BleepingComputer.com: Redirect at browser, cannot system restore, Navcancl log error and more

Hi, new to site, and not very computer savvy beyond the basics.
Trying to follow posting rules here, dont know if this is TMI,, or helpful for diagnosis.. let me know! Main issue is spyware/adware with redirect issue complicated.

On my Dell Laptop, working with wireless encrypted and wireless communication with printer, use Google (iGoogle) for web browsing a great deal. For past month have had problem with virus redirecting (via; unexceptionalsearchsystems.com and gooooodsearchsomething or other, you all will know these I think.) here are some specific things happening;

A) While my Facebook automatically loads (uses saved sign on information)on iGoogle,, Twitter does not. I have to manually click connect, and when I type in “b” to start my username.. it recalls my email address. I highlight my user name and enter, then my password is atuo-recalled as well. Normally the black dots of the 9 characters, would be just black dots. Now, there is an imperceptible “blip” of 9 fuzzy symbols, before they convert to the black dots. I have not opened once I noticed this. Could have opened many times with this happening however.

B) When idle, and an internet page is open, usually (after 15 min, and before an hour) a strange screen can sometimes appear, as if another webpage was opened by spyware.

C) Computer in general seems a little slower. noteably, there are strange pauses, and longer refresh times, slower typing responses, overall, more clumsy.

D) Computer is running much warmer /hot than normal.

D) My lower right icon tray used to have more items in it.. now sometimes I have things, and sometimes I dont. (such as Windows yellow shield for updates, speaker/volume control, ac/battery image.) Noteably, I would always have an indicator of my wireless connection as a symbol of a graph with green bars. Now the icon is a computer with soundwaves to right.

E) It seems like problems started with classic late night playing around, and downloading videos to Real Player and Real Time Player. I dont know how to "dump" the internet cache, or to clear temporary files for sure. ( I do know to go to "tools" and delete history, etc that way).

F) First steps was to try System Restore, both with programs and in safe mode, with my tech guy's help over phone. No luck here. went back quite aways, and tried maybe 8 times.

G) In last 4 days, I get repeated error window showing "Navcancl" and asking if I want to continue ..

H) During some work/actions I get repeated error window showing a warning with question to "continue blocking" the/a file or program trying to be used, or if indeed already in use.

I) When right clicking an icon, or item to perform functions such as; "delete, re-name, etc.." I get warning window saying
"The feature you are trying to use is on a network resource that is unavailable" "Click OK to try again or enter an alterante path to a folder containning the installatiion package 'SYMANTEC ANTIVIURS.MSI' in the box below;" Box shows; "Use source:" and shows in window; "C:\Documents and Settings\Brad\Desktop\SAV\". A Second box is in the background with title of; Window Installer and in box area simply reads " Preparing to install.." with a button that offers "cancel". Normally, I just hit cancel on the first superimposed box, and then the regular gray vertical pane bar showing options to copy/cut/paste/rename/delete,, etc shows and I can select. Lately, the document/file etc may dissappear even tho the task works. When I click OK, it works, and then another error box "The path; C:\Documents and Settings\Brad\Desktop\SAV\SYMANTEC.ANTIVIRUS.MSI' cannot be found Verify that you have access to this location and try again, or try to find the installation package 'SYMANTEC ANTIVIURS.MSI' in a folder from which you can install the product Symantec Antivirus

J) My (purchased) Norton Antivirus suite cannot open, and therefore no scans run. When I try to run the installer file, it tries to run and then; black screen "Norton Anti Virus 2012" "A problem has occurred that needs your attention: "Setup has found Symantec AntiVirus Corporate Edition or Symantec Client Security on your computer. You should uninstall it before continuing. If you are not sure if you should replace it, ask your network administrator."

K) My (purchased) Malwarebytes program no longer opens. I get prompt with title; "C:\ProgramFiles\Malwarebutes'Anti-Malware1\mbam.exe" with message; "Windows cannot access the specified deivice,path,or file. You may not have the appropriate permissions to access the item".

My local tech guy, has tried to download Malwarebytes again, and we had issues with getting it to run at all. (same error as above; "Windows cannot access the specified deivice,path,or file. You may not have the appropriate permissions to access the item".)

His advice is to perform an external hard drive backup, (I have in the meantime used MOZY and backed up all files), and then re-load operating system. I have never done this before, but understand I would gain some benefits like original speed, and a "virgin" system again. Worried about time/cost and of course the little things like settings, auto sign-in etc.

should I try to repair with help here, or should I just spend the money and time to re-load?? I am pretty good at following instructions, to run a log, or program or something. Thanks!

