name: UmxCfg
Time Written: 20100722211218.000000-240
Event Type:
User:

Computer Name: COMP-DEFAULT
Event Code: 99
Message: Sync event client C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe registration timeout

Record Number: 12470
Source Name: UmxAgent
Time Written: 20100722082733.000000-240
Event Type: error
User:

Computer Name: COMP-DEFAULT
Event Code: 88
Message: Shell is started at session 0

Record Number: 12468
Source Name: UmxAgent
Time Written: 20100722082630.000000-240
Event Type:
User:

Computer Name: COMP-DEFAULT
Event Code: 88
Message: explorer.exe started

Record Number: 12467
Source Name: UmxAgent
Time Written: 20100722082630.000000-240
Event Type:
User:

Computer Name: COMP-DEFAULT
Event Code: 88
Message: explorer.exe started

Record Number: 12466
Source Name: UmxAgent
Time Written: 20100722082630.000000-240
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;

-----------------EOF-----------------
anvosm
Regular Member
 
Posts: 45
Joined: March 1st, 2009, 7:05 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby vict0r » September 10th, 2010, 5:45 pm

Please post back one more time to confirm that you have read this post.


Uninstall ComboFix

Click on Start >> Run..., copy and paste the following line into the run box, then click OK:
ComboFix /Uninstall
Note: there's a space between "ComboFix" and "/Uninstall".


Delete the following tools

TFC is a great tool for you to keep and use on a regular basis. Please delete the following tools:

RSIT.exe
SecurityCheck.exe
rkill.com
MBAM Fix.bat
SystemLook.exe



Safely change the anti-virus

To safely change the installed anti-virus software, I recommend that you follow this procedure:

  1. Download the installer for the new anti virus. Here is the direct download link for Avira Personal
  2. Disconnect the computer from the internet/network.
  3. Uninstall the following items from Add/Remove programs:
    CA Anti-Virus Plus
    CA Internet Security Suite
  4. Reboot your computer.
  5. Then install the new AV, reboot your computer and immediately update the newly installed software (connect to the internet).

Remember to cancel any automatic renewal of the old anti-virus.


Your computer now appears to be malware free. The logs are clean. Good job!

Consider using the following programs to secure your computer further:


  • Install WinPatrol
    This is a lightweight system monitor. Download it from here and you can find information about how WinPatrol works here

  • Malwarebytes' Anti-Malware
    Update Malwarebytes Anti-Malware and perform a quick scan 1-2 times a week.

  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE.
    Download HostsXpert and unzip it to your computer, somewhere where you can find it.
    • Run HostsXpert
    • If Hosts file is Read Only, click on Make Writeable, otherwise move on to next stage.
    • Click Download button.
    • Click MVPs Hosts
    • Click Merge File
    • Press OK to download latest MVPs update and merge it with your Hosts file.
    • When finished click File Handling
    • Click Make Read Only to secure your Hosts file.
    • Close HostsXpert.


Install Windows XP Service Pack 3

Do not forget to install the service pack when you recieve the cd, then enable automatic updates for Windows XP to get the latest patches from Microsoft to fix bugs and security holes:

  • Go to Start > Control Panel > Automatic Updates
    1. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
    2. Select Download updates for me, but let me choose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
    3. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.


It is ABSOLUTELY ESSENTIAL to keep Windows, Java, Adobe and all of your security programs up to date.


Do you have any further malware related questions?
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Infected with trojan JS/Dursg.A. Help Please !!!

Unread postby vict0r » September 12th, 2010, 5:26 pm

Hi. :)

It's been nearly 2 days since my last post to you.

Was the change of anti-virus successful? Do you have any further related questions? Do you need more time?

This topic will be closed after another 24 hours without any response.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 330 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware