Desktop Security 2010 [Help please! :) ] [Archive]

View Full Version : Desktop Security 2010 [Help please! :) ]

kcbaby

2010-05-07, 22:02

It seems I've been infected by Desktop Security 2010..ran spybot and malwarebytes 2 days ago and thought it was gone...but it's back! Any help you can give is much appreciated! My DDS info is below: :thanks:

DDS (Ver_10-03-17.01) - NTFSx86
Run by alison at 15:49:09.92 on Fri 05/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.249 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
C:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
C:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
C:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
C:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
C:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM7\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\alison\Local Settings\Temp\m.2A.tmp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\alison\Local Settings\Temporary Internet Files\Content.IE5\225ZA5O4\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PlaxoUpdate] c:\program files\plaxo\2.12.1.1\PlaxoHelper.exe -a
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AIM] "c:\program files\aim7\aim.exe" /d locale=en-US
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SecurityCenter] c:\documents and settings\alison\application data\desktop security 2010\securitycenter.exe
uRun: [h6vtn5uswnoa] c:\documents and settings\alison\local settings\temp\m.2A.tmp.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [PScriptPlugin] c:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
mRun: [tgctlsitgctlcm6.9.2260.0] c:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
mRun: [AdobeBridge] c:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
mRun: [sprtctllnComponents] c:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
mRun: [PluginAcrobat] c:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
mRun: [PreferencesOpener] c:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
mRunServices: [MediaDigital] c:\program files\microsoft plus! digital media edition\plusplus1.1.0.3500.exe
mRunServices: [HelpViewer] c:\program files\adobe\adobe help viewer\1.0\helpviewer.exe
mRunServices: [realschedRealPlayer] c:\program files\common files\real\update_ob\bak\realschedrealplayer.exe
mRunServices: [tgctlsisprtctlbr1.0] c:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
mRunServices: [PluginADREGP] c:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
mRunServices: [OpenerAdobe] c:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alison\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Search - ?p=ZS
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: imageservr.com\locator.cdn
Trusted Zone: imageservr.com\locator1.cdn
Trusted Zone: whataboutadog.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} - hxxp://community.webshots.com/html/atx/wsaxcontrol.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128792470343
DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} - hxxp://download.paltalk.com/webclient_production/webclientctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/53/install/gtdownls.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://kohler1.view22.com/app/view22RTE.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} - hxxp://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///D:/CDVIEWER/CdViewer.cab
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alison\applic~1\mozilla\firefox\profiles\5gbdssyz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-28 102448]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-5 38224]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100506.025\NAVENG.SYS [2010-5-6 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100506.025\NAVEX15.SYS [2010-5-6 1324720]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-28 1245064]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-25 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2004-5-14 32896]

=============== Created Last 30 ================

2010-05-06 01:00:33 0 d-----w- c:\docume~1\alison\applic~1\Malwarebytes
2010-05-06 01:00:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 01:00:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-06 01:00:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 01:00:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 20:59:37 0 d-----w- c:\docume~1\alison\applic~1\Desktop Security 2010
2010-04-25 20:54:10 0 d-----w- c:\program files\Ask.com

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-02-09 22:16:15 721912 ----a-w- c:\documents and settings\alison\gotomypc_428.exe
2007-01-27 02:58:41 957796 --sha-w- c:\windows\repair\avjaip.bak1
2006-06-10 22:40:02 56 --sh--r- c:\windows\system32\D4286DF57B.sys
2006-06-10 22:40:02 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-01 22:20:12 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2010-02-01 22:20:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-08-28 01:51:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat
2010-02-01 22:20:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 15:52:29.43 ===============

So, so, so sorry...I was in the middle of running Malwarebytes when I posted the initial DDS log...here is an updated log...I won't do anything else until I hear from one of you experts! Thanks!