PS I have a dds log, but dont know how to insert/attach the zipped file here (!) also, ran the gmer scan, and it seems like the moment it finishes, it disappears , I mean Immediately - gone! cant save it.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal



Here is copy of the dds file;
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Brad at 23:42:48 on 2011-09-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2064 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\1601217111:2824703904.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MozyHome\mozystat.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Norton Download Manager{NAV191028-SHPD-FSD21017}] c:\documents and settings\all users\documents\norton\{nav191028-shpd-fsd21017}\NAVDownloader.exe /m
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware1\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {00120000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.rugbinder.com/cgi-bin/RugDesign.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{5798E104-5776-46CB-B1DC-0F97D83829D0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BB857F48-5917-4EE8-8599-4EE32D999CF7} : DhcpNameServer = 68.87.73.246 68.87.71.230
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware1\mbamservice.exe [2011-9-13 366152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-12 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-13 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-3-17 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-3-17 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-3-17 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-3-17 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-3-17 235840]
S1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys --> c:\program files\symantec antivirus\savrt.sys [?]
S1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\savrtpel.sys --> c:\program files\symantec antivirus\Savrtpel.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S2 IDVaultSvc;CGPS Service;"c:\program files\constant guard protection suite\idvaultsvc.exe" --> c:\program files\constant guard protection suite\IDVaultSvc.exe [?]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110911.002\naveng.sys [2011-9-11 86136]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110911.002\navex15.sys [2011-9-11 1576312]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\savroam.exe" --> c:\program files\symantec antivirus\SavRoam.exe [?]
.
=============== Created Last 30 ================
.
2011-09-28 03:15:42 -------- d-----w- c:\program files\NortonInstaller
2011-09-17 00:38:05 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2011-09-17 00:37:16 -------- d-----w- C:\Netgear
2011-09-14 03:08:31 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-09-14 03:08:28 -------- d-----w- c:\program files\MozyHome
2011-09-13 16:38:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-13 16:38:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-13 16:38:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
2011-09-13 16:28:43 9852544 ----a-w- C:\mbam-setup-1.51.2.1300.exe
2011-09-13 15:50:47 397928 ----a-w- C:\Norton_Download_Manager.exe
2011-09-13 15:47:41 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2011-09-13 15:47:34 -------- d-----w- c:\documents and settings\brad\local settings\application data\ID Vault
2011-09-13 15:46:43 91720 ----a-w- c:\program files\mozilla firefox\IdVaultCore.XmlSerializers.dll
2011-09-13 15:46:43 8007680 ----a-w- c:\program files\mozilla firefox\Microsoft.mshtml.dll
2011-09-13 15:46:43 1614408 ----a-w- c:\program files\mozilla firefox\IdVaultCore.dll
2011-09-13 15:46:43 134728 ----a-w- c:\program files\mozilla firefox\CommonDotNET.dll
2011-09-13 15:46:35 -------- d-----w- c:\documents and settings\brad\application data\ID Vault
2011-09-13 15:46:07 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-09-13 15:45:12 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2011-09-13 15:42:45 8539456 ----a-w- C:\constantguard.exe
2011-09-13 15:06:33 -------- d-----w- c:\documents and settings\brad\local settings\application data\NPE
2011-09-13 15:06:33 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2011-09-12 15:43:55 -------- d-----w- c:\program files\DealScout
2011-09-12 15:43:55 -------- d-----w- c:\documents and settings\brad\application data\WhiteSmokeTranslator
2011-09-12 14:54:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-12 14:54:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-12 14:16:08 -------- d-----w- c:\program files\EasyCleaner
2011-09-12 13:19:18 -------- d-----w- c:\program files\WhiteSmokeTranslator
2011-09-12 13:19:18 -------- d-----w- c:\documents and settings\brad\local settings\application data\WhiteSmoke_Bar
2011-09-12 13:19:16 -------- d-----w- c:\documents and settings\brad\local settings\application data\Conduit
2011-09-12 13:11:33 72080 ----a-w- c:\documents and settings\brad\g2mdlhlpx.exe
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-02 17:12:08 -------- d-----w- c:\documents and settings\brad\local settings\application data\Real
2011-09-02 17:11:19 -------- d-----w- c:\program files\common files\xing shared
.
==================== Find3M ====================
.
2011-09-12 12:07:36 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 23:43:50.96 ===============


Thanks! hope someone can help me get rid of this thing!

