win32.trojandownloader.agent removal help

A

addictzero

New member
Ive got this somewhere in the system. Found it through ad-aware.

heres my HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:23 AM, on 7/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Webshots\Webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [MSServer] "rundll32.exe" C:\Windows\system32\ssqQkLfG.dll,#1
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Host Process] C:\Users\Jaime\svchost.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Jaime\AppData\Local\Temp\geBsstuu.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Jaime\AppData\Local\Temp\wvUnLBRJ.dll,#1
O4 - HKCU\..\Run: [26e76736] rundll32.exe "C:\Users\Jaime\AppData\Local\Temp\swkmvkuo.dll",b
O4 - HKCU\..\Run: [BM25d454aa] Rundll32.exe "C:\Users\Jaime\AppData\Local\Temp\rnmrwofg.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3497426329-196693940-3450494876-1001\..\Run: [TClockEx] "C:\Program Files\TClockEx\TCLOCKEX.EXE" (User 'Anastasia')
O4 - HKUS\S-1-5-21-3497426329-196693940-3450494876-1001\..\Run: [BM25d454aa] Rundll32.exe "C:\Users\ANASTA~1\AppData\Local\Temp\ilrnqxgq.dll",s (User 'Anastasia')
O4 - HKUS\S-1-5-21-3497426329-196693940-3450494876-1001\..\Run: [cmds] rundll32.exe C:\Users\ANASTA~1\AppData\Local\Temp\ljJAqRKE.dll,c (User 'Anastasia')
O4 - HKUS\S-1-5-21-3497426329-196693940-3450494876-1001\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe (User 'Anastasia')
O4 - S-1-5-21-3497426329-196693940-3450494876-1001 Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (User 'Anastasia')
O4 - S-1-5-21-3497426329-196693940-3450494876-1001 Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (User 'Anastasia')
O4 - S-1-5-21-3497426329-196693940-3450494876-1001 Startup: Ferndale Public Library Tray App.lnk = ? (User 'Anastasia')
O4 - S-1-5-21-3497426329-196693940-3450494876-1001 Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Anastasia')
O4 - S-1-5-21-3497426329-196693940-3450494876-1001 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Anastasia')
O4 - S-1-5-21-3497426329-196693940-3450494876-1001 User Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (User 'Anastasia')
O4 - S-1-5-21-3497426329-196693940-3450494876-1001 User Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (User 'Anastasia')
O4 - S-1-5-21-3497426329-196693940-3450494876-1001 User Startup: Ferndale Public Library Tray App.lnk = ? (User 'Anastasia')
O4 - S-1-5-21-3497426329-196693940-3450494876-1001 User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (User 'Anastasia')
O4 - S-1-5-21-3497426329-196693940-3450494876-1001 User Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Anastasia')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5343/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11384 bytes

Anything helps. Thanks.
 
Hi addictzero

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.

Post:

- mbam report
- dss logs (taken after mbam run)
 
Log follow-ups... Also, Spybot found virtumonde!

After tooling around, the SB scan found a virtumonde virus, so I guess it's more than just the original problem I found.

Here is
MBAM
MAIN
EXTRA

Thanks a ton for your help.

Mbam:

Malwarebytes' Anti-Malware 1.23
Database version: 990
Windows 6.0.6001 Service Pack 1

5:06:50 AM 7/25/2008
mbam-log-7-25-2008 (05-06-50).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 146570
Time elapsed: 2 hour(s), 20 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Anastasia\AppData\Local\Temp\ljJAqRKE.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Anastasia\AppData\Local\Temp\cylbfspv.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Anastasia\AppData\Local\Temp\ljJAqRKE.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Anastasia\AppData\Local\Temp\cylbfspv.dll (Trojan.Vundo) -> Delete on reboot.
C:\QooBox\Quarantine\C\Windows\mrofinu1188.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jaime\AppData\Local\Temp\awttRhEV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jaime\AppData\Local\Temp\yyhsmbhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


MAIN:

Deckard's System Scanner v20071014.68
Run by Jaime on 2008-07-25 10:11:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-07-25 12:47:02 UTC - RP375 - Scheduled Checkpoint
8: 2008-07-24 21:56:07 UTC - RP374 - Scheduled Checkpoint
7: 2008-07-24 03:56:48 UTC - RP373 - Windows Update
6: 2008-07-24 00:11:02 UTC - RP372 - ComboFix created restore point
5: 2008-07-23 20:40:01 UTC - RP371 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-07-22 05:51:01 UTC - RP365 - Installed Ad-Aware


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jaime.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:27 AM, on 7/25/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\Webshots.scr
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Jaime\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jaime.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5343/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9042 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 PermissionTVDownloadManager (PermissionTV Download Manager Service) - c:\progra~1\permis~1\bin\dm.exe <Not Verified; PermissionTV; PermissionTV Download Manager>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-18 20:21:34 496 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Anastasia.job


-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-25 02:37:34 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-25 02:37:34 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-25 01:33:36 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-24 13:06:48 0 d-------- C:\Program Files\LimeWire
2008-07-23 17:10:22 68096 --a------ C:\Windows\zip.exe
2008-07-23 17:10:22 49152 --a------ C:\Windows\VFind.exe
2008-07-23 17:10:22 98816 --a------ C:\Windows\sed.exe
2008-07-23 17:10:22 80412 --a------ C:\Windows\grep.exe
2008-07-23 17:10:22 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-23 17:10:21 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-23 17:10:01 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-23 00:47:17 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-21 22:51:42 0 d-------- C:\Program Files\Lavasoft
2008-07-21 22:51:40 0 d-------- C:\Users\All Users\Lavasoft
2008-07-21 22:50:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-21 21:07:04 0 d-------- C:\Windows\McAfee.com
2008-07-21 20:04:54 4580 --a------ C:\Windows\system32\tmp.reg
2008-07-21 12:23:22 164 --a------ C:\install.dat
2008-07-21 12:17:11 0 d-------- C:\Program Files\Trend Micro
2008-07-21 11:18:24 0 d-------- C:\Windows\system32\carH18


-- Find3M Report ---------------------------------------------------------------

2008-07-25 02:37:39 0 d-------- C:\Users\Jaime\AppData\Roaming\Malwarebytes
2008-07-25 01:35:35 0 d-------- C:\Program Files\Common Files
2008-07-25 00:47:52 0 d-------- C:\Program Files\PermissionTV
2008-07-24 13:54:06 0 d-------- C:\Users\Jaime\AppData\Roaming\LimeWire
2008-07-23 18:53:10 0 d-------- C:\Program Files\Dl_cats
2008-07-23 00:26:37 0 d-------- C:\Users\Jaime\AppData\Roaming\Mozilla
2008-07-21 20:04:54 35 --a------ C:\Users\Jaime\AppData\Roaming\SetValue.bat
2008-07-21 20:04:54 691 --a------ C:\Users\Jaime\AppData\Roaming\GetValue.vbs
2008-07-21 12:10:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-21 12:10:13 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-21 12:10:11 0 d-------- C:\Program Files\Microsoft Works
2008-07-21 12:10:11 0 d-------- C:\Program Files\Google
2008-07-09 01:27:20 0 d-------- C:\Program Files\Windows Mail
2008-06-24 18:32:57 0 d-------- C:\Program Files\Image-Line
2008-06-24 18:32:46 0 d-------- C:\Program Files\VstPlugins
2008-06-24 18:26:23 0 d-------- C:\Program Files\coolpro2
2008-06-24 17:50:30 0 d-------- C:\Users\Jaime\AppData\Roaming\Syntrillium
2008-06-13 16:38:40 174 --ahs---- C:\Program Files\desktop.ini
2008-06-13 16:30:38 0 d-------- C:\Program Files\Windows Calendar
2008-06-13 16:30:37 0 d-------- C:\Program Files\Windows Sidebar
2008-06-13 16:30:37 0 d-------- C:\Program Files\Movie Maker
2008-06-13 16:30:36 0 d-------- C:\Program Files\Windows Collaboration
2008-06-13 16:30:35 0 d-------- C:\Program Files\Windows Photo Gallery
2008-06-13 16:30:32 0 d-------- C:\Program Files\Windows Defender


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 07:36 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 08:37 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [01/02/2008 03:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [01/02/2008 03:06 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [01/02/2008 03:07 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/02/2007 06:43 PM]
"DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [10/15/2006 10:31 PM]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [11/03/2006 03:04 PM]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [01/12/2007 09:57 AM]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [11/03/2006 03:09 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 08:35 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/22/2007 05:58 PM]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [03/16/2007 03:20 AM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [12/03/2006 04:23 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/03/2006 04:25 PM]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 02:23 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 08:37 AM]
"RtHDVCpl"="RtHDVCpl.exe" [05/11/2007 06:26 AM C:\Windows\RtHDVCpl.exe]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [07/23/2008 08:09 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 12:33 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [12/02/2007 08:25 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 09:09 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]

C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [8/25/2007 1:18:23 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/22/2007 5:44:25 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [8/25/2007 1:18:23 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-25 10:14:38 ------------

EXTRA:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 2036.45 MiB / 1157.62 MiB
Pagefile Memory (total/avail): 4312.2 MiB / 3359.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1898.18 MiB

C: is Fixed (NTFS) - 138.96 GiB total, 22.39 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6.85 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160815AS ATA Device - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 138.96 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton Internet Security v2007 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Jaime\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BIRDCOMPUTER
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Jaime
LOCALAPPDATA=C:\Users\Jaime\AppData\Local
LOGONSERVER=\\BIRDCOMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Jaime\AppData\Local\Temp
TMP=C:\Users\Jaime\AppData\Local\Temp
USERDOMAIN=BirdComputer
USERNAME=Jaime
USERPROFILE=C:\Users\Jaime
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Jaime
Anastasia


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CloneDVDmobile --> "C:\Program Files\SlySoft\CloneDVDmobile\CloneDVDmobile-uninst.exe" /D="C:\Program Files\SlySoft\CloneDVDmobile"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Conexant D850 PCI V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -IDel200fz.inf
Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
Dell DataSafe Online --> MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell PC Fax --> C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926 --> C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
Dell Support Center --> MsiExec.exe /I{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
doPDF 5.2 printer --> "C:\Program Files\Softland\doPDF 5\unins000.exe"
FL Studio 5 --> C:\Program Files\Image-Line\FLStudio5\uninstall.exe
Games, Music, & Photos Launcher --> MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel(R) PRO Network Connections 12.1.11.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
PermissionTV Download Manager --> "C:\Program Files\PermissionTV\unins001.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Product Documentation Launcher --> MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rm to Mp3 Wav Convertor 2.15 --> "C:\Program Files\Rm to Mp3 Wav Convertor\unins000.exe"
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari --> MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TClockEx --> "C:\Program Files\TClockEx\unins000.exe"
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type42865 / Success
Event Submitted/Written: 07/25/2008 05:10:12 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type42864 / Success
Event Submitted/Written: 07/25/2008 05:10:10 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type42863 / Success
Event Submitted/Written: 07/25/2008 05:10:09 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type42847 / Warning
Event Submitted/Written: 07/25/2008 05:08:15 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-3497426329-196693940-3450494876-1001:
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Policies\Microsoft\SystemCertificates
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Policies\Microsoft\SystemCertificates
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Policies\Microsoft\SystemCertificates
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Policies\Microsoft\SystemCertificates
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Microsoft\SystemCertificates\My
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Microsoft\SystemCertificates\CA
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Microsoft\SystemCertificates\trust
Process 616 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1001\Software\Microsoft\SystemCertificates\Root

Event Record #/Type42843 / Warning
Event Submitted/Written: 07/25/2008 05:08:03 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-3497426329-196693940-3450494876-1000:
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Microsoft\SystemCertificates\Root
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Microsoft\SystemCertificates\trust
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Microsoft\SystemCertificates\My
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Microsoft\SystemCertificates\CA
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Policies\Microsoft\SystemCertificates
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Policies\Microsoft\SystemCertificates
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Policies\Microsoft\SystemCertificates
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Policies\Microsoft\SystemCertificates
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1508 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3497426329-196693940-3450494876-1000\Software\Microsoft\SystemCertificates\SmartCardRoot



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type114304 / Error
Event Submitted/Written: 07/25/2008 05:10:07 AM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type114277 / Warning
Event Submitted/Written: 07/25/2008 02:45:16 AM
Event ID/Source: 27 / e1express
Event Description:
Intel(R) 82562V-2 10/100 Network Connection
Link has been disconnected.