DDS (Ver_10-03-17.01) - NTFSx86
Run by alison at 16:36:56.71 on Fri 05/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.319 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
C:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
C:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
C:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
C:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
C:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM7\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\alison\Local Settings\Temp\m.2A.tmp.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\alison\Application Data\Desktop Security 2010\securitycenter.exe
C:\Documents and Settings\alison\Local Settings\Temporary Internet Files\Content.IE5\225ZA5O4\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PlaxoUpdate] c:\program files\plaxo\2.12.1.1\PlaxoHelper.exe -a
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AIM] "c:\program files\aim7\aim.exe" /d locale=en-US
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [h6vtn5uswnoa] c:\documents and settings\alison\local settings\temp\m.2A.tmp.exe
uRun: [Desktop Security 2010] "c:\documents and settings\alison\application data\desktop security 2010\Desktop Security 2010.exe" /STARTUP
uRun: [SecurityCenter] c:\documents and settings\alison\application data\desktop security 2010\securitycenter.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [PScriptPlugin] c:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
mRun: [tgctlsitgctlcm6.9.2260.0] c:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
mRun: [AdobeBridge] c:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
mRun: [sprtctllnComponents] c:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
mRun: [PluginAcrobat] c:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
mRun: [PreferencesOpener] c:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
mRunServices: [MediaDigital] c:\program files\microsoft plus! digital media edition\plusplus1.1.0.3500.exe
mRunServices: [HelpViewer] c:\program files\adobe\adobe help viewer\1.0\helpviewer.exe
mRunServices: [realschedRealPlayer] c:\program files\common files\real\update_ob\bak\realschedrealplayer.exe
mRunServices: [tgctlsisprtctlbr1.0] c:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
mRunServices: [PluginADREGP] c:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
mRunServices: [OpenerAdobe] c:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alison\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Search - ?p=ZS
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: imageservr.com\locator.cdn
Trusted Zone: imageservr.com\locator1.cdn
Trusted Zone: whataboutadog.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} - hxxp://community.webshots.com/html/atx/wsaxcontrol.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128792470343
DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} - hxxp://download.paltalk.com/webclient_production/webclientctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/53/install/gtdownls.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://kohler1.view22.com/app/view22RTE.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} - hxxp://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///D:/CDVIEWER/CdViewer.cab
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alison\applic~1\mozilla\firefox\profiles\5gbdssyz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-28 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100506.025\NAVENG.SYS [2010-5-6 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100506.025\NAVEX15.SYS [2010-5-6 1324720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-25 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2004-5-14 32896]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-28 1245064]

=============== Created Last 30 ================

2010-05-07 20:34:46 0 d-----w- c:\docume~1\alison\applic~1\Desktop Security 2010
2010-05-06 01:00:33 0 d-----w- c:\docume~1\alison\applic~1\Malwarebytes
2010-05-06 01:00:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 01:00:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-06 01:00:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 01:00:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 20:54:10 0 d-----w- c:\program files\Ask.com

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-02-09 22:16:15 721912 ----a-w- c:\documents and settings\alison\gotomypc_428.exe
2007-01-27 02:58:41 957796 --sha-w- c:\windows\repair\avjaip.bak1
2006-06-10 22:40:02 56 --sh--r- c:\windows\system32\D4286DF57B.sys
2006-06-10 22:40:02 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-01 22:20:12 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2010-02-01 22:20:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-08-28 01:51:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat
2010-02-01 22:20:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 16:39:14.65 ===============

JonTom

2010-05-08, 17:09

Hello kcbaby and :welcome:

My name is JonTom.

Malware Logs can sometimes take a lot of time to research and interpret.

Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

PLEASE NOTE: If you do not reply after 5 days your thread will be closed.

Please be aware that I am still in training, and all of my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice.
This may cause a delay in response time, but I will do my best to keep it as short as possible.
I will reply back shortly with instructions.

JonTom

2010-05-08, 20:14

Hello kcbaby

Thank you for the log.

Before we continue, I would like you to scan your system with the following tool. If you encounter any difficulties come back and let me know.

Please scan your system with GMER

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

kcbaby

2010-05-09, 00:46

Hi JonTom...Thanks for taking the time to help me! My system has become very unstable(pop ups/screen refreshing..fun!) and I am having a hard time getting the gmer scan to complete. I am working on it though and will post ASAP.

kcbaby

2010-05-09, 01:32

Hi..unfortunately, it doesn't look like I'm going to be able to get the scan to run to completion. After a few minutes of running, everything freezes completely.

JonTom

2010-05-09, 11:18

Hello kcbaby

Thank you for letting me know.

