Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search is redirected; SpybotSD and Malwarebytes won't run


  • This topic is locked This topic is locked
15 replies to this topic

#1 imavbcoach

imavbcoach

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 29 May 2009 - 11:56 PM

Hello,

This is my first post, so please let me know if you need more information.

I believe I have a problem because my Google searches are redirected to seemingly random websites. I have tried to block these sites, but they seem endless.

Also, I cannot get my SpybotSD or my Malwarebytes to run unless I rename the executable (.exe) file.

Thanks for any help you can provide, here is my DDS.txt log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by imavbcoach at 23:37:35.43 on Fri 05/29/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1920 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aim toolbar\aimtbServer.exe
C:\Documents and Settings\MichaelKidwell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uWindows: load= c:\quickenw\BILLMNDW.EXE
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [NSWosCheck] c:\program files\norton systemworks basic edition\osCheck.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\recycler\nprotect\00313247.rbf
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Translate into English
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - hxxp://www.sunbelt-software.com/dell/CounterSpy.CAB
DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - hxxp://cabs.media-motor.net/cabs/mmed.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-27 64160]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-26 1245064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-5 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090529.032\NAVENG.SYS [2009-5-29 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090529.032\NAVEX15.SYS [2009-5-29 876144]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2001-11-2 114749]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 33496]

=============== Created Last 30 ================

2009-05-29 22:47 <DIR> --d----- c:\program files\Trend Micro
2009-05-28 00:02 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-27 22:55 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-27 22:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-27 21:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-20 09:43 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-20 09:43 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-20 09:43 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-19 23:39 <DIR> --d----- c:\docume~1\michae~1\applic~1\Malwarebytes
2009-05-19 23:12 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-17 07:59 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-17 07:59 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 07:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 07:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-04-14 12:20 39,936 a------- c:\windows\system32\drivers\gxvxcserv.sys
2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 09:22 284,160 -------- c:\windows\system32\pdh.dll
2009-03-06 09:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-11 00:10 10,261,611 a------- c:\program files\total-video-converter2.6.2.exe
2009-02-10 23:52 52,307,672 a------- c:\program files\AVSVideoConverter.exe
2009-02-10 23:39 10,259,923 a------- c:\program files\total-video-converter.exe
2009-01-17 19:29 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2009-01-17 19:24 170,471 a------- c:\program files\auctioneer.pdf
2009-01-17 19:23 1,951,233 a------- c:\program files\wowcashwrath.pdf
2009-01-17 23:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011720090118\index.dat

============= FINISH: 23:38:28.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Members
  • 12,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 AM

Posted 10 June 2009 - 10:28 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#3 imavbcoach

imavbcoach
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 10 June 2009 - 08:22 PM

Hello,

Thanks for responding. Yes, I am still having the same problem with Google searches being redirected and not being able to run Spybot and Malwarebytes (unless I rename them, then they appear to run).

Thanks for your help. I am not sure what to do and I'm afraid the situation might get worse!

Here is my new DDS.txt:

DDS (Ver_09-05-14.01) - NTFSx86
Run by imavbcoach at 20:11:01.51 on Wed 06/10/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1963 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MichaelKidwell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uWindows: load= c:\quickenw\BILLMNDW.EXE
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [NSWosCheck] c:\program files\norton systemworks basic edition\osCheck.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\recycler\nprotect\00313247.rbf
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Translate into English
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - hxxp://www.sunbelt-software.com/dell/CounterSpy.CAB
DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - hxxp://cabs.media-motor.net/cabs/mmed.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-27 64160]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-26 1245064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-5 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090610.025\NAVENG.SYS [2009-6-10 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090610.025\NAVEX15.SYS [2009-6-10 876144]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2001-11-2 114749]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 33496]

=============== Created Last 30 ================

2009-06-10 08:36 <DIR> --d----- c:\program files\Garmin
2009-06-10 08:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GARMIN
2009-06-10 08:36 <DIR> --d----- C:\Garmin
2009-06-09 20:19 <DIR> --d----- c:\docume~1\michae~1\applic~1\GARMIN
2009-05-29 22:47 <DIR> --d----- c:\program files\Trend Micro
2009-05-28 00:02 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-27 22:55 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-27 22:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-27 21:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-20 09:43 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-20 09:43 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-20 09:43 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-19 23:39 <DIR> --d----- c:\docume~1\michae~1\applic~1\Malwarebytes
2009-05-19 23:12 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-17 07:59 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-17 07:59 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 07:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 07:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-04-14 12:20 39,936 a------- c:\windows\system32\drivers\gxvxcserv.sys
2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-02-11 00:10 10,261,611 a------- c:\program files\total-video-converter2.6.2.exe
2009-02-10 23:52 52,307,672 a------- c:\program files\AVSVideoConverter.exe
2009-02-10 23:39 10,259,923 a------- c:\program files\total-video-converter.exe
2009-01-17 19:29 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2009-01-17 19:24 170,471 a------- c:\program files\auctioneer.pdf
2009-01-17 19:23 1,951,233 a------- c:\program files\wowcashwrath.pdf
2009-01-17 23:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011720090118\index.dat

============= FINISH: 20:12:03.23 ===============

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:51 PM

Posted 14 June 2009 - 05:07 AM

Hi imavbcoach,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 imavbcoach

imavbcoach
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 15 June 2009 - 09:55 PM

Hello Blade81,

Thanks for your help. I was out of town this weekend, so didn't get on this until after work today. Here is the Combofix log as you requested:

ComboFix 09-06-15.04 - MichaelKidwell 06/15/2009 21:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2185 [GMT -5:00]
Running from: c:\documents and settings\MichaelKidwell\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxryojppumeylgkuxnhsdinbmpxxptlvig.sys
c:\windows\system32\gaopdxpjvkxyyyjwtaujcjgkerqmtalhqmoudh.dll
c:\documents and settings\MichaelKidwell\Local Settings\Temporary Internet Files\Tvm.log
c:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\drivers\gaopdxryojppumeylgkuxnhsdinbmpxxptlvig.sys
c:\windows\system32\drivers\gxvxcserv.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxpjvkxyyyjwtaujcjgkerqmtalhqmoudh.dll
F:\Autorun.inf
f:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-12 15:23 . 2009-06-12 15:23 -------- d-----w- c:\documents and settings\MichaelKidwell\Local Settings\Application Data\Blizzard Entertainment
2009-06-10 13:36 . 2009-06-10 13:37 -------- d-----w- c:\program files\Garmin
2009-06-10 13:36 . 2009-06-10 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-06-10 13:36 . 2009-06-10 13:36 -------- d-----w- C:\Garmin
2009-06-10 01:40 . 2009-06-10 02:30 -------- d-----w- c:\documents and settings\MichaelKidwell\Application Data\Download Manager
2009-06-10 01:19 . 2009-06-10 04:29 -------- d-----w- c:\documents and settings\MichaelKidwell\Application Data\GARMIN
2009-05-30 03:47 . 2009-05-30 03:47 -------- d-----w- c:\program files\Trend Micro
2009-05-28 05:02 . 2009-05-28 03:54 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 03:55 . 2009-05-28 03:54 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-28 03:54 . 2009-05-28 03:54 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-28 03:54 . 2009-05-28 03:54 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-05-28 03:54 . 2009-05-28 03:54 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-05-28 03:54 . 2009-05-28 03:54 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-28 03:54 . 2009-05-28 03:54 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-05-28 03:54 . 2009-05-28 03:54 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-05-28 03:54 . 2009-05-28 03:54 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-28 03:54 . 2009-05-28 03:54 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-28 03:08 . 2009-05-28 03:08 -------- d-----w- c:\documents and settings\KathyKidwell\Application Data\Malwarebytes
2009-05-28 02:33 . 2009-05-28 02:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-28 02:33 . 2009-05-28 02:33 152576 ----a-w- c:\documents and settings\MichaelKidwell\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-21 12:43 . 2009-05-28 12:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-20 14:44 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-05-20 14:44 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-05-20 14:44 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-20 14:44 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-05-20 14:44 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-05-20 14:44 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-05-20 14:44 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-20 14:44 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-05-20 14:44 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-05-20 14:44 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-05-20 14:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-20 14:43 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-05-20 04:39 . 2009-05-20 04:39 -------- d-----w- c:\documents and settings\MichaelKidwell\Application Data\Malwarebytes
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-17 12:59 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-17 12:59 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 12:59 . 2009-05-29 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 12:59 . 2009-05-17 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 01:55 . 2004-04-16 05:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-13 02:45 . 2004-04-25 05:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-11 16:59 . 2004-04-16 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-28 03:54 . 2009-05-28 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 03:54 . 2009-05-28 03:54 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-28 03:54 . 2009-05-28 03:54 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-28 03:54 . 2009-05-28 03:54 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-28 03:54 . 2009-05-28 03:54 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-28 03:53 . 2009-05-28 03:53 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-28 03:53 . 2009-05-28 03:53 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-28 03:53 . 2009-05-28 03:53 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-28 03:53 . 2009-05-28 03:53 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-28 03:53 . 2009-05-28 03:53 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-28 03:53 . 2009-05-28 03:53 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 03:51 . 2009-05-28 03:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 03:50 . 2004-05-01 23:40 -------- d-----w- c:\program files\Lavasoft
2009-05-28 02:33 . 2004-04-03 04:04 -------- d-----w- c:\program files\Java
2009-05-20 04:12 . 2004-04-25 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-07 15:32 . 2002-08-29 11:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-02-06 23:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2003-07-15 22:01 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-05-24 18:39 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-01 03:46 . 2008-02-07 04:04 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-02-11 05:10 . 2009-02-11 05:10 10261611 ----a-w- c:\program files\total-video-converter2.6.2.exe
2009-02-11 04:52 . 2009-02-11 04:52 52307672 ----a-w- c:\program files\AVSVideoConverter.exe
2009-02-11 04:39 . 2009-02-11 04:39 10259923 ----a-w- c:\program files\total-video-converter.exe
2009-01-18 00:29 . 2009-01-18 00:28 35124856 ----a-w- c:\program files\AdbeRdr90_en_US.exe
2009-01-18 00:24 . 2009-01-18 00:24 170471 ----a-w- c:\program files\auctioneer.pdf
2009-01-18 00:23 . 2009-01-18 00:17 1951233 ----a-w- c:\program files\wowcashwrath.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-03 151597]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-30 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-30 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"NSWosCheck"="c:\program files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-12-03 25472]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-08-30 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2008-02-10 152952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 15:51 24638 ------w- c:\windows\SYSTEM32\Pcanotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:blizzard downloader
"6112:TCP"= 6112:TCP:blizzard downloader

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [5/27/2009 10:55 PM 64160]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 8:47 PM 149352]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [11/3/2005 10:08 PM 95832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/5/2008 4:25 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 4:55 AM 101936]
S3 COH_Mon;COH_Mon;c:\windows\SYSTEM32\DRIVERS\COH_Mon.sys [1/12/2008 9:32 PM 23888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1005904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:53]

2009-02-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

2009-06-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - MichaelKidwell.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Translate into English
Trusted Zone: musicmatch.com\online
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\System32\NavLogon.dll

- - - - - - - > 'explorer.exe'(1984)
c:\program files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\progra~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\program files\WinZip\WZQKPICK.EXE
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-06-16 21:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 02:44

Pre-Run: 16,760,516,608 bytes free
Post-Run: 19,347,451,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

248 --- E O F --- 2009-06-13 02:33







Also, here is a new DDS.txt log:


DDS (Ver_09-05-14.01) - NTFSx86
Run by MichaelKidwell at 21:49:45.48 on Mon 06/15/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2005 [GMT -5:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Documents and Settings\MichaelKidwell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [NSWosCheck] c:\program files\norton systemworks basic edition\osCheck.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\recycler\nprotect\00313247.rbf
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Translate into English
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - hxxp://www.sunbelt-software.com/dell/CounterSpy.CAB
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-27 64160]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-26 1245064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-5 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2001-11-2 114749]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090615.032\NAVENG.SYS [2009-6-15 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090615.032\NAVEX15.SYS [2009-6-15 876144]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 33496]

=============== Created Last 30 ================

2009-06-15 21:00 <DIR> a-dshr-- C:\cmdcons
2009-06-15 20:55 161,792 a------- c:\windows\SWREG.exe
2009-06-15 20:55 155,136 a------- c:\windows\PEV.exe
2009-06-15 20:55 98,816 a------- c:\windows\sed.exe
2009-06-10 08:36 <DIR> --d----- c:\program files\Garmin
2009-06-10 08:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GARMIN
2009-06-10 08:36 <DIR> --d----- C:\Garmin
2009-06-09 20:19 <DIR> --d----- c:\docume~1\michae~1\applic~1\GARMIN
2009-05-29 22:47 <DIR> --d----- c:\program files\Trend Micro
2009-05-28 00:02 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-27 22:55 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-27 22:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-27 21:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-20 09:43 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-20 09:43 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-20 09:43 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-19 23:39 <DIR> --d----- c:\docume~1\michae~1\applic~1\Malwarebytes
2009-05-19 23:12 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-17 07:59 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-17 07:59 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 07:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-17 07:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-05-07 10:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 23:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 23:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 23:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 23:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-28 23:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-28 23:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 23:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 23:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 23:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 04:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 04:05 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 00:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 00:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 07:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 09:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-02-11 00:10 10,261,611 a------- c:\program files\total-video-converter2.6.2.exe
2009-02-10 23:52 52,307,672 a------- c:\program files\AVSVideoConverter.exe
2009-02-10 23:39 10,259,923 a------- c:\program files\total-video-converter.exe
2009-01-17 19:29 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2009-01-17 19:24 170,471 a------- c:\program files\auctioneer.pdf
2009-01-17 19:23 1,951,233 a------- c:\program files\wowcashwrath.pdf
2009-01-17 23:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011720090118\index.dat

============= FINISH: 21:50:19.39 ===============



Thanks for your help, Blade81. I REALLY appreciate you spending time to help me, because I have no idea what else to do!

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:51 PM

Posted 16 June 2009 - 09:20 AM

Hi again :thumbup2:


Open notepad and copy/paste the text in the quotebox below into it:

DDS::
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here (install 9.1 version first and then separate 9.1.2 update) or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log + description of remaining symptoms.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 imavbcoach

imavbcoach
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 16 June 2009 - 01:37 PM

Hello Blade81,

Thanks for the quick response, I'm anxious to get started on this at home tonight!

After sending you the ComboFix and DDS logs last night, I re-activated my Norton Internet Security. I assume I should turn it off again before running your suggestions?

Thanks.

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:51 PM

Posted 16 June 2009 - 02:01 PM

Yes, better turn the protection off again while following the steps listed there :thumbup2:

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 imavbcoach

imavbcoach
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 16 June 2009 - 06:35 PM

Thanks, Blade81.

I have run the CFScript and ComboFix with the following logfile. I'm posting it now, in case you are looking for it, and in the meantime I take care of the other issues you pointed out.

Thanks again for all your help, I really appreciate it.