Event Record #/Type114186 / Error
Event Submitted/Written: 07/25/2008 02:03:39 AM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type114141 / Error
Event Submitted/Written: 07/25/2008 01:34:01 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Windows Search%%1053

Event Record #/Type114140 / Error
Event Submitted/Written: 07/25/2008 01:34:01 AM
Event ID/Source: 7009 / Service Control Manager
Event Description:
30000Windows Search



-- End of Deckard's System Scanner: finished at 2008-07-25 10:14:38 ------------
 
Hi

Is Norton Internet Security 2007 up-to-date?

You have also ran combofix so please post its log next:

C:\QooBox\Quarantine\C\Windows\mrofinu1188.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
 
Thanks for the fast response.

Norton is NOT up to date.

heres the combofix log

ComboFix 08-07-23.4 - Anastasia 2008-07-25 1:34:14.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1259 [GMT -7:00]
Running from: C:\Users\Jaime\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-24 13:06 . 2008-07-24 13:07 <DIR> d-------- C:\Program Files\LimeWire
2008-07-23 11:57 . 2008-07-23 11:58 196,608 --a------ C:\Windows\SPInstall.etl
2008-07-23 00:47 . 2008-07-23 01:05 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-23 00:47 . 2008-07-23 01:05 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-23 00:47 . 2008-07-23 00:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 23:50 . 2008-07-22 23:50 <DIR> d-------- C:\Users\Anastasia\AppData\Roaming\Uniblue
2008-07-21 22:51 . 2008-07-21 22:53 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-21 22:51 . 2008-07-21 22:53 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-21 22:51 . 2008-07-21 22:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-21 22:50 . 2008-07-21 22:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-21 21:07 . 2008-07-21 21:07 <DIR> d-------- C:\Windows\McAfee.com
2008-07-21 20:11 . 2008-07-21 20:11 0 --ah----- C:\Users\Default.LOG2
2008-07-21 20:11 . 2008-07-21 20:11 0 --ah----- C:\Users\Default.LOG1
2008-07-21 20:11 . 2008-07-21 20:11 0 --ah----- C:\ProgramData.LOG2
2008-07-21 20:11 . 2008-07-21 20:11 0 --ah----- C:\ProgramData.LOG1
2008-07-21 20:04 . 2008-07-21 20:04 4,580 --a------ C:\Windows\System32\tmp.reg
2008-07-21 20:04 . 2008-07-21 20:04 691 --a------ C:\Users\Jaime\AppData\Roaming\GetValue.vbs
2008-07-21 20:04 . 2008-07-21 20:04 35 --a------ C:\Users\Jaime\AppData\Roaming\SetValue.bat
2008-07-21 12:23 . 2008-07-21 12:23 164 --a------ C:\install.dat
2008-07-21 12:17 . 2008-07-21 12:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 11:18 . 2008-07-21 11:18 <DIR> d-------- C:\Windows\System32\carH18
2008-07-21 11:18 . 2008-07-21 11:18 <DIR> d-------- C:\temp\btxv15
2008-07-15 06:38 . 2008-06-25 18:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-15 06:38 . 2008-06-25 18:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-15 06:38 . 2008-06-25 20:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-09 01:14 . 2008-04-26 01:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-09 01:14 . 2008-04-26 01:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-09 01:14 . 2008-04-26 01:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-09 01:14 . 2008-04-11 20:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-09 01:14 . 2008-05-09 20:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-09 01:14 . 2008-04-04 18:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-09 01:14 . 2008-04-04 20:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-09 01:13 . 2008-05-08 14:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-09 01:13 . 2008-05-08 14:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-09 01:13 . 2008-05-08 14:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-09 01:13 . 2008-05-08 14:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-09 01:13 . 2008-05-08 14:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-09 01:13 . 2008-05-08 14:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-09 01:13 . 2008-05-08 14:59 90,112 --a------ C:\Windows\System32\wshext.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 07:47 --------- d-----w C:\Program Files\PermissionTV
2008-07-24 20:54 --------- d-----w C:\Users\Jaime\AppData\Roaming\LimeWire
2008-07-24 01:53 --------- d-----w C:\Program Files\Dl_cats
2008-07-22 17:42 --------- d-----w C:\ProgramData\Winamp Toolbar
2008-07-21 19:10 --------- d-----w C:\Program Files\Microsoft Works
2008-07-21 19:10 --------- d-----w C:\Program Files\Google
2008-07-21 19:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-21 19:10 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-09 08:27 --------- d-----w C:\Program Files\Windows Mail
2008-06-25 01:32 --------- d-----w C:\Program Files\VstPlugins
2008-06-25 01:32 --------- d-----w C:\Program Files\Image-Line
2008-06-25 01:26 --------- d-----w C:\Program Files\coolpro2
2008-06-25 00:50 --------- d-----w C:\Users\Jaime\AppData\Roaming\Syntrillium
2008-06-20 15:07 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-15 02:58 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-13 23:38 174 --sha-w C:\Program Files\desktop.ini
2008-06-13 23:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-13 23:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-13 23:30 --------- d-----w C:\Program Files\Windows Defender
2008-06-13 23:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-13 23:30 --------- d-----w C:\Program Files\Windows Calendar
2008-06-13 13:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-13 13:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-16 18:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot_2008-07-25_ 1.18.50.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-25 08:00:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-25 08:22:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-25 08:00:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-25 08:22:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-25 08:02:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-25 08:24:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-07-25 08:02:17 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-25 08:24:25 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-07-25 08:00:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-25 08:22:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-25 08:00:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-25 08:22:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-25 08:00:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-25 08:22:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-25 08:06:26 101,144 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-25 08:29:03 101,144 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-25 08:06:26 595,446 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-25 08:29:03 595,446 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-25 08:02:20 7,304 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3497426329-196693940-3450494876-1001_UserData.bin
+ 2008-07-25 08:24:39 7,312 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3497426329-196693940-3450494876-1001_UserData.bin
- 2008-07-25 08:02:20 65,560 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-25 08:24:39 65,560 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-25 08:02:16 38,536 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-25 08:24:37 38,552 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-08 22:15 89088]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-02 20:25 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"BM25d454aa"="C:\Users\ANASTA~1\AppData\Local\Temp\ueuqxmlk.dll" [2008-07-24 18:47 93696]
"cmds"="C:\Users\ANASTA~1\AppData\Local\Temp\ljJAqRKE.dll" [2008-07-22 11:57 283136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 07:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 20:37 413696]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 15:07 133656]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 15:06 166424]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 15:07 141848]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-02 18:43 185632]
"DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 22:31 106496]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 15:04 304008]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 09:57 292336]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 15:09 312200]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 08:35 221184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-22 17:58 1862144]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 03:20 17920]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-12-03 16:23 22696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-12-03 16:25 107112]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 14:23 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 08:37 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 06:26 4452352 C:\Windows\RtHDVCpl.exe]