Please try the following instead:

GMER

If you are having trouble getting GMER to complete a scan, please run it again, but this time uncheck everything EXCEPT "Sections" and "C:\".
If GMER does not produce a log please try running it from Safe Mode.

How to use the F8 method to Start Your Computer in Safe Mode

Restart your computer.
As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
Use the arrow keys to select the Safe mode menu item.
Press Enter.

If GMER in safe mode does not work, please try RootRepeal:

RootRepeal

Please download this (http://ad13.geekstogo.com/rrbeta/RootRepeal.exe) file, and save it to your Desktop. Once you have downloaded it, save and close all other programs and run it by double clicking on the file named "RootRepeal.exe".
Once the main window shows up, please click on the "Report" button on the bottom of the window. Next, please click the "Scan" button.
Another window will pop up asking you to select what to include in the scan. Please uncheck everything except for the "Stealth Code" checkbox, and then click "OK".
Once the program has finished scanning, the results will appear. Click on the "Save Report" button, and save the report to your desktop.
Finally, please open this report with Notepad, and post it here.

Please provide the GMER/Rootrepeal log in your next reply. If you are still having trouble, come back and let me know.

kcbaby

2010-05-10, 13:58

Hi JonTom...I was finally able to get gmer to run. Here are the results.

Thanks again for your help!

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 00:42:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\alison\LOCALS~1\Temp\kfloakoc.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat F69BCD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\PROGRA~1\COMMON~1\Corel\Shared\WRITIN~1\12\WT12LI.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\InprocServer32@ C:\WINDOWS\system32\wmpdxm.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\ProgID@ AMOVIE.ActiveMovieControl.2
Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\TypeLib@ {05589fa0-c356-11ce-bf01-00aa0055595a}
Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\Version@ 2.0
Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\VersionIndependentProgID@ AMOVIE.ActiveMovieControl

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\alison\Local Settings\Temp\poertd.exe (size mismatch) 91136/0 bytes executable

---- EOF - GMER 1.0.15 ----

kcbaby

2010-05-10, 14:06

Hi again:

I was also able to run RootRepeal...here are those results as well.

ROOTREPEAL (c) AD, 2007-2010
==================================================
Report Save Time: 2010/05/10 08:05
Program Version: Version 2.0.0.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

PROCESSES
-------------------
4 - System
244 - C:\WINDOWS\system32\Brmfrmps.exe
308 - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
360 - C:\WINDOWS\ehome\ehSched.exe
508 - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
528 - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
592 - C:\WINDOWS\ehome\ehRecvr.exe
752 - C:\WINDOWS\system32\brsvc01a.exe
776 - C:\WINDOWS\system32\brss01a.exe
780 - C:\WINDOWS\system32\spoolsv.exe
1068 - C:\WINDOWS\system32\smss.exe
1136 - C:\WINDOWS\system32\csrss.exe
1164 - C:\WINDOWS\system32\winlogon.exe
1212 - C:\WINDOWS\system32\services.exe
1224 - C:\WINDOWS\system32\lsass.exe
1424 - C:\WINDOWS\system32\ati2evxx.exe
1444 - C:\WINDOWS\system32\svchost.exe
1504 - C:\Program Files\iPod\bin\iPodService.exe
1572 - C:\WINDOWS\system32\svchost.exe
1696 - C:\WINDOWS\system32\svchost.exe
1816 - C:\WINDOWS\system32\svchost.exe
1864 - C:\WINDOWS\system32\svchost.exe
1884 - C:\Program Files\Bonjour\mDNSResponder.exe
1912 - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
1928 - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1980 - C:\WINDOWS\system32\svchost.exe
1996 - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
2040 - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
2120 - C:\Program Files\AIM7\aim.exe
2200 - C:\WINDOWS\system32\dllhost.exe
2204 - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
2220 - C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2260 - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
2268 - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
2496 - C:\Documents and Settings\alison\Desktop\RootRepeal.exe
2612 - C:\Program Files\Brother\ControlCenter2\brctrcen.exe
2660 - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
2716 - C:\Program Files\iTunes\iTunesHelper.exe
2740 - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
2760 - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
2784 - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Xtras\AdobePDF\I386\PluginAdxxUIPI.exe
2804 - C:\Program Files\Common Files\Symantec Shared\Support Controls\SymXPep2sprtctlbr.exe
2908 - C:\Program Files\Internet Explorer\iexplore.exe
2996 - C:\Program Files\Adobe\Adobe Bridge CS3\Resources\ro\PreferencesAdobe.exe
3012 - C:\Program Files\Common Files\Symantec Shared\Support Controls\SymXPep2sprtctlbr.exe
3020 - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Xtras\AdobePDF\I386\PluginAdxxUIPI.exe
3044 - C:\Program Files\Adobe\Adobe Bridge CS3\Resources\ro\PreferencesAdobe.exe
3068 - C:\Program Files\Messenger\msmsgs.exe
3144 - C:\WINDOWS\system32\ctfmon.exe
3160 - C:\WINDOWS\system32\svchost.exe
3204 - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3212 - C:\WINDOWS\system32\wdfmgr.exe
3248 - C:\Documents and Settings\alison\Local Settings\Temp\m.2A.tmp.exe
3356 - C:\Documents and Settings\alison\Application Data\Desktop Security 2010\securitycenter.exe
3512 - C:\WINDOWS\system32\vssvc.exe
3600 - C:\WINDOWS\system32\svchost.exe
3616 - C:\WINDOWS\system32\dllhost.exe
3776 - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
3916 - C:\WINDOWS\explorer.exe
4100 - C:\WINDOWS\system32\msdtc.exe
5576 - C:\Program Files\Internet Explorer\iexplore.exe