This post has been edited by bweesner: 27 September 2011 - 11:56 PM

 attach.txt (23.65K)
Number of downloads: 3

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420813 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  
• A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
    
  • If you were unable to produce the logs originally please try once more.
    
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
  
  
• Please tell us if you have your original Windows CD/DVD available.
  
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:



As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Hi,

Issues are same as documented earlier. Should add the issue with Symantec "Live Update" and scans not opening. Also apparent issue located within; C:\Windows\system32 with errors (Win32.AVKillsvc.e) , "error" "Access violation at address 007C881D in module 'sypbotSD.exe' Write of address 00000011"
---------------------------------------------------------------------------------------------------

dds report -

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Brad at 0:01:13 on 2011-10-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1880 [GMT -4:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\1601217111:2824703904.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware1\mbamservice.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MozyHome\mozystat.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {167D9323-F7CC-48F5-948A-6F012831A69F} - No File
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware1\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {00120000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.rugbinder.com/cgi-bin/RugDesign.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{5798E104-5776-46CB-B1DC-0F97D83829D0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BB857F48-5917-4EE8-8599-4EE32D999CF7} : DhcpNameServer = 68.87.73.246 68.87.71.230
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware1\mbamservice.exe [2011-9-13 366152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-9-12 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-13 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-3-17 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-3-17 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-3-17 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-3-17 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-3-17 235840]
S1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys --> c:\program files\symantec antivirus\savrt.sys [?]
S1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\savrtpel.sys --> c:\program files\symantec antivirus\Savrtpel.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S2 IDVaultSvc;CGPS Service;"c:\program files\constant guard protection suite\idvaultsvc.exe" --> c:\program files\constant guard protection suite\IDVaultSvc.exe [?]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110911.002\naveng.sys [2011-9-11 86136]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110911.002\navex15.sys [2011-9-11 1576312]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\savroam.exe" --> c:\program files\symantec antivirus\SavRoam.exe [?]
.
=============== Created Last 30 ================
.
2011-09-28 09:04:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-17 00:38:05 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2011-09-17 00:37:16 -------- d-----w- C:\Netgear
2011-09-14 03:08:31 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-09-14 03:08:28 -------- d-----w- c:\program files\MozyHome
2011-09-13 16:38:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-13 16:38:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-13 16:38:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
2011-09-13 16:28:43 9852544 ----a-w- C:\mbam-setup-1.51.2.1300.exe
2011-09-13 15:50:47 397928 ----a-w- C:\Norton_Download_Manager.exe
2011-09-13 15:47:41 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2011-09-13 15:47:34 -------- d-----w- c:\documents and settings\brad\local settings\application data\ID Vault
2011-09-13 15:46:43 91720 ----a-w- c:\program files\mozilla firefox\IdVaultCore.XmlSerializers.dll
2011-09-13 15:46:43 8007680 ----a-w- c:\program files\mozilla firefox\Microsoft.mshtml.dll
2011-09-13 15:46:43 1614408 ----a-w- c:\program files\mozilla firefox\IdVaultCore.dll
2011-09-13 15:46:43 134728 ----a-w- c:\program files\mozilla firefox\CommonDotNET.dll
2011-09-13 15:46:35 -------- d-----w- c:\documents and settings\brad\application data\ID Vault
2011-09-13 15:46:07 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-09-13 15:45:12 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2011-09-13 15:42:45 8539456 ----a-w- C:\constantguard.exe
2011-09-13 15:06:33 -------- d-----w- c:\documents and settings\brad\local settings\application data\NPE
2011-09-13 15:06:33 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2011-09-12 15:43:55 -------- d-----w- c:\program files\DealScout
2011-09-12 15:43:55 -------- d-----w- c:\documents and settings\brad\application data\WhiteSmokeTranslator
2011-09-12 14:54:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-12 14:54:02 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-12 14:16:08 -------- d-----w- c:\program files\EasyCleaner
2011-09-12 13:19:18 -------- d-----w- c:\program files\WhiteSmokeTranslator
2011-09-12 13:19:18 -------- d-----w- c:\documents and settings\brad\local settings\application data\WhiteSmoke_Bar
2011-09-12 13:19:16 -------- d-----w- c:\documents and settings\brad\local settings\application data\Conduit
2011-09-12 13:11:33 72080 ----a-w- c:\documents and settings\brad\g2mdlhlpx.exe
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-12 12:07:36 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 0:01:57.22 ===============


-------------------------------------------------------------------------------------------------------

gmer report -

As before, the scan runs, goes thru the systems/files etc, and then abruptly closes. It is my opionon that the file had finished, and something is making it immediately close. I could be wrong, and this is aborted at some point.. It all goes too fast to really tell. Scan runs total of maybe 1.5 min.