C:\Users\Anastasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 19:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-22 17:44:25 50688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-25 13:18:23 157008]

C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-25 13:18:23 157008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-22 17:44:25 50688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-25 13:18:23 157008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 13:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8BEE59AF-5BA9-4E6C-BE38-3132FC7485A9}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
"{AF98C6BB-EF49-44BB-B609-384C9FEE9A82}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
"{E5752351-B9A4-4A07-879C-6FC3CEC5B1B9}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{5411622F-BB20-4377-BEF4-BE3D1611B415}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{767E0144-829E-48F3-A1D5-AC372D7A1477}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{138F6236-E497-4A98-980E-532B8672B730}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{BAAECACC-A994-4E8C-91DC-42784C7151CD}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{11893399-21D2-4510-906B-2FE97C652D5A}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3AA1E9D9-D47F-4756-A53F-06E1312994C4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{303E8C35-7366-4D71-8CA6-7D3BBE7007BA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{21C28DA5-D959-452C-B666-5123FD613D34}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D65597B1-A91F-4736-9876-A08FE1BDEA16}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{A97C8E39-5C1E-4B92-A2BA-8C320ED9B568}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A726CC4C-241B-4DD1-9BBA-8C863B70977E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070921.001\IDSvix86.sys [2007-09-13 07:49]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [2006-10-11 14:48]
R2 PermissionTVDownloadManager;PermissionTV Download Manager Service;C:\PROGRA~1\PERMIS~1\bin\dm.exe [2007-08-07 16:34]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-12-03 16:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-07-19 03:21:34 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Anastasia.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070823