JonTom

2010-05-10, 20:15

Hello kcbaby

Thank you for the logs. Please work your way through the following steps. If you encounter any difficulties, come back and let me know.

Combofix

Download ComboFix from one of the following locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216).
Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

kcbaby

2010-05-11, 00:26

Hi Jontom...thanks for hanging in there with me! :bigthumb:

After combofix, the popups have stopped!

The combofix log was as follows:

ComboFix 10-05-10.02 - alison 05/10/2010 17:47:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.447 [GMT -4:00]
Running from: c:\documents and settings\alison\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\alison\Application Data\Desktop Security 2010
c:\documents and settings\alison\Application Data\Desktop Security 2010\Desktop Security 2010.exe
c:\documents and settings\alison\Application Data\Desktop Security 2010\mfc71.dll
c:\documents and settings\alison\Application Data\Desktop Security 2010\MFC71ENU.DLL
c:\documents and settings\alison\Application Data\Desktop Security 2010\msvcp71.dll
c:\documents and settings\alison\Application Data\Desktop Security 2010\msvcr71.dll
c:\documents and settings\alison\Application Data\Desktop Security 2010\securitycenter.exe
c:\documents and settings\alison\Application Data\Desktop Security 2010\securityhelper.exe
c:\documents and settings\alison\Application Data\Desktop Security 2010\taskmgr.dll
c:\documents and settings\alison\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\documents and settings\alison\Start Menu\Programs\Desktop Security 2010
c:\documents and settings\alison\Start Menu\Programs\Desktop Security 2010.lnk
c:\documents and settings\alison\Start Menu\Programs\Desktop Security 2010\Activate Desktop Security 2010.lnk
c:\documents and settings\alison\Start Menu\Programs\Desktop Security 2010\Desktop Security 2010.lnk
c:\documents and settings\alison\Start Menu\Programs\Desktop Security 2010\Help Desktop Security 2010.lnk
c:\documents and settings\alison\Start Menu\Programs\Desktop Security 2010\How to Activate Desktop Security 2010.lnk
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\repair\avjaip.bak1
c:\windows\repair\avjaip.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hjkkj.ini
c:\windows\system32\ie.ico
c:\windows\system32\nvgktkfy.ini
c:\windows\system32\open.ico
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Vb40032.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\wtigbkki.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-07 19:46 . 2010-05-07 19:46 -------- d-----w- c:\program files\ERUNT
2010-05-06 01:00 . 2010-05-06 01:00 -------- d-----w- c:\documents and settings\alison\Application Data\Malwarebytes
2010-05-06 01:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 01:00 . 2010-05-06 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-06 01:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 01:00 . 2010-05-06 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 20:54 . 2010-05-05 22:14 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 22:09 . 2005-08-26 03:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-10 11:51 . 2008-06-14 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-05 22:14 . 2006-05-24 22:30 -------- d-----w- c:\program files\LimeWire
2010-05-05 21:38 . 2009-12-16 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-05 21:21 . 2005-08-23 13:10 -------- d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2010-04-30 02:53 . 2008-08-23 01:48 256 ----a-w- c:\windows\system32\pool.bin
2010-04-27 22:03 . 2005-08-30 03:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-21 21:04 . 2005-08-26 04:16 -------- d-----w- c:\program files\PokerStars