--------------------------------------------------------------------------------------------------
Microsoft Windows XP Professional, Version 5.1.2600 Service Pack 3 Build 2600
Model; Vostro 1710 , System Type; X86-based PC
32 bit.
BIOS Version/Date; Dell Inc. A10. 10/9/2008 , SMBIOS Version 2.4
Hardware abstraction; Version = "5.1.2600.5574 (xpsp_sp3_gdr.080402-1256)"

total physical memory - 1.97GB, Page File space 4.84GB
---------------------------------------------------------------------------------------

** Not sure if I have original operating system disk, but I am pretty sure that I do. I can find it.



Please give me direction, I can follow most steps on my end quickly!
Thanks
brad

Hello bweesner,


I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy and as you can see the logs we ask for are very extensive and take a lot of time to investigate.

Please subscribe to this topic.

• Click on the Watch Topic button
  
• Select Immediate Notification
  
• Click on Proceed.

Make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box. Do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Please read carefully all directions and instructions. If you are instructed to save a tool to the desktop please save it to the desktop. If you have since resolved the original problem you were having, we would appreciate you letting us know.

I will look over your logs and be back with instructions.


Thanks!!

Hi bweesner,


Step 1.


Please download DummyCreator.zip and unzip it.

• Run the tool.
  
• Copy and paste the following into the edit box:
  
  C:\WINDOWS\1601217111.exe
  
  
• Press Create button and post the content of the Result.txt.
  
  Important: Restart the computer.

Step 2.


Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2

• Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to Disable your Security Applications
  
  
  Note - If you have CA installed, due to recent changes in how this AV targets the tool's internal files, it must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download Opswat AppRemover http://www.appremover.com/supported-applications <----Important
  Refer to this page if you are not sure how.
  
  
• Close any open windows, including this one.
  
• Double click on ComboFix.exe & follow the prompts.
  
• For XP users only, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• If you did not have it installed, you will see the prompt below. Choose YES.
  
  
• 
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
  
  
• Click on Yes, to continue scanning for malware.
  
• When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.


In your next reply please include the following:


Contents of Result.txt
ComboFix.txt


How is your computer running now?


Thanks!!

Thanks,
here is Dummy Creator results;
________________________________________________________________________________________
DummyCreator by Farbar
Ran by Brad (administrator) on 03-10-2011 at 22:13:25
**************************************************************

C:\WINDOWS\1601217111.exe [03-10-2011 22:13:25]

== End of log ==
_____________________________________________________________________________________________-


I will restart computer now.

Forgot to go to My Computer and "show" hidden files/folders. Once I did this, I re- downloaded DummyCreator and ran again. here are results.
_______________________________________________________________
DummyCreator by Farbar
Ran by Brad (administrator) on 03-10-2011 at 22:43:09
**************************************************************

C:\WINDOWS\1601217111.exe [03-10-2011 22:43:09]

== End of log ==
______________________________________________________________________________

Note; during process of going to my computer; I erroneously did a "right click" on My Computer in the start window. As usual, the error prompt of; "I) When right clicking an icon, or item to perform functions such as; "delete, re-name, etc.." I get warning window saying
"The feature you are trying to use is on a network resource that is unavailable" "Click OK to try again or enter an alterante path to a folder containning the installatiion package 'SYMANTEC ANTIVIURS.MSI' in the box below;" Box shows; "Use source:" and shows in window; "C:\Documents and Settings\Brad\Desktop\SAV\". A Second box is in the background with title of; Window Installer and in box area simply reads " Preparing to install.." with a button that offers "cancel". Normally, I just hit cancel on the first superimposed box, and then the regular gray vertical pane bar showing options to copy/cut/paste/rename/delete,, etc shows and I can select. THIS TIME, the computer screen froze. The mouse cursor was moving, but not recognition of any icons, etc.

While writing this text, warning message box appears; "File Download - Security warning" " Do you want to open or save this file? " " Name: Navcancl Type: HTML Document, 2.64KB From: ieframe.dll"

I pressed the X to close the box.
________________________________________________________________________________________________________

Combo Fix step will follow.

Thank you for your help!
Brad

I have found help thru Norton Anti virus managers' and ran Combo Fix, and all is well. Thank you for helping me,
Brad

Hi bweesner,


I will let you know when you are clean. Please post ComboFix.txt.