ComboFix 09-06-16.01 - MichaelKidwell 06/16/2009 18:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1954 [GMT -5:00]
Running from: c:\documents and settings\MichaelKidwell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MichaelKidwell\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-16 13:20 . 2009-05-19 06:36 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-06-16 13:20 . 2009-05-19 06:36 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-06-16 13:20 . 2009-05-19 06:36 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-06-16 13:20 . 2009-05-19 06:35 376568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unagi3.exe
2009-06-16 13:20 . 2009-05-19 06:36 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-06-16 13:20 . 2009-05-19 06:36 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-06-16 13:20 . 2009-05-19 06:35 11568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\tbinst.dll
2009-06-16 13:20 . 2009-05-19 06:35 383128 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\tbsetup.exe
2009-06-16 13:20 . 2009-05-19 06:35 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ProgUpd.dll
2009-06-16 13:20 . 2009-05-19 06:35 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\setup.exe
2009-06-16 13:20 . 2009-05-19 06:35 4480040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ocpinst.exe
2009-06-16 13:20 . 2009-05-19 06:35 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\postproc.exe
2009-06-12 15:23 . 2009-06-12 15:23 -------- d-----w- c:\documents and settings\MichaelKidwell\Local Settings\Application Data\Blizzard Entertainment
2009-06-10 13:36 . 2009-06-10 13:37 -------- d-----w- c:\program files\Garmin
2009-06-10 13:36 . 2009-06-10 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-06-10 13:36 . 2009-06-10 13:36 -------- d-----w- C:\Garmin
2009-06-10 01:40 . 2009-06-10 02:30 -------- d-----w- c:\documents and settings\MichaelKidwell\Application Data\Download Manager
2009-06-10 01:19 . 2009-06-10 04:29 -------- d-----w- c:\documents and settings\MichaelKidwell\Application Data\GARMIN
2009-05-30 03:47 . 2009-05-30 03:47 -------- d-----w- c:\program files\Trend Micro
2009-05-28 05:02 . 2009-05-28 03:54 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 03:55 . 2009-05-28 03:54 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-28 03:54 . 2009-05-28 03:54 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-28 03:54 . 2009-05-28 03:54 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-05-28 03:54 . 2009-05-28 03:54 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-05-28 03:54 . 2009-05-28 03:54 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-28 03:54 . 2009-05-28 03:54 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-05-28 03:54 . 2009-05-28 03:54 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-05-28 03:54 . 2009-05-28 03:54 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-28 03:54 . 2009-05-28 03:54 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-28 03:08 . 2009-05-28 03:08 -------- d-----w- c:\documents and settings\KathyKidwell\Application Data\Malwarebytes
2009-05-28 02:33 . 2009-05-28 02:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-28 02:33 . 2009-05-28 02:33 152576 ----a-w- c:\documents and settings\MichaelKidwell\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-21 12:43 . 2009-05-28 12:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-20 14:44 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-05-20 14:44 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-05-20 14:44 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-20 14:44 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-05-20 14:44 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-05-20 14:44 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-05-20 14:44 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-20 14:44 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-05-20 14:44 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-05-20 14:44 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-05-20 14:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-20 14:43 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-05-20 04:39 . 2009-05-20 04:39 -------- d-----w- c:\documents and settings\MichaelKidwell\Application Data\Malwarebytes
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 15:09 . 2004-04-16 05:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-13 02:45 . 2004-04-25 05:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-11 16:59 . 2004-04-16 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-29 23:14 . 2009-05-17 12:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-28 03:54 . 2009-05-28 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 03:54 . 2009-05-28 03:54 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-28 03:54 . 2009-05-28 03:54 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-28 03:54 . 2009-05-28 03:54 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-28 03:54 . 2009-05-28 03:54 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-28 03:53 . 2009-05-28 03:53 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-28 03:53 . 2009-05-28 03:53 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-28 03:53 . 2009-05-28 03:53 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-28 03:53 . 2009-05-28 03:53 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-28 03:53 . 2009-05-28 03:53 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-28 03:53 . 2009-05-28 03:53 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 03:51 . 2009-05-28 03:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 03:50 . 2004-05-01 23:40 -------- d-----w- c:\program files\Lavasoft
2009-05-28 02:33 . 2004-04-03 04:04 -------- d-----w- c:\program files\Java
2009-05-26 18:20 . 2009-05-17 12:59 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 18:19 . 2009-05-17 12:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-20 04:12 . 2004-04-25 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-19 06:36 . 2009-06-16 13:19 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 06:36 . 2009-06-16 13:19 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 06:36 . 2009-06-16 13:19 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-19 06:35 . 2009-06-16 13:19 120368 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\aoldlmgr.exe
2009-05-19 06:35 . 2009-06-16 13:19 74536 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\instSup.dll
2009-05-19 06:35 . 2009-06-16 13:19 15144 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ocpchk.dll
2009-05-19 06:35 . 2009-06-16 13:19 231216 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\migrator.exe
2009-05-19 06:35 . 2009-06-16 13:19 1225352 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\msvc9rt.exe
2009-05-19 06:35 . 2009-06-16 13:19 69104 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amos.exe
2009-05-19 06:35 . 2009-06-16 13:19 37888 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amoinst.exe
2009-05-19 06:35 . 2009-06-16 13:19 10544 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\imappver.dll
2009-05-19 06:35 . 2009-06-16 13:19 550024 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMLang.exe
2009-05-19 06:35 . 2009-06-16 13:19 2402104 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMinst.exe
2009-05-19 06:35 . 2009-06-16 13:19 1025328 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\gui.dll
2009-05-19 06:35 . 2009-06-16 13:19 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLFirewallMgr.dll
2009-05-17 12:59 . 2009-05-17 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-07 15:32 . 2002-08-29 11:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-02-06 23:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2003-07-15 22:01 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-05-24 18:39 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-01 03:46 . 2008-02-07 04:04 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-02-11 05:10 . 2009-02-11 05:10 10261611 ----a-w- c:\program files\total-video-converter2.6.2.exe
2009-02-11 04:52 . 2009-02-11 04:52 52307672 ----a-w- c:\program files\AVSVideoConverter.exe
2009-02-11 04:39 . 2009-02-11 04:39 10259923 ----a-w- c:\program files\total-video-converter.exe
2009-01-18 00:29 . 2009-01-18 00:28 35124856 ----a-w- c:\program files\AdbeRdr90_en_US.exe
2009-01-18 00:24 . 2009-01-18 00:24 170471 ----a-w- c:\program files\auctioneer.pdf
2009-01-18 00:23 . 2009-01-18 00:17 1951233 ----a-w- c:\program files\wowcashwrath.pdf
.

((((((((((((((((((((((((((((( SnapShot@2009-06-16_02.35.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-16 23:13 . 2009-06-16 23:13 16384 c:\windows\Temp\Perflib_Perfdata_68c.dat
+ 2009-06-16 23:04 . 2009-06-16 23:04 389120 c:\windows\SYSTEM32\CF31304.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-03 151597]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-30 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-30 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"NSWosCheck"="c:\program files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-12-03 25472]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-28 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-08-30 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2008-02-10 152952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 15:51 24638 ------w- c:\windows\SYSTEM32\Pcanotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:blizzard downloader
"6112:TCP"= 6112:TCP:blizzard downloader

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [5/27/2009 10:55 PM 64160]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 8:47 PM 149352]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [11/3/2005 10:08 PM 95832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/5/2008 4:25 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 4:55 AM 101936]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1005904]
S3 COH_Mon;COH_Mon;c:\windows\SYSTEM32\DRIVERS\COH_Mon.sys [1/12/2008 9:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:53]

2009-02-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

2009-06-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - MichaelKidwell.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Translate into English
Trusted Zone: musicmatch.com\online
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 18:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\System32\NavLogon.dll

- - - - - - - > 'explorer.exe'(780)
c:\program files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\SYSTEM32\CF31304.exe
c:\progra~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\program files\WinZip\WZQKPICK.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-06-16 18:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 23:22
ComboFix2.txt 2009-06-16 02:44

Pre-Run: 18,760,368,128 bytes free
Post-Run: 19,196,162,048 bytes free

252 --- E O F --- 2009-06-13 02:33

#10 imavbcoach

imavbcoach
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 17 June 2009 - 12:34 AM

Hello Blade,

I have done everything you requested.