2010-04-21 21:02 . 2009-10-14 18:34 -------- d-----w- c:\documents and settings\alison\Application Data\Research In Motion
2010-04-20 18:39 . 2005-08-26 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-15 00:59 . 2005-08-30 03:06 -------- d-----w- c:\program files\Google
2010-04-02 06:10 . 2006-02-17 02:17 -------- d-----w- c:\program files\Paltalk Messenger
2010-04-02 03:20 . 2010-04-02 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 03:20 . 2005-09-10 03:35 -------- d-----w- c:\program files\iTunes
2010-04-02 03:18 . 2005-09-10 03:24 -------- d-----w- c:\program files\iPod
2010-04-02 03:18 . 2007-08-12 19:44 -------- d-----w- c:\program files\Common Files\Apple
2010-04-02 03:03 . 2007-08-12 19:47 -------- d-----w- c:\program files\QuickTime
2010-04-02 02:49 . 2007-10-18 01:10 -------- d-----w- c:\program files\Bonjour
2010-03-27 04:28 . 2010-03-27 04:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-10 06:15 . 2004-08-19 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-19 20:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-08-23 12:48 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-19 20:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 03:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2004-08-19 20:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-19 20:49 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-09 22:16 . 2010-02-09 22:16 721912 ----a-w- c:\documents and settings\alison\gotomypc_428.exe
2009-04-01 02:47 . 2008-03-30 14:45 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2006-10-11 08:04 . 2008-02-22 17:00 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-02-22 17:00 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-02-22 17:00 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-02-22 17:00 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-02-22 17:00 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-06-10 22:40 . 2005-10-11 04:05 56 --sh--r- c:\windows\system32\D4286DF57B.sys
2006-12-29 17:18 . 2006-12-29 17:13 1659536 --sh--w- c:\windows\system32\hjjlm.tmp
2006-06-10 22:40 . 2005-10-11 04:05 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-06-13 03:36 . 2007-05-11 02:46 624248 c:\program files\Adobe\Acrobat 8.0\Acrobat\bak\Acrotray.exe
2006-10-23 03:24 . 2008-10-15 02:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

2005-08-23 13:08 . 2004-08-25 17:52 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2005-10-11 01:28 . 2004-05-25 13:16 49152 c:\program files\Brother\Brmfl04a\bak\BrStDvPt.exe
2008-02-26 23:45 . 2004-05-25 14:16 49152 c:\program files\Brother\Brmfl04a\BrStDvPt.exe

2005-10-11 01:28 . 2004-07-20 13:34 851968 c:\program files\Brother\ControlCenter2\bak\brctrcen.exe
2008-02-26 23:46 . 2004-07-20 14:34 851968 c:\program files\Brother\ControlCenter2\brctrcen.exe

2007-09-06 03:38 . 2007-09-06 03:38 587712 c:\program files\Carbonite\Carbonite Backup\bak\CarboniteUI.exe
2009-12-03 20:52 . 2009-12-03 20:52 670864 c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe

2006-05-10 00:24 . 2006-05-10 00:24 50760 c:\program files\Common Files\AOL\1139776233\ee\bak\AOLSoftware.exe

2005-09-13 02:14 . 2005-09-13 02:14 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2010-05-05 21:23 . 2010-05-05 20:57 153600 c:\program files\Common Files\Real\Update_OB\bak\realschedRealPlayer.exe

2003-10-14 14:22 . 2003-10-14 14:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
2003-10-14 15:22 . 2003-10-14 15:22 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

2005-08-23 13:09 . 2005-02-23 21:19 53248 c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe

2006-08-29 02:57 . 2006-08-29 02:57 395776 c:\program files\Dell Support\bak\DSAgnt.exe

2005-08-23 13:06 . 2005-04-25 13:50 139264 c:\program files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe

2005-08-23 13:09 . 2003-09-04 01:12 221184 c:\program files\Intel\Modem Event Monitor\bak\IntelMEM.exe

2007-07-31 22:44 . 2007-07-31 22:44 271672 c:\program files\iTunes\bak\iTunesHelper.exe
2010-03-26 05:10 . 2010-03-26 05:10 142120 c:\program files\iTunes\iTunesHelper.exe

2007-07-28 17:30 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2006-03-15 03:49 . 2006-01-19 16:06 11776 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe

2005-08-23 13:12 . 2006-01-19 16:06 110592 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\qttask.exe
2010-03-18 01:53 . 2010-03-18 01:53 421888 c:\program files\QuickTime\QTTask.exe

2004-04-14 19:04 . 2004-04-14 19:04 40960 c:\program files\ScanSoft\PaperPort\bak\IndexSearch.exe
2004-04-14 20:04 . 2004-04-14 20:04 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

2004-04-14 18:46 . 2004-04-14 18:46 57393 c:\program files\ScanSoft\PaperPort\bak\pptd40nt.exe
2004-04-14 19:46 . 2004-04-14 19:46 57393 c:\program files\ScanSoft\PaperPort\pptd40nt.exe

2007-09-17 00:28 . 2007-08-30 21:43 4670704 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

2004-08-19 20:50 . 2004-08-10 10:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-19 20:50 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"PlaxoUpdate"="c:\program files\Plaxo\2.12.1.1\PlaxoHelper.exe" [N/A]
"AIM"="c:\program files\AIM7\aim.exe" [2010-03-08 3972440]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-14 68856]
"SecurityCenter"="c:\documents and settings\alison\Application Data\Desktop Security 2010\securitycenter.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [N/A]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [N/A]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [N/A]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"PScriptPlugin"="c:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe" [2010-05-05 153600]
"tgctlsitgctlcm6.9.2260.0"="c:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe" [2010-05-05 153600]
"AdobeBridge"="c:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe" [2010-05-05 153600]
"sprtctllnComponents"="c:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe" [2010-05-05 153600]
"PluginAcrobat"="c:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe" [2010-05-05 153600]
"PreferencesOpener"="c:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe" [2010-05-05 153600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"OpenerAdobe"="c:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe" [2010-05-05 153600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\alison\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-8-23 156784]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-10-10 819200]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Desktop Security 2010"="c:\documents and settings\alison\Application Data\Desktop Security 2010\Desktop Security 2010.exe" /STARTUP
"h6vtn5uswnoa"=c:\documents and settings\alison\Local Settings\Temp\m.2D.tmp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ToolbarAutoRun5.96.21.1"=c:\docume~1\alison\LOCALS~1\Temp\0.010833981040821894.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"ToolbarAutoRun7"=c:\docume~1\alison\LOCALS~1\Temp\0.010833981040821894.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139776233\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 9:47 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 9:44 AM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2009 8:39 PM 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-14 19:04]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 00:39]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 00:39]

2010-05-04 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - KC Salek.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]

2010-05-10 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-04-07 13:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: imageservr.com\locator.cdn
Trusted Zone: imageservr.com\locator1.cdn
Trusted Zone: whataboutadog.com
Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} -
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} - hxxp://download.paltalk.com/webclient_production/webclientctl.cab
DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} - hxxp://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///D:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\alison\Application Data\Mozilla\Firefox\Profiles\5gbdssyz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-HijackThis - c:\documents and settings\KC Salek\Desktop\HijackThis.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 18:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2044)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2010-05-10 18:21:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 22:21

Pre-Run: 116,558,458,880 bytes free
Post-Run: 116,744,257,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

- - End Of File - - 3F2E9AD4352C05E7E33BD54CBF34BA51

JonTom

2010-05-12, 10:41

Hello kcbaby

Thank you for the log.

the popups have stopped!

Thats one thing fixed, but we still have a lot of work to do.

IMPORTANT!!!

It is very likely that the malware we are dealing with has password stealing capabilities. For this reason you are STRONGLY ADVISED to disconnect the infected computer from the internet and from any networked computers until it can be cleaned. If you have networked compters, these must be checked, as they may also be infected.

Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft. It may also be prudent to ask your banks to freeze/disable online access to your accounts until you are certain that your computer is free of the infecting malware.