If it is not on your desktop it can be found at C:\ComboFix.txt


Update programs


Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

• Download the latest version of Adobe Reader Version X. and save it to your desktop.
  
• Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  
• Click the download button at the bottom.
  
• If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  
• Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
  If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  
• Then from your desktop double-click on Adobe Reader to install the newest version.
  If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the "Adobe Setup - Welcome" window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!



Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
  
• Drive-by Trojan preying on out-of-date Java installations
  
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "Java Platform, Standard Edition".
  
• Click the "Download JRE" button to the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• From the list, select your OS and Platform (32-bit or 64-bit).
  
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  
• Click Ok and reboot your computer.

In your next reply please include the following:


ComboFix.txt


How is your computer running? Are you still having problems opening/running programs?



Thanks!!

OK, thanks!
here is combo log file;



ComboFix 11-10-03.01 - Brad 10/04/2011 4:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2664 [GMT -4:00]
Running from: c:\documents and settings\Brad\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Brad\g2mdlhlpx.exe
c:\documents and settings\Brad\Start Menu\Programs\Windows XP Restore
c:\documents and settings\Brad\Start Menu\Programs\Windows XP Restore\Uninstall Windows XP Restore.lnk
c:\documents and settings\Brad\Start Menu\Programs\Windows XP Restore\Windows XP Restore.lnk
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\$NtUninstallKB55298$
c:\windows\$NtUninstallKB55298$\3210059207
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\1601217111
c:\windows\system32\
c:\windows\system32\c_47952.nls
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\
.
Infected copy of c:\windows\system32\drivers\Fips.sys was found and disinfected
Restored copy from - The cat found it
Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP954\A0088539.sys
.
c:\program files\MozyHome\mozybackup.exe . . . is infected!!
c:\program files\MozyHome\mozybackup.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.i8042prt
-------\Service_57a2705f
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-04 08:21 . 2011-10-04 08:21 -------- d-----w- c:\program files\NoNAV
2011-10-04 08:04 . 2011-10-04 08:21 -------- d-----w- C:\SymNoNav
2011-10-04 05:28 . 2011-10-04 05:28 1242 ----a-w- C:\backup.reg
2011-10-04 05:21 . 2011-10-04 05:22 48016 --sha-w- c:\windows\system32\c_47952.nl_
2011-10-04 02:43 . 2011-10-04 02:43 -------- d-----w- c:\windows\1601217111.exe
2011-09-28 09:04 . 2011-09-28 09:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-17 01:19 . 2011-09-17 01:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-17 00:38 . 2010-06-07 03:12 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2011-09-17 00:37 . 2011-09-17 01:01 -------- d-----w- C:\Netgear
2011-09-14 03:08 . 2011-08-04 19:15 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-09-14 03:08 . 2011-10-04 08:49 -------- d-----w- c:\program files\MozyHome
2011-09-13 16:38 . 2011-09-13 16:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-13 16:38 . 2011-10-04 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
2011-09-13 16:28 . 2011-09-13 16:28 9852544 ----a-w- C:\mbam-setup-1.51.2.1300.exe
2011-09-13 15:47 . 2011-09-13 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2011-09-13 15:47 . 2011-09-13 15:48 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\ID Vault
2011-09-13 15:46 . 2011-08-31 21:36 91720 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2011-09-13 15:46 . 2011-08-31 21:36 1614408 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.dll
2011-09-13 15:46 . 2011-08-31 21:36 134728 ----a-w- c:\program files\Mozilla Firefox\CommonDotNET.dll
2011-09-13 15:46 . 2011-08-31 21:33 8007680 ----a-w- c:\program files\Mozilla Firefox\Microsoft.mshtml.dll
2011-09-13 15:46 . 2011-09-13 15:46 -------- d-----w- c:\documents and settings\Brad\Application Data\ID Vault
2011-09-13 15:46 . 2011-10-04 04:16 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-09-13 15:45 . 2011-09-13 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
2011-09-13 15:42 . 2011-09-13 15:42 8539456 ----a-w- C:\constantguard.exe
2011-09-13 15:06 . 2011-09-13 15:22 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\NPE
2011-09-12 17:11 . 2011-09-12 17:11 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-09-12 17:11 . 2011-09-12 17:11 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-09-12 17:11 . 2011-09-12 17:11 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-09-12 17:11 . 2011-09-12 17:11 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-09-12 17:11 . 2011-09-12 17:11 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-09-12 17:11 . 2011-09-12 17:11 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-09-12 17:11 . 2011-09-12 17:11 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-09-12 15:43 . 2011-09-12 15:43 -------- d-----w- c:\program files\DealScout
2011-09-12 15:43 . 2011-09-12 15:43 -------- d-----w- c:\documents and settings\Brad\Application Data\WhiteSmokeTranslator
2011-09-12 14:54 . 2011-10-04 05:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-12 13:19 . 2011-09-13 15:25 -------- d-----w- c:\program files\WhiteSmokeTranslator
2011-09-12 13:19 . 2011-09-12 15:43 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\WhiteSmoke_Bar
2011-09-12 13:19 . 2011-09-12 15:43 -------- d-----w- c:\documents and settings\Brad\Local Settings\Application Data\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 12:07 . 2009-03-25 19:46 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-09-09 09:12 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-25 09:49 . 2011-08-25 09:49 53683 ----a-w- C:\champignon.zip