1. Created the CFScript and ran it with ComboFix (log posted a few hours ago)
2. Uninstalled old Adobe Reader, and installed new version 9.1 and the 9.1.2 update
3. Uninstalled all Java components. Rebooted. Installed new Java (JRE) 6 Update 14
4. Downloaded and ran ATF Cleaner
5. Downloaded and ran Kaspersky scan (log to follow)
6. Ran a new DDS (log to follow)

That Kaspersky scan took awhile to run, sorry this is so late! It seemed to find several threats and infected files. Both the Kaspersky log you requested and the new DDS log are following this summary. (The ComboFix log was posted a few hours ago.)

Thank you so much for all your help, I hope I have given you all that you need. Please let me know if you need any other information.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, June 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 17, 2009 01:02:33
Records in database: 2353079
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 154492
Threat name: 26
Infected objects: 45
Suspicious objects: 0
Duration of the scan: 02:53:27


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01291B73 Infected: Trojan.Win32.VB.kz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D9A0136 Infected: Trojan-Downloader.Win32.Lemmy.u 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24BC64C3 Infected: Trojan.Win32.VB.kz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29742AC9 Infected: Trojan.Win32.VB.kz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B7F6C6B Infected: Trojan.Win32.VB.kz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C4410E0 Infected: Trojan-Downloader.Win32.VB.df 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F7F62DD.exe Infected: not-a-virus:AdWare.Win32.WinThirtyTwo.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47D6306D Infected: Trojan-Downloader.Win32.Small.fe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CCE7E1C Infected: Email-Worm.Win32.Sober.y 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\507C10E0.exe Infected: Trojan-Downloader.Win32.Keenval 3
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\507C10E0.exe Infected: Trojan-Downloader.Win32.Keenval.e 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EA74277 Infected: Backdoor.Win32.Prosiak.070 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60A53DA9.exe Infected: Trojan-Downloader.Win32.Small.cpg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64960581.htm Infected: Trojan-Downloader.VBS.Agent.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64A309FB Infected: Trojan-Downloader.Win32.Lemmy.u 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64C77B4B.htm Infected: Trojan-Downloader.VBS.Agent.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6581547E.htm Infected: Trojan-Downloader.VBS.Agent.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A8442C3 Infected: Trojan.Win32.VB.kz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A982302.exe Infected: not-a-virus:AdWare.Win32.ZSearch.b 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CE87B0E Infected: Trojan.Win32.VB.kz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CEB250A Infected: Trojan.Win32.VB.kz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D8F0149 Infected: Trojan-Dropper.Win32.Small.abe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75372F41 Infected: Trojan-Downloader.Win32.VB.db 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8532A3 Infected: not-a-virus:AdWare.Win32.TotalVelocity.t 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8532A3 Infected: not-a-virus:AdWare.Win32.TotalVelocity.s 1
C:\Documents and Settings\MichaelKidwell\My Documents\My Sound Effects\soundeffectsfree.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\MichaelKidwell\My Documents\My Sound Effects\soundeffectsfree.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\MichaelKidwell\My Documents\My Sound Effects\soundeffectsfree.exe Infected: not-a-virus:AdWare.Win32.WebHancer 5
C:\Documents and Settings\MichaelKidwell\My Documents\My Sound Effects\soundeffectsfree.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.h 1
C:\Documents and Settings\MichaelKidwell\My Documents\My Sound Effects\soundeffectsfree.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcserv.sys.vir Infected: Trojan.Win32.Tdss.abxr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxpjvkxyyyjwtaujcjgkerqmtalhqmoudh.dll.vir Infected: Trojan-Spy.Win32.Agent.akwj 1
C:\WINDOWS\ss_neonapster_setup.exe Infected: not-a-virus:AdWare.Win32.Sidesearch.c 1
C:\WINDOWS\ss_neonapster_setup.exe Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1

The selected area was scanned.



***************************************************************************************************
And now here is the new DDS log ***********************************************************************
***************************************************************************************************


DDS (Ver_09-05-14.01) - NTFSx86
Run by MichaelKidwell at 0:15:06.10 on Wed 06/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2018 [GMT -5:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Documents and Settings\MichaelKidwell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [NSWosCheck] c:\program files\norton systemworks basic edition\osCheck.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\recycler\nprotect\00313247.rbf
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Translate into English
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - hxxp://www.sunbelt-software.com/dell/CounterSpy.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-27 64160]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-26 1245064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-5 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2001-11-2 114749]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090616.035\NAVENG.SYS [2009-6-16 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090616.035\NAVEX15.SYS [2009-6-16 876144]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 33496]

=============== Created Last 30 ================

2009-06-16 19:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-16 18:04 389,120 a------- c:\windows\system32\CF31304.exe
2009-06-15 21:00 <DIR> a-dshr-- C:\cmdcons
2009-06-15 20:55 161,792 a------- c:\windows\SWREG.exe
2009-06-15 20:55 155,136 a------- c:\windows\PEV.exe
2009-06-15 20:55 98,816 a------- c:\windows\sed.exe
2009-06-10 08:36 <DIR> --d----- c:\program files\Garmin
2009-06-10 08:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GARMIN
2009-06-10 08:36 <DIR> --d----- C:\Garmin
2009-06-09 20:19 <DIR> --d----- c:\docume~1\michae~1\applic~1\GARMIN
2009-05-29 22:47 <DIR> --d----- c:\program files\Trend Micro
2009-05-28 00:02 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-27 22:55 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-27 22:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-27 21:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-20 09:43 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-20 09:43 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-20 09:43 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-19 23:39 <DIR> --d----- c:\docume~1\michae~1\applic~1\Malwarebytes
2009-05-19 23:12 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)