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 01:36:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Users\ANASTA~1\AppData\Local\Temp\cylbfspv.dll
-> C:\Users\ANASTA~1\AppData\Local\Temp\ueuqxmlk.dll
-> C:\Users\ANASTA~1\AppData\Local\Temp\ljJAqRKE.dll
.
Completion time: 2008-07-25 1:37:47
ComboFix-quarantined-files.txt 2008-07-25 08:37:42
ComboFix2.txt 2008-07-25 08:19:33
ComboFix3.txt 2008-07-24 00:16:17

Pre-Run: 24,963,739,648 bytes free
Post-Run: 24,930,406,400 bytes free

240 --- E O F --- 2008-07-24 03:58:32
 
Hi

Thanks for the info; then we'll replace it later.

You are not supposed to run any tools like combofix unsupervised, link

Open notepad and copy/paste the text in the codebox below into it:

Code: 
Folder::
C:\Windows\System32\carH18
C:\temp\btxv15

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
ComboFix Log:

ComboFix 08-07-23.4 - Jaime 2008-07-25 10:34:43.4 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1036 [GMT -7:00]
Running from: C:\Users\Jaime\Desktop\ComboFix.exe
Command switches used :: C:\Users\Jaime\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\btxv15
C:\Windows\System32\carH18

.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-25 10:11 . 2008-07-25 10:11 <DIR> d-------- C:\Deckard
2008-07-25 02:37 . 2008-07-25 02:37 <DIR> d-------- C:\Users\Jaime\AppData\Roaming\Malwarebytes
2008-07-25 02:37 . 2008-07-25 02:37 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-25 02:37 . 2008-07-25 02:37 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-25 02:37 . 2008-07-25 02:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-25 02:37 . 2008-07-23 20:09 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-25 02:37 . 2008-07-23 20:09 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-24 13:06 . 2008-07-24 13:07 <DIR> d-------- C:\Program Files\LimeWire
2008-07-23 11:57 . 2008-07-23 11:58 196,608 --a------ C:\Windows\SPInstall.etl
2008-07-23 00:47 . 2008-07-23 01:05 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-23 00:47 . 2008-07-23 01:05 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-23 00:47 . 2008-07-23 00:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 23:50 . 2008-07-22 23:50 <DIR> d-------- C:\Users\Anastasia\AppData\Roaming\Uniblue
2008-07-21 22:51 . 2008-07-21 22:53 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-07-21 22:51 . 2008-07-21 22:53 <DIR> d-------- C:\ProgramData\Lavasoft
2008-07-21 22:51 . 2008-07-21 22:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-21 22:50 . 2008-07-21 22:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-21 21:07 . 2008-07-21 21:07 <DIR> d-------- C:\Windows\McAfee.com
2008-07-21 20:11 . 2008-07-21 20:11 0 --ah----- C:\Users\Default.LOG2
2008-07-21 20:11 . 2008-07-21 20:11 0 --ah----- C:\Users\Default.LOG1
2008-07-21 20:11 . 2008-07-21 20:11 0 --ah----- C:\ProgramData.LOG2
2008-07-21 20:11 . 2008-07-21 20:11 0 --ah----- C:\ProgramData.LOG1
2008-07-21 20:04 . 2008-07-21 20:04 4,580 --a------ C:\Windows\System32\tmp.reg
2008-07-21 20:04 . 2008-07-21 20:04 691 --a------ C:\Users\Jaime\AppData\Roaming\GetValue.vbs
2008-07-21 20:04 . 2008-07-21 20:04 35 --a------ C:\Users\Jaime\AppData\Roaming\SetValue.bat
2008-07-21 12:23 . 2008-07-21 12:23 164 --a------ C:\install.dat
2008-07-21 12:17 . 2008-07-21 12:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-15 06:38 . 2008-06-25 18:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-15 06:38 . 2008-06-25 18:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-15 06:38 . 2008-06-25 20:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-09 01:14 . 2008-04-26 01:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-09 01:14 . 2008-04-26 01:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-09 01:14 . 2008-04-26 01:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-09 01:14 . 2008-04-11 20:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-09 01:14 . 2008-05-09 20:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-09 01:14 . 2008-04-04 18:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-09 01:14 . 2008-04-04 20:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-09 01:13 . 2008-05-08 14:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-09 01:13 . 2008-05-08 14:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-09 01:13 . 2008-05-08 14:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-09 01:13 . 2008-05-08 14:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-09 01:13 . 2008-05-08 14:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-09 01:13 . 2008-05-08 14:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-09 01:13 . 2008-05-08 14:59 90,112 --a------ C:\Windows\System32\wshext.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 07:47 --------- d-----w C:\Program Files\PermissionTV
2008-07-24 20:54 --------- d-----w C:\Users\Jaime\AppData\Roaming\LimeWire