2011-08-25 09:44 . 2011-08-25 09:41 38795 ----a-w- c:\windows\english.zip
2011-08-25 09:40 . 2011-08-25 09:40 38795 ----a-w- C:\english.zip
2011-07-15 13:29 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2008-04-25 16:16 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-08-04 19:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-08-04 19:15 3512088 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-05-21 1025264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 3674904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-09-30 18:18 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Constant Guard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
backup=c:\windows\pss\Constant Guard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-02-21 21:24 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-12-18 04:02 2289664 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2008-02-22 17:43 1245184 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-01 18:09 136176 ----atw- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-08-19 19:40 13762560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-08-19 19:41 86016 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-08-19 19:40 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-08-19 19:41 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM13Mon.exe]
2008-07-16 21:32 36864 ----a-w- c:\windows\OEM13Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-21 21:21 16855552 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-17 20:39 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-26 03:10 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-06 12:57 1434920 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-09-02 17:10 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LMIRescue_357825ee-276b-4278-a29f-9c02f031fca3"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)
"stllssvr"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SavRoam"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"LMIRescue_edb96268-e98c-4ac0-bd8d-8aa648874a3f"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDVaultSvc"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"GoToAssist"=3 (0x3)
"Bonjour Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"=
"c:\\Documents and Settings\\Brad\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Real\\RealPlayer\\recordingmanager.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\supportsoft\\bin\\bcont.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\OGAEXEC.exe"=
"c:\\Documents and Settings\\Brad\\My Documents\\Downloads\\NPE.exe"=
"c:\\WINDOWS\\system32\\w32tm.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\CLVIEW.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [3/17/2009 6:25 PM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [3/17/2009 6:25 PM 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [3/17/2009 6:25 PM 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [3/17/2009 6:25 PM 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [3/17/2009 6:25 PM 235840]
S2 LMIRescue_5031d9d1-7abe-4b1f-9e02-b5fd0b011c9a;LogMeIn Rescue (5031d9d1-7abe-4b1f-9e02-b5fd0b011c9a);"c:\docume~1\Brad\LOCALS~1\Temp\LMIR0003.tmp\LMI_Rescue_srv.exe" -service -sid 5031d9d1-7abe-4b1f-9e02-b5fd0b011c9a --> c:\docume~1\Brad\LOCALS~1\Temp\LMIR0003.tmp\LMI_Rescue_srv.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 10:42 PM 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 10:42 PM 135664]
S4 IDVaultSvc;CGPS Service;"c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe" --> c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [?]
S4 LMIRescue_edb96268-e98c-4ac0-bd8d-8aa648874a3f;LogMeIn Rescue (edb96268-e98c-4ac0-bd8d-8aa648874a3f);"c:\docume~1\Brad\LOCALS~1\Temp\LMIR0002.tmp\LMI_Rescue_srv.exe" -service -sid edb96268-e98c-4ac0-bd8d-8aa648874a3f --> c:\docume~1\Brad\LOCALS~1\Temp\LMIR0002.tmp\LMI_Rescue_srv.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 02:42]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 02:42]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1495673014-3630489546-1394584288-1006Core.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 18:09]
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1495673014-3630489546-1394584288-1006UA.job
- c:\documents and settings\Brad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 18:09]
.
2011-10-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1495673014-3630489546-1394584288-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2011-10-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1495673014-3630489546-1394584288-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2011-10-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1495673014-3630489546-1394584288-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
2011-10-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1495673014-3630489546-1394584288-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
DPF: {00120000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.rugbinder.com/cgi-bin/RugDesign.CAB
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\VPTray.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Brad\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-04 04:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.redbook]
"ImagePath"="\*"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(820)
c:\windows\system32\WININET.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-10-04 04:58:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-04 08:58
ComboFix2.txt 2011-06-13 21:02
.
Pre-Run: 147,804,422,144 bytes free
Post-Run: 149,799,944,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7D2530A1B23A736CBF73042108DE0052

___________________________________________________________________________________________________________________________


Have also update per instructions; Java and Adobe.