==================== Find3M ====================

2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-07 10:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 23:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 23:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 23:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 23:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-28 23:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-28 23:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 23:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 23:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 23:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 04:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 04:05 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 00:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 00:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 07:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 09:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-02-11 00:10 10,261,611 a------- c:\program files\total-video-converter2.6.2.exe
2009-02-10 23:52 52,307,672 a------- c:\program files\AVSVideoConverter.exe
2009-02-10 23:39 10,259,923 a------- c:\program files\total-video-converter.exe
2009-01-17 19:29 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2009-01-17 19:24 170,471 a------- c:\program files\auctioneer.pdf
2009-01-17 19:23 1,951,233 a------- c:\program files\wowcashwrath.pdf
2009-01-17 23:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011720090118\index.dat

============= FINISH: 0:15:52.96 ===============

#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:51 PM

Posted 17 June 2009 - 09:24 AM

Thanks for the logs :thumbup2:


Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01291B73
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D9A0136
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24BC64C3
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29742AC9
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B7F6C6B
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C4410E0
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F7F62DD.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47D6306D
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CCE7E1C
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\507C10E0.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\507C10E0.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EA74277
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60A53DA9.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64960581.htm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64A309FB
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64C77B4B.htm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6581547E.htm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A8442C3
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A982302.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CE87B0E
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CEB250A
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D8F0149
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75372F41
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8532A3
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8532A3
C:\Documents and Settings\MichaelKidwell\My Documents\My Sound Effects\soundeffectsfree.exe
C:\WINDOWS\ss_neonapster_setup.exe
c:\windows\system32\CF31304.exe


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh dds.txt log. How's the system running?


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#12 imavbcoach

imavbcoach
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 17 June 2009 - 10:04 AM

Thanks for your response. Looks like tonight's work will not take as long! :thumbup2:

I'm not sure if my system is running better or not.... I have not really tried to do anything online yet because I'm afraid if I don't get everything fixed first, I'll get another problem!! My Norton Internet Security is still turned off, so I've only been doing what you have requested.

I noticed you are from Finland - so now I have to ask what floorball is? Is that similar to racquetball here in the U.S.?

Will post the logs tonight after birthday dinner for my nephew. Thanks again for your help.

#13 imavbcoach

imavbcoach
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 17 June 2009 - 07:26 PM

Hello Blade81,

Tonight wasn't too bad! :thumbup2:
The ComboFix log follows, as well as a new DDS log. Please let me know if you need any other information.

Thanks again for all your help, I really appreciate your time.