2008-07-24 01:53 --------- d-----w C:\Program Files\Dl_cats
2008-07-22 17:42 --------- d-----w C:\ProgramData\Winamp Toolbar
2008-07-21 19:10 --------- d-----w C:\Program Files\Microsoft Works
2008-07-21 19:10 --------- d-----w C:\Program Files\Google
2008-07-21 19:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-21 19:10 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-09 08:27 --------- d-----w C:\Program Files\Windows Mail
2008-06-25 01:32 --------- d-----w C:\Program Files\VstPlugins
2008-06-25 01:32 --------- d-----w C:\Program Files\Image-Line
2008-06-25 01:26 --------- d-----w C:\Program Files\coolpro2
2008-06-25 00:50 --------- d-----w C:\Users\Jaime\AppData\Roaming\Syntrillium
2008-06-20 15:07 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-15 02:58 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-13 23:38 174 --sha-w C:\Program Files\desktop.ini
2008-06-13 23:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-13 23:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-13 23:30 --------- d-----w C:\Program Files\Windows Defender
2008-06-13 23:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-13 23:30 --------- d-----w C:\Program Files\Windows Calendar
2008-06-13 13:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-13 13:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-16 18:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot_2008-07-25_ 1.18.50.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-25 08:00:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-25 12:10:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-25 08:00:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-25 12:10:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-25 08:02:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-25 12:25:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-07-25 08:02:17 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-25 17:04:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-07-25 08:00:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-25 12:10:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-25 08:00:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-25 12:10:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-25 08:00:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-25 12:10:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-25 08:06:26 101,144 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-25 12:14:46 101,144 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-25 08:06:26 595,446 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-25 12:14:46 595,446 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-25 08:02:20 7,304 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3497426329-196693940-3450494876-1001_UserData.bin
+ 2008-07-25 09:05:36 7,312 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3497426329-196693940-3450494876-1001_UserData.bin
- 2008-07-25 08:02:20 65,560 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-25 09:05:35 65,560 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-25 08:02:16 38,536 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-25 09:05:34 38,568 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-02 20:25 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 09:09 460784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 07:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 20:37 413696]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 15:07 133656]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 15:06 166424]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 15:07 141848]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-02 18:43 185632]
"DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 22:31 106496]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 15:04 304008]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 09:57 292336]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 15:09 312200]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 08:35 221184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-22 17:58 1862144]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 03:20 17920]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-12-03 16:23 22696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-12-03 16:25 107112]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 14:23 118784]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 08:37 81920]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-23 20:09 1195640]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 06:26 4452352 C:\Windows\RtHDVCpl.exe]

C:\Users\Anastasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 19:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-22 17:44:25 50688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-25 13:18:23 157008]