Let me know what to do next,
thanks Brad

This post has been edited by bweesner: 04 October 2011 - 09:37 AM

Hi bweesner,

Good Job!

I see you have GoToAssist and LogMeIn Rescue installed. As with any remote programs be sure to have strong passwords.

I suggest you remove the WhiteSmoke Bar Toolbar. You can read more about it here

c:\program files\MozyHome\mozybackup.exe was infected and there was no backup. You might need to reinstall the program.


We need to run a Combofix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <<----Important
3. Open notepad and copy/paste the text in the codebox below into it:

Folder::
c:\windows\1601217111.exe

File::
c:\windows\system32\c_47952.nl_

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

If Combofix prompts you to update the program please allow it to do so.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



In your next reply please include the following:

ComboFix.txt


Are you still having problems opening/running programs?


Thanks!!

Hi bweesner,

Are you still with me? There are remnants of the infection we need to take care of.



Thanks!!

I am still with you!! Sorry!

Please advise; I was trying to get Mozy to backup regularly, concerned about your comment, and indeed was not backing up. In process of all of this, Norton, etc.. I called Dell to be sure that I had correct operating software CDs still. Mentioned noise in my computer, and where it was, , bottom line, I need new hard drive. Under warranty, and should replace this on Tuesday. With this news, I didnt know if we should continue, or wait.

I guess with new hard drive, then I will have no issues - so please advise what you prefer.

Thanks and sorry for letting so much time go by. You must be amazed as to how we all beg for help first, and then dont respond quickly!
thanks,
Brad

Here is new dds scan report;

