Windows Security System Virus

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 12:51 on 21/12/2009 by Babetribute (Administrator - Elevation successful)

========== filefind ==========

Searching for "proquota.exe"
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\proquota.exe --a--- 50176 bytes [06:37 01/09/2008] [00:12 14/04/2008] F6465A2EEF75468988A4FCF124148FA8

-=End Of File=-

ComboFix 09-12-20.08 - Babetribute 12/21/2009 13:05:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.483 [GMT -7:00]
Running from: c:\documents and settings\Babetribute\My Documents\Btcomet downloads\music\Combo-Fix.exe
Command switches used :: c:\documents and settings\Babetribute\My Documents\Btcomet downloads\music\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-11-21 to 2009-12-21 )))))))))))))))))))))))))))))))
.

2009-12-21 20:05 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-12-21 17:51 . 2009-12-21 19:56 -------- d-----w- c:\documents and settings\Babetribute\Local Settings\Application Data\Tific
2009-12-21 17:51 . 2009-12-21 17:51 -------- d-----w- c:\documents and settings\Babetribute\Application Data\Tific
2009-12-21 17:51 . 2009-12-21 17:51 -------- d-----w- c:\documents and settings\Babetribute\Local Settings\Application Data\Symantec
2009-12-21 14:52 . 2009-12-21 14:54 -------- d-----w- C:\Combo-Fix
2009-12-21 14:47 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-21 14:47 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-21 14:47 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-21 14:47 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-21 14:47 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-21 14:46 . 2009-12-21 14:46 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091220.020\naveng.sys
2009-12-21 14:46 . 2009-12-21 14:46 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091220.020\eeCtrl.sys
2009-12-21 14:46 . 2009-12-21 14:46 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091220.020\ecmsvr32.dll
2009-12-21 14:46 . 2009-12-21 14:46 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091220.020\naveng32.dll
2009-12-21 14:46 . 2009-12-21 14:46 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091220.020\navex32a.dll
2009-12-21 14:46 . 2009-12-21 14:46 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091220.020\navex15.sys
2009-12-21 14:46 . 2009-12-21 14:46 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091220.020\eraser.sys
2009-12-21 14:46 . 2009-12-21 14:46 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091220.020\cceraser.dll
2009-12-20 19:21 . 2009-10-29 02:31 784752 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
2009-12-20 18:56 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-20 18:56 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-20 18:51 . 2009-12-20 18:51 -------- d-sh--w- c:\documents and settings\Babetribute\IECompatCache
2009-12-20 18:50 . 2009-12-20 18:50 -------- d-sh--w- c:\documents and settings\Babetribute\PrivacIE
2009-12-20 18:49 . 2009-12-20 18:49 -------- d-sh--w- c:\documents and settings\Babetribute\IETldCache
2009-12-20 18:42 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-20 18:42 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-20 18:42 . 2009-12-20 18:42 -------- d-----w- c:\windows\ie8updates
2009-12-20 18:41 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-20 18:38 . 2009-12-20 18:40 -------- dc-h--w- c:\windows\ie8
2009-12-20 18:15 . 2009-12-20 18:15 -------- d-----w- C:\ebf1e9b4da87530663b254f9
2009-12-20 18:15 . 2009-12-20 18:15 -------- d-----w- c:\windows\ServicePackFiles
2009-12-20 18:14 . 2004-08-03 23:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-20 11:35 . 2009-10-20 14:41 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-12-19 15:38 . 2009-12-19 15:38 -------- d-----w- C:\641f693cddf95a8ef2b1415225
2009-12-18 14:19 . 2009-12-20 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 13:32 . 2009-12-18 13:32 -------- d-----w- c:\program files\RegistryFix7
2009-12-18 13:13 . 2009-06-09 14:53 53248 -c----w- c:\windows\system32\dllcache\tsgqec.dll
2009-12-18 13:13 . 2009-06-09 14:53 290816 -c----w- c:\windows\system32\dllcache\rhttpaa.dll
2009-12-18 13:13 . 2009-06-09 14:53 136192 -c----w- c:\windows\system32\dllcache\aaclient.dll
2009-12-17 02:28 . 2009-12-18 12:41 -------- d-----w- C:\Desktop
2009-12-16 23:21 . 2009-12-16 23:21 152576 ----a-w- c:\documents and settings\Babetribute\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-16 15:17 . 2009-12-16 15:17 79488 ----a-w- c:\documents and settings\Babetribute\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-05 04:54 . 2009-12-05 04:54 529456 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091205.001\BHDrvx86.sys
2009-12-05 04:54 . 2009-12-05 04:54 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091205.001\BHRules.dll
2009-12-05 04:54 . 2009-12-05 04:54 1405840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091205.001\BHEngine.dll
2009-12-05 04:54 . 2009-12-05 04:54 668720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091205.001\BHDrvx64.sys
2009-12-05 04:54 . 2009-12-05 04:54 610704 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091205.001\bbRGen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 19:56 . 2009-12-20 19:20 965488 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\OCS\hsplayer.dll
2009-12-21 18:24 . 2007-08-31 21:47 -------- d-----w- c:\program files\QuickTime
2009-12-20 19:23 . 2009-12-20 19:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-20 19:21 . 2009-12-20 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-29 07:45 . 2007-01-16 20:07 916480 ------w- c:\windows\system32\wininet.dll
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-27 03:15 . 2009-10-27 03:15 127872 ----a-w- c:\documents and settings\Babetribute\Application Data\Move Networks\uninstall.exe
2009-10-27 03:15 . 2008-09-21 20:02 -------- d-----w- c:\documents and settings\Babetribute\Application Data\Move Networks
2009-10-27 03:15 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Babetribute\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-10-27 03:15 . 2009-10-27 03:14 1686272 ----a-w- c:\documents and settings\Babetribute\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-10-21 05:50 . 2004-08-03 23:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:50 . 2004-08-03 23:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:41 . 2007-01-16 20:05 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:45 . 2007-01-16 20:06 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-03 23:56 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-03 23:56 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 11:17 . 2008-11-29 15:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 09:19 . 2009-12-20 19:21 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8600AC1E-BE58-4FFC-BD5D-F2A8EC38C838}]
2007-09-15 15:38 311296 ----a-w- c:\program files\Snap Visual Search\snapbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1188534385\ee\AOLSoftware.exe" [2008-06-24 41824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 1687552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-30 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-8-30 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1188534385\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8603:TCP"= 8603:TCP:BitComet 8603 TCP
"8603:UDP"= 8603:UDP:BitComet 8603 UDP

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1101000.013\SymDS.sys [12/20/2009 12:20 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1101000.013\SymEFA.sys [12/20/2009 12:20 PM 171056]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1101000.013\cchpx86.sys [12/20/2009 12:20 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1101000.013\Ironx86.sys [12/20/2009 12:20 PM 114736]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [12/20/2009 12:20 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/20/2009 12:20 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [12/21/2009 7:47 AM 329592]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Search
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-21 13:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(280)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-12-21 13:11:01
ComboFix-quarantined-files.txt 2009-12-21 20:10
ComboFix2.txt 2009-12-21 17:45

Pre-Run: 41,236,336,640 bytes free
Post-Run: 41,205,211,136 bytes free

- - End Of File - - FBAAD95E78DB6DCC958D97B4C2C0DEF9

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Much faster and cleaner! Thanks!