It is ESSENTIAL that you use a CLEAN (uninfected) computer to change ALL of your passwords for the online services (banking etc) that you use. DO NOT USE THE INFECTED COMPUTER TO CHANGE YOUR PASSWORDS OR TO PERFORM ANY FINANCIAL TRANSACTIONS, as doing so will give the attacker access to the new password that you create.

Please work through the following steps

Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK").

NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.

Copy and Paste the text in the codebox below (including the link) into the open Notepad window:

http://forums.spybot.info/showthread.php?t=57244

Collect::
c:\windows\system32\hjjlm.tmp
c:\program files\common files\symantec shared\support controls\symxpep2sprtctlbr.exe
c:\program files\adobe\adobe bridge cs3\resources\ro\preferencesadobe.exe
c:\program files\adobe\acrobat 8.0\acrobat\xtras\adobepdf\i386\pluginadxxuipi.exe
c:\documents and settings\alison\Application Data\Desktop Security 2010\Desktop Security 2010.exe
c:\documents and settings\alison\Local Settings\Temp\m.2D.tmp.exe
c:\docume~1\alison\LOCALS~1\Temp\0.010833981040821894.exe
c:\program files\Common Files\Real\Update_OB\bak\realschedRealPlayer.exe

AWF::
c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
c:\program files\Common Files\AOL\1139776233\ee\bak\AOLSoftware.exe
c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
c:\program files\CyberLink\PowerDVD\bak\DVDLauncher.exe
c:\program files\Dell Support\bak\DSAgnt.exe
c:\program files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe
c:\program files\Intel\Modem Event Monitor\bak\IntelMEM.exe
c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
c:\program files\Dell Support\bak\DSAgnt.exe

Folder::
c:\program files\Adobe\Acrobat 8.0\Acrobat\bak
c:\program files\Brother\Brmfl04a\bak
c:\program files\Brother\ControlCenter2\bak
c:\program files\Carbonite\Carbonite Backup\bak
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak
c:\program files\iTunes\bak
c:\program files\Java\jre1.6.0_02\bin\bak
c:\program files\MUSICMATCH\Musicmatch Jukebox\bak
c:\program files\QuickTime\bak
c:\program files\ScanSoft\PaperPort\bak
c:\windows\system32\bak

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurityCenter"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PScriptPlugin"=-
"tgctlsitgctlcm6.9.2260.0"=-
"AdobeBridge"=-
"sprtctllnComponents"=-
"PluginAcrobat"=-
"PreferencesOpener"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"OpenerAdobe"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Desktop Security 2010"=-
"h6vtn5uswnoa"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ToolbarAutoRun5.96.21.1"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"ToolbarAutoRun7"=-

DDS::
Trusted Zone: imageservr.com\locator.cdn
Trusted Zone: imageservr.com\locator1.cdn
Trusted Zone: whataboutadog.com

Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.

Close any open browsers.

Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture below, drag CFScript.txt into ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Once the log is produced, re-engage your resident anti virus.
Note: When ComboFix finishes running, the ComboFix log will open along with a message box - do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.

Please provide the ComboFix log in your next reply.

kcbaby

2010-05-12, 23:48

Hi JonTom:

Thanks for the heads up. I'll take care of contacting my financial institutions for sure!

I did as you asked above and clicked ok..below is the log.

Thanks again for your help with this!

ComboFix 10-05-12.01 - alison 05/12/2010 17:24:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.464 [GMT -4:00]
Running from: c:\documents and settings\alison\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\alison\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

file zipped: c:\program files\Common Files\Real\Update_OB\bak\realschedRealPlayer.exe
file zipped: c:\windows\system32\hjjlm.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Adobe\Acrobat 8.0\Acrobat\bak
c:\program files\Adobe\Acrobat 8.0\Acrobat\bak\Acrotray.exe
c:\program files\Brother\Brmfl04a\bak
c:\program files\Brother\Brmfl04a\bak\BrStDvPt.exe
c:\program files\Brother\ControlCenter2\bak
c:\program files\Brother\ControlCenter2\bak\brctrcen.exe
c:\program files\Carbonite\Carbonite Backup\bak
c:\program files\Carbonite\Carbonite Backup\bak\CarboniteUI.exe
c:\program files\Common Files\Real\Update_OB\bak\realschedRealPlayer.exe
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
c:\program files\iTunes\bak
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\Java\jre1.6.0_02\bin\bak
c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\bak
c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe
c:\program files\QuickTime\bak
c:\program files\QuickTime\bak\qttask.exe
c:\program files\ScanSoft\PaperPort\bak
c:\program files\ScanSoft\PaperPort\bak\IndexSearch.exe
c:\program files\ScanSoft\PaperPort\bak\pptd40nt.exe
c:\windows\system32\bak
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\hjjlm.tmp