ComboFix 09-06-16.01 - MichaelKidwell 06/17/2009 18:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1912 [GMT -5:00]
Running from: c:\documents and settings\MichaelKidwell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MichaelKidwell\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01291B73"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D9A0136"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24BC64C3"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29742AC9"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B7F6C6B"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C4410E0"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F7F62DD.exe"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47D6306D"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CCE7E1C"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\507C10E0.exe"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EA74277"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60A53DA9.exe"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64960581.htm"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64A309FB"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64C77B4B.htm"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6581547E.htm"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A8442C3"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A982302.exe"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CE87B0E"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CEB250A"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D8F0149"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75372F41"
"c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D8532A3"
"c:\documents and settings\MichaelKidwell\My Documents\My Sound Effects\soundeffectsfree.exe"
"c:\windows\ss_neonapster_setup.exe"
"c:\windows\system32\CF31304.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT\NPROTECT.LOG
f:\recycler\NPROTECT\NPROTECT.LOG
c:\documents and settings\MichaelKidwell\My Documents\My Sound Effects\soundeffectsfree.exe
c:\windows\ss_neonapster_setup.exe
c:\windows\system32\CF31304.exe
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-16 23:48 . 2009-06-16 23:48 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-16 23:48 . 2009-06-17 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-16 23:48 . 2009-06-17 00:27 -------- d-----w- c:\program files\NOS
2009-06-16 13:20 . 2009-05-19 06:36 2884832 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-06-16 13:20 . 2009-05-19 06:36 28 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-06-16 13:20 . 2009-05-19 06:36 30512 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-06-16 13:20 . 2009-05-19 06:35 376568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unagi3.exe
2009-06-16 13:20 . 2009-05-19 06:36 25 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-06-16 13:20 . 2009-05-19 06:36 1484856 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-06-16 13:20 . 2009-05-19 06:35 11568 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\tbinst.dll
2009-06-16 13:20 . 2009-05-19 06:35 383128 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\tbsetup.exe
2009-06-16 13:20 . 2009-05-19 06:35 83752 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ProgUpd.dll
2009-06-16 13:20 . 2009-05-19 06:35 172840 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\setup.exe
2009-06-16 13:20 . 2009-05-19 06:35 4480040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ocpinst.exe
2009-06-16 13:20 . 2009-05-19 06:35 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\postproc.exe
2009-06-12 15:23 . 2009-06-12 15:23 -------- d-----w- c:\documents and settings\MichaelKidwell\Local Settings\Application Data\Blizzard Entertainment
2009-06-10 13:36 . 2009-06-10 13:37 -------- d-----w- c:\program files\Garmin
2009-06-10 13:36 . 2009-06-10 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-06-10 13:36 . 2009-06-10 13:36 -------- d-----w- C:\Garmin
2009-06-10 01:40 . 2009-06-10 02:30 -------- d-----w- c:\documents and settings\MichaelKidwell\Application Data\Download Manager
2009-06-10 01:19 . 2009-06-10 04:29 -------- d-----w- c:\documents and settings\MichaelKidwell\Application Data\GARMIN
2009-05-30 03:47 . 2009-05-30 03:47 -------- d-----w- c:\program files\Trend Micro
2009-05-28 05:02 . 2009-05-28 03:54 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 03:55 . 2009-05-28 03:54 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-28 03:54 . 2009-05-28 03:54 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-28 03:54 . 2009-05-28 03:54 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-05-28 03:54 . 2009-05-28 03:54 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-05-28 03:54 . 2009-05-28 03:54 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-28 03:54 . 2009-05-28 03:54 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-05-28 03:54 . 2009-05-28 03:54 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-05-28 03:54 . 2009-05-28 03:54 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-28 03:54 . 2009-05-28 03:54 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-28 03:08 . 2009-05-28 03:08 -------- d-----w- c:\documents and settings\KathyKidwell\Application Data\Malwarebytes
2009-05-28 02:33 . 2009-06-17 00:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-21 12:43 . 2009-05-28 12:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-20 14:44 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-05-20 14:44 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-05-20 14:44 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-20 14:44 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-05-20 14:44 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-05-20 14:44 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-05-20 14:44 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-20 14:44 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-05-20 14:44 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-05-20 14:44 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-05-20 14:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-20 14:43 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-05-20 04:39 . 2009-05-20 04:39 -------- d-----w- c:\documents and settings\MichaelKidwell\Application Data\Malwarebytes
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-20 04:12 . 2009-05-20 04:12 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 00:10 . 2004-04-16 05:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-17 00:39 . 2004-04-03 04:04 -------- d-----w- c:\program files\Java
2009-06-16 23:50 . 2004-04-15 06:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-13 02:45 . 2004-04-25 05:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-11 16:59 . 2004-04-16 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-29 23:14 . 2009-05-17 12:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-28 03:54 . 2009-05-28 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 03:54 . 2009-05-28 03:54 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-28 03:54 . 2009-05-28 03:54 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-28 03:54 . 2009-05-28 03:54 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-28 03:54 . 2009-05-28 03:54 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-28 03:53 . 2009-05-28 03:53 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-28 03:53 . 2009-05-28 03:53 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-28 03:53 . 2009-05-28 03:53 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-28 03:53 . 2009-05-28 03:53 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-28 03:53 . 2009-05-28 03:53 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-28 03:53 . 2009-05-28 03:53 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 03:51 . 2009-05-28 03:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 03:50 . 2004-05-01 23:40 -------- d-----w- c:\program files\Lavasoft
2009-05-26 18:20 . 2009-05-17 12:59 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 18:19 . 2009-05-17 12:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-20 04:12 . 2004-04-25 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-19 06:36 . 2009-06-16 13:19 97072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 06:36 . 2009-06-16 13:19 142040 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 06:36 . 2009-06-16 13:19 111920 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-19 06:35 . 2009-06-16 13:19 120368 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\aoldlmgr.exe
2009-05-19 06:35 . 2009-06-16 13:19 74536 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\instSup.dll
2009-05-19 06:35 . 2009-06-16 13:19 15144 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\ocpchk.dll
2009-05-19 06:35 . 2009-06-16 13:19 231216 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\migrator.exe
2009-05-19 06:35 . 2009-06-16 13:19 1225352 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\msvc9rt.exe
2009-05-19 06:35 . 2009-06-16 13:19 69104 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amos.exe
2009-05-19 06:35 . 2009-06-16 13:19 37888 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\amoinst.exe
2009-05-19 06:35 . 2009-06-16 13:19 10544 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\imappver.dll
2009-05-19 06:35 . 2009-06-16 13:19 550024 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMLang.exe
2009-05-19 06:35 . 2009-06-16 13:19 2402104 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AIMinst.exe
2009-05-19 06:35 . 2009-06-16 13:19 1025328 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\gui.dll
2009-05-19 06:35 . 2009-06-16 13:19 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLFirewallMgr.dll
2009-05-17 12:59 . 2009-05-17 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-07 15:32 . 2002-08-29 11:00 345600 ------w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-02-06 23:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2003-07-15 22:01 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-05-24 18:39 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-01 03:46 . 2008-02-07 04:04 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-02-11 05:10 . 2009-02-11 05:10 10261611 ----a-w- c:\program files\total-video-converter2.6.2.exe
2009-02-11 04:52 . 2009-02-11 04:52 52307672 ----a-w- c:\program files\AVSVideoConverter.exe
2009-02-11 04:39 . 2009-02-11 04:39 10259923 ----a-w- c:\program files\total-video-converter.exe
2009-01-18 00:29 . 2009-01-18 00:28 35124856 ----a-w- c:\program files\AdbeRdr90_en_US.exe
2009-01-18 00:24 . 2009-01-18 00:24 170471 ----a-w- c:\program files\auctioneer.pdf
2009-01-18 00:23 . 2009-01-18 00:17 1951233 ----a-w- c:\program files\wowcashwrath.pdf
.