C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-25 13:18:23 157008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-22 17:44:25 50688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-25 13:18:23 157008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 13:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8BEE59AF-5BA9-4E6C-BE38-3132FC7485A9}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
"{AF98C6BB-EF49-44BB-B609-384C9FEE9A82}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
"{E5752351-B9A4-4A07-879C-6FC3CEC5B1B9}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{5411622F-BB20-4377-BEF4-BE3D1611B415}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{767E0144-829E-48F3-A1D5-AC372D7A1477}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{138F6236-E497-4A98-980E-532B8672B730}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{BAAECACC-A994-4E8C-91DC-42784C7151CD}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{11893399-21D2-4510-906B-2FE97C652D5A}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3AA1E9D9-D47F-4756-A53F-06E1312994C4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{303E8C35-7366-4D71-8CA6-7D3BBE7007BA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{21C28DA5-D959-452C-B666-5123FD613D34}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D65597B1-A91F-4736-9876-A08FE1BDEA16}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{A97C8E39-5C1E-4B92-A2BA-8C320ED9B568}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A726CC4C-241B-4DD1-9BBA-8C863B70977E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070921.001\IDSvix86.sys [2007-09-13 07:49]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [2006-10-11 14:48]
R2 PermissionTVDownloadManager;PermissionTV Download Manager Service;C:\PROGRA~1\PERMIS~1\bin\dm.exe [2007-08-07 16:34]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-12-03 16:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-07-19 03:21:34 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Anastasia.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 10:37:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-25 10:39:38
ComboFix-quarantined-files.txt 2008-07-25 17:38:54
ComboFix2.txt 2008-07-25 08:37:47
ComboFix3.txt 2008-07-25 08:19:33
ComboFix4.txt 2008-07-24 00:16:17

Pre-Run: 23,841,898,496 bytes free
Post-Run: 23,809,798,144 bytes free

243 --- E O F --- 2008-07-24 03:58:32


Thank you for this, i couldnt have done it on my own
 
HLT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:17 AM, on 7/25/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webshots\Webshots.scr
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5343/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9104 bytes
 
Hi

Right-click your favorite web browser and choose Run as administrator.

After that:

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
 
Hello,

For whatever reason, I cannot get the kaspersky site to load up in firefox or IE. Are there any alternatives or something I Can try to get it loaded? Thanks
 
new HJT and kasp log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:03 PM, on 7/25/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5343/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9237 bytes


KASPERSKY LOG

For some reason, when I go to save the log, it doesnt show up where I saved it. But then if i do it again, it will show up in the 'save as' box, but not in the location itself. Any ideas?
 
KASP Log

Ah, must not have been in admin mode the 1st time around.

heres the log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 25, 2008
Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 25, 2008 22:13:25
Records in database: 1008660
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 126867
Threat name: 2
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 01:40:46


File name / Threat name / Threats count
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\awtsQGwX.dll Infected: Trojan.Win32.Monderb.ny 1
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\geBsstuu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.abjy 1
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\mlJBrsPh.dll Infected: Trojan.Win32.Monderb.ny 1
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\opnkigfE.dll Infected: Trojan.Win32.Monderb.ny 1
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\tmp0000640f Infected: Trojan.Win32.Monderb.ny 1
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\tmp00007bf2 Infected: Trojan.Win32.Monderb.ny 1

The selected area was scanned.


Thank you
 
Hi

Yes it requires that in Vista :)

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\awtsQGwX.dll 
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\geBsstuu.dll 
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\mlJBrsPh.dll 
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\opnkigfE.dll 
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\tmp0000640f
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\tmp00007bf2
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
Heres the OT log:

DllUnregisterServer procedure not found in C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\awtsQGwX.dll
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\awtsQGwX.dll NOT unregistered.
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\awtsQGwX.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\geBsstuu.dll
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\geBsstuu.dll NOT unregistered.
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\geBsstuu.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\mlJBrsPh.dll
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\mlJBrsPh.dll NOT unregistered.
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\mlJBrsPh.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\opnkigfE.dll
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\opnkigfE.dll NOT unregistered.
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\opnkigfE.dll moved successfully.
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\tmp0000640f moved successfully.
C:\Users\Jaime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Jaime\AppData\Local\Temp\tmp00007bf2 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07262008_094007
 
Hello,

I ran spybot once more just to check and the bug was gone.

Thanks a ton for your help. You guys are priceless.

Have a good day, and again, thank you.
 
Hi

Before we call this done, Norton needs to be replaced.

Download one antivirus and one firewall below first:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

After that, enable windows firewall.

Uninstall Norton and install new antivirus and firewall.

Disable windows firewall and post back a fresh HijackThis log, please :)
 
You must log in or register to reply here.
Back
Top