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Brad at 23:40:04 on 2011-10-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2060 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\Apoint.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {00120000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.rugbinder.com/cgi-bin/RugDesign.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{BB857F48-5917-4EE8-8599-4EE32D999CF7} : DhcpNameServer = 68.87.73.246 68.87.71.230
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1301010.003\symds.sys [2011-10-6 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1301010.003\symefa.sys [2011-10-6 897656]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\bashdefs\20110929.001\BHDrvx86.sys [2011-9-29 816760]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1301010.003\ccsetx86.sys [2011-10-6 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1301010.003\ironx86.sys [2011-10-6 149624]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.1.1.3\ccsvchst.exe [2011-10-6 138760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-6 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\ipsdefs\20111007.030\IDSXpx86.sys [2011-10-7 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\virusdefs\20111007.019\NAVENG.SYS [2011-10-7 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\virusdefs\20111007.019\NAVEX15.SYS [2011-10-7 1576312]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-3-17 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-3-17 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-3-17 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-3-17 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-3-17 235840]
S2 LMIRescue_5031d9d1-7abe-4b1f-9e02-b5fd0b011c9a;LogMeIn Rescue (5031d9d1-7abe-4b1f-9e02-b5fd0b011c9a);"c:\docume~1\brad\locals~1\temp\lmir0003.tmp\lmi_rescue_srv.exe" -service -sid 5031d9d1-7abe-4b1f-9e02-b5fd0b011c9a --> c:\docume~1\brad\locals~1\temp\lmir0003.tmp\LMI_Rescue_srv.exe [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S4 IDVaultSvc;CGPS Service;"c:\program files\constant guard protection suite\idvaultsvc.exe" --> c:\program files\constant guard protection suite\IDVaultSvc.exe [?]
S4 LMIRescue_edb96268-e98c-4ac0-bd8d-8aa648874a3f;LogMeIn Rescue (edb96268-e98c-4ac0-bd8d-8aa648874a3f);"c:\docume~1\brad\locals~1\temp\lmir0002.tmp\lmi_rescue_srv.exe" -service -sid edb96268-e98c-4ac0-bd8d-8aa648874a3f --> c:\docume~1\brad\locals~1\temp\lmir0002.tmp\LMI_Rescue_srv.exe [?]
.
=============== Created Last 30 ================
.
2011-10-06 23:29:34 -------- d-----w- c:\program files\common files\HP
2011-10-06 23:26:28 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2011-10-06 08:36:11 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-10-06 05:37:30 897656 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symefa.sys
2011-10-06 05:37:30 566904 ----a-w- c:\windows\system32\drivers\nav\1301010.003\srtsp.sys
2011-10-06 05:37:30 387192 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symtdi.sys
2011-10-06 05:37:30 344184 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symtdiv.sys
2011-10-06 05:37:30 340088 ----a-r- c:\windows\system32\drivers\nav\1301010.003\symds.sys
2011-10-06 05:37:30 31864 ----a-w- c:\windows\system32\drivers\nav\1301010.003\srtspx.sys
2011-10-06 05:37:30 314488 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symnets.sys
2011-10-06 05:37:30 149624 ----a-w- c:\windows\system32\drivers\nav\1301010.003\ironx86.sys
2011-10-06 05:37:30 132744 ----a-w- c:\windows\system32\drivers\nav\1301010.003\ccsetx86.sys
2011-10-06 05:28:28 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-10-06 05:28:28 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-06 05:28:28 -------- d-----w- c:\program files\Symantec
2011-10-06 05:28:28 -------- d-----w- c:\program files\common files\Symantec Shared
2011-10-06 05:27:59 -------- d-----w- c:\program files\Norton AntiVirus
2011-10-06 04:09:08 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0401000.00F
2011-10-06 04:09:08 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2011-10-06 04:09:05 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2011-10-05 03:56:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 16:31:53 103784 ----a-w- c:\documents and settings\brad\GoToAssistDownloadHelper.exe
2011-10-04 16:31:49 -------- d-----w- c:\documents and settings\brad\local settings\application data\Sun
2011-10-04 14:31:38 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-04 14:31:38 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-04 14:05:31 -------- d-----w- c:\documents and settings\brad\local settings\application data\Solid State Networks
2011-10-04 09:25:47 -------- d-----w- c:\windows\system32\drivers\nav\1301010.003
2011-10-04 09:23:15 -------- d-----w- c:\windows\system32\drivers\NAV
2011-10-04 09:23:12 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-10-04 09:23:05 -------- d-----w- c:\program files\NortonInstaller
2011-10-04 09:23:05 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-10-04 08:34:53 -------- d-sha-r- C:\cmdcons
2011-10-04 08:21:36 -------- d-----w- c:\program files\NoNAV
2011-10-04 08:04:36 -------- d-----w- C:\SymNoNav
2011-10-04 05:28:03 1242 ----a-w- C:\backup.reg
2011-10-04 05:21:46 48016 --sha-w- c:\windows\system32\c_47952.nl_
2011-10-04 02:43:09 -------- d-----w- c:\windows\1601217111.exe
2011-09-17 00:38:05 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
2011-09-17 00:37:16 -------- d-----w- C:\Netgear
2011-09-14 03:08:28 -------- d-----w- c:\program files\MozyHome
2011-09-13 16:38:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-13 16:38:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware1
2011-09-13 16:28:43 9852544 ----a-w- C:\mbam-setup-1.51.2.1300.exe
2011-09-13 15:47:41 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2011-09-13 15:47:34 -------- d-----w- c:\documents and settings\brad\local settings\application data\ID Vault
2011-09-13 15:46:43 91720 ----a-w- c:\program files\mozilla firefox\IdVaultCore.XmlSerializers.dll
2011-09-13 15:46:43 8007680 ----a-w- c:\program files\mozilla firefox\Microsoft.mshtml.dll
2011-09-13 15:46:43 1614408 ----a-w- c:\program files\mozilla firefox\IdVaultCore.dll
2011-09-13 15:46:43 134728 ----a-w- c:\program files\mozilla firefox\CommonDotNET.dll
2011-09-13 15:46:35 -------- d-----w- c:\documents and settings\brad\application data\ID Vault
2011-09-13 15:46:07 -------- d-----w- c:\program files\Constant Guard Protection Suite
2011-09-13 15:45:12 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2011-09-13 15:42:45 8539456 ----a-w- C:\constantguard.exe
2011-09-13 15:06:33 -------- d-----w- c:\documents and settings\brad\local settings\application data\NPE
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-09-12 17:11:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2011-09-12 15:43:55 -------- d-----w- c:\program files\DealScout
2011-09-12 15:43:55 -------- d-----w- c:\documents and settings\brad\application data\WhiteSmokeTranslator
2011-09-12 14:54:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-12 13:19:18 -------- d-----w- c:\program files\WhiteSmokeTranslator
2011-09-12 13:19:18 -------- d-----w- c:\documents and settings\brad\local settings\application data\WhiteSmoke_Bar
2011-09-12 13:19:16 -------- d-----w- c:\documents and settings\brad\local settings\application data\Conduit
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 23:41:34.32 ===============