((((((((((((((((((((((((((((( SnapShot@2009-06-16_02.35.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-18 00:03 . 2009-06-18 00:03 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
- 2009-05-28 02:33 . 2009-05-28 02:33 148888 c:\windows\SYSTEM32\javaws.exe
+ 2009-06-17 00:40 . 2009-06-17 00:39 148888 c:\windows\SYSTEM32\javaws.exe
+ 2009-06-17 00:40 . 2009-06-17 00:39 144792 c:\windows\SYSTEM32\javaw.exe
- 2009-05-28 02:33 . 2009-05-28 02:33 144792 c:\windows\SYSTEM32\javaw.exe
+ 2009-06-17 00:40 . 2009-06-17 00:39 144792 c:\windows\SYSTEM32\java.exe
- 2009-05-28 02:33 . 2009-05-28 02:33 144792 c:\windows\SYSTEM32\java.exe
+ 2009-01-18 21:05 . 2009-01-18 21:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2008-12-18 21:48 . 2008-12-18 21:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 21:37 . 2009-02-27 21:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-04-03 151597]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 110592]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-30 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-30 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"NSWosCheck"="c:\program files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-12-03 25472]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-08-30 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2008-02-10 152952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 15:51 24638 ------w- c:\windows\SYSTEM32\Pcanotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:blizzard downloader
"6112:TCP"= 6112:TCP:blizzard downloader

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [5/27/2009 10:55 PM 64160]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 8:47 PM 149352]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [11/3/2005 10:08 PM 95832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/5/2008 4:25 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 4:55 AM 101936]
S3 COH_Mon;COH_Mon;c:\windows\SYSTEM32\DRIVERS\COH_Mon.sys [1/12/2008 9:32 PM 23888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1005904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:53]

2009-02-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

2009-06-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - MichaelKidwell.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Translate into English
Trusted Zone: musicmatch.com\online
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 19:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\System32\NavLogon.dll

- - - - - - - > 'explorer.exe'(4012)
c:\program files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\progra~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WinZip\WZQKPICK.EXE
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-06-18 19:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-18 00:13
ComboFix2.txt 2009-06-16 23:22
ComboFix3.txt 2009-06-16 02:44

Pre-Run: 17,938,104,320 bytes free
Post-Run: 18,581,045,248 bytes free

298 --- E O F --- 2009-06-13 02:33






***************************************************************************
And here is the DDS log also
***************************************************************************

DDS (Ver_09-05-14.01) - NTFSx86
Run by MichaelKidwell at 19:20:54.81 on Wed 06/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2056 [GMT -5:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Documents and Settings\MichaelKidwell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [NSWosCheck] c:\program files\norton systemworks basic edition\osCheck.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\recycler\nprotect\00313247.rbf
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Translate into English
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - hxxp://www.sunbelt-software.com/dell/CounterSpy.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-27 64160]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-26 1245064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-5 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\AWHOST32.EXE [2001-11-2 114749]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090617.025\NAVENG.SYS [2009-6-17 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090617.025\NAVEX15.SYS [2009-6-17 876144]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 33496]

=============== Created Last 30 ================

2009-06-16 19:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-15 21:00 <DIR> a-dshr-- C:\cmdcons
2009-06-15 20:55 161,792 a------- c:\windows\SWREG.exe
2009-06-15 20:55 155,136 a------- c:\windows\PEV.exe
2009-06-15 20:55 98,816 a------- c:\windows\sed.exe
2009-06-10 08:36 <DIR> --d----- c:\program files\Garmin
2009-06-10 08:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GARMIN
2009-06-10 08:36 <DIR> --d----- C:\Garmin
2009-06-09 20:19 <DIR> --d----- c:\docume~1\michae~1\applic~1\GARMIN
2009-05-29 22:47 <DIR> --d----- c:\program files\Trend Micro
2009-05-28 00:02 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-27 22:55 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-27 22:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-27 21:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-20 09:43 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-20 09:43 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-20 09:43 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-19 23:39 <DIR> --d----- c:\docume~1\michae~1\applic~1\Malwarebytes
2009-05-19 23:12 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-19 23:12 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)

==================== Find3M ====================

2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-07 10:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\dllcache\wininet.dll
2009-04-28 23:56 233,472 a------- c:\windows\system32\dllcache\webcheck.dll
2009-04-28 23:56 1,159,680 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-28 23:56 671,232 a------- c:\windows\system32\dllcache\mstime.dll
2009-04-28 23:56 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-04-28 23:56 102,912 a------- c:\windows\system32\dllcache\occache.dll
2009-04-28 23:56 44,544 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-04-28 23:56 3,596,288 a------- c:\windows\system32\dllcache\mshtml.dll
2009-04-28 23:56 477,696 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-04-28 23:56 193,024 a------- c:\windows\system32\dllcache\msrating.dll
2009-04-28 04:05 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 04:05 13,824 a------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 00:27 636,088 a------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 00:26 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 07:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 09:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-02-11 00:10 10,261,611 a------- c:\program files\total-video-converter2.6.2.exe
2009-02-10 23:52 52,307,672 a------- c:\program files\AVSVideoConverter.exe
2009-02-10 23:39 10,259,923 a------- c:\program files\total-video-converter.exe
2009-01-17 19:29 35,124,856 a------- c:\program files\AdbeRdr90_en_US.exe
2009-01-17 19:24 170,471 a------- c:\program files\auctioneer.pdf
2009-01-17 19:23 1,951,233 a------- c:\program files\wowcashwrath.pdf
2009-01-17 23:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011720090118\index.dat

============= FINISH: 19:21:11.65 ===============

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:51 PM

Posted 18 June 2009 - 09:32 AM

I noticed you are from Finland - so now I have to ask what floorball is? Is that similar to racquetball here in the U.S.?

Hi,

It's different from racquetball. You'll find a short description of floorball here :thumbup2:

Logs look quite good. Please see if those symptoms you described earlier are still present. If not, I'll give you the final instructions.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 imavbcoach

imavbcoach
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 18 June 2009 - 11:49 PM

Blade81,

Thank you, thank you, thank you, thank you!! :thumbup2:

All seems to be fine again! Spybot and Malwarebytes both ran scans without having to rename the .exe files. Also, the Google redirects seem to be gone as well.

I really appreciate your help with my computer, I didn't know what to do! Everytime I tried to research the problem, my Google hits were redirected so I was rather stuck!

Thanks for the link on floorball, I know it as floor hockey. So do you play for the Salibandyliiga? :)

I can't thank you enough for your help. My family will be very happy to have the computer back up and functioning again.

THANK YOU!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users