Sorry for the delay, due to problems with various and sundry issues - not the least of which being some computer problems, I was delayed in responding to my last thread (topic275539) (http://www.bleepingcomputer.com/forums/topic275539.html) and it was closed before I could post my ComboFix log file. SifuMike was kind enough to get me this far in the process, and I would love to continue the scrubbing of my machine.
Again, I apologize for the delay, and hope we can continue on. Here is my ComboFix log:
ComboFix 09-12-26.05 - Peggy Finarelli 12/27/2009 20:49:36.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.186 [GMT -5:00]
Running from: c:\documents and settings\Peggy Finarelli\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\LOG.TXT
c:\windows\AUTOLNCH.REG
c:\windows\SYSTEM32\bdeeg.ini
c:\windows\system32\bdeeg.ini2
c:\windows\system32\drivers\fad.sys
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.
2009-12-08 23:50 . 2009-12-08 23:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-08 23:42 . 2009-12-10 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\documents and settings\Peggy Finarelli\Application Data\Malwarebytes
2009-12-08 03:09 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-08 03:09 . 2009-12-08 03:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 03:09 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 02:58 . 2009-12-08 02:56 411368 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 09:00 . 2009-12-28 01:40 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091227.023\CCERASER.DLL
2009-12-08 23:54 . 2004-08-04 17:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-08 23:46 . 2009-12-08 23:46 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-08 02:56 . 2004-07-09 21:48 -------- d-----w- c:\program files\Java
2009-12-08 02:53 . 2009-12-08 02:53 152576 ----a-w- c:\documents and settings\Peggy Finarelli\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-08 02:52 . 2009-12-08 02:52 79488 ----a-w- c:\documents and settings\Peggy Finarelli\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-08 02:51 . 2004-07-09 22:00 -------- d-----w- c:\program files\MUSICMATCH
2009-12-08 02:40 . 2008-11-16 03:23 28352 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2009-12-08 02:40 . 2005-03-26 18:29 -------- d-----w- c:\program files\Google
2009-12-08 02:39 . 2004-07-09 21:51 -------- d-----w- c:\program files\Dell
2009-12-08 02:38 . 2004-07-09 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-20 11:08 . 2009-12-08 23:56 38784 ----a-w- c:\documents and settings\Peggy Finarelli\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-29 07:45 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-03-19 22:41 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-03-19 22:42 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-03-19 22:42 79872 ----a-w- c:\windows\system32\raschap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-07-09 77824]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-07-01 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
c:\documents and settings\Peggy Finarelli\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-8-4 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-9 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2007-6-2 315392]
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
Microsoft Office.lnk - c:\program files\Powerpoint 2002\Office10\OSA.EXE [2001-2-13 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\SymEFA.sys [9/8/2009 6:04 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\BHDrvx86.sys [9/8/2009 6:04 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\cchpx86.sys [9/8/2009 6:03 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [12/18/2009 4:37 PM 329592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 5:31 AM 102448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Peggy Finarelli\Application Data\Mozilla\Firefox\Profiles\aouvtoja.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{4DCF162E-3F43-40C0-AE10-2B9A57F025E9} - c:\windows\system32\geedb.dll
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-{45EBDA59-D33B-433A-956E-B2F236468B56} - c:\progra~1\MUSICM~1\MUSICM~2\unmatch.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 21:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3188)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
.
**************************************************************************
.
Completion time: 2009-12-27 21:14:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-28 02:14
Pre-Run: 21,822,210,048 bytes free
Post-Run: 24,898,433,024 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 5AF53DD510D65E14F65AAC7CB34578BB