.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-07 19:46 . 2010-05-07 19:46 -------- d-----w- c:\program files\ERUNT
2010-05-06 01:00 . 2010-05-06 01:00 -------- d-----w- c:\documents and settings\alison\Application Data\Malwarebytes
2010-05-06 01:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 01:00 . 2010-05-06 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-06 01:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 01:00 . 2010-05-06 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 20:54 . 2010-05-05 22:14 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 21:36 . 2007-02-09 20:29 -------- d-----w- c:\program files\Dell Support
2010-05-12 21:34 . 2007-08-12 19:47 -------- d-----w- c:\program files\QuickTime
2010-05-12 21:34 . 2005-09-10 03:35 -------- d-----w- c:\program files\iTunes
2010-05-12 21:15 . 2005-08-26 03:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-12 02:38 . 2005-08-23 13:10 -------- d-----w- c:\program files\Microsoft Plus! Digital Media Edition
2010-05-11 21:09 . 2008-06-14 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-05 22:14 . 2006-05-24 22:30 -------- d-----w- c:\program files\LimeWire
2010-05-05 21:38 . 2009-12-16 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-30 02:53 . 2008-08-23 01:48 256 ----a-w- c:\windows\system32\pool.bin
2010-04-27 22:03 . 2005-08-30 03:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-21 21:04 . 2005-08-26 04:16 -------- d-----w- c:\program files\PokerStars
2010-04-21 21:02 . 2009-10-14 18:34 -------- d-----w- c:\documents and settings\alison\Application Data\Research In Motion
2010-04-20 18:39 . 2005-08-26 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-15 00:59 . 2005-08-30 03:06 -------- d-----w- c:\program files\Google
2010-04-12 17:39 . 2009-12-16 02:07 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-04-02 06:10 . 2006-02-17 02:17 -------- d-----w- c:\program files\Paltalk Messenger
2010-04-02 03:20 . 2010-04-02 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 03:18 . 2005-09-10 03:24 -------- d-----w- c:\program files\iPod
2010-04-02 03:18 . 2007-08-12 19:44 -------- d-----w- c:\program files\Common Files\Apple
2010-04-02 02:49 . 2007-10-18 01:10 -------- d-----w- c:\program files\Bonjour
2010-04-02 02:39 . 2010-04-02 02:39 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-27 04:28 . 2010-03-27 04:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-10 06:15 . 2004-08-19 20:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-19 20:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2005-08-23 12:48 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2004-08-19 20:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 03:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2004-08-19 20:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-04-01 02:47 . 2008-03-30 14:45 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2006-10-11 08:04 . 2008-02-22 17:00 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-02-22 17:00 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-02-22 17:00 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-02-22 17:00 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-02-22 17:00 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-06-10 22:40 . 2005-10-11 04:05 56 --sh--r- c:\windows\system32\D4286DF57B.sys
2006-06-10 22:40 . 2005-10-11 04:05 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 20:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"AIM"="c:\program files\AIM7\aim.exe" [2010-03-08 3972440]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-13 180269]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\alison\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-8-23 156784]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-10-10 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139776233\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 9:47 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 9:44 AM 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/25/2009 8:39 PM 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-05-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-14 19:04]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 00:39]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 00:39]

2010-05-11 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - KC Salek.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]

2010-05-12 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-04-07 13:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Filter: video/x-flv - {08C72DD4-19AD-49f1-83DA-8542B4D302C5} -
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} - hxxp://download.paltalk.com/webclient_production/webclientctl.cab
DPF: {FC0A65F2-8DFF-4F0F-B411-D4A50311628D} - hxxp://xmro.xmradio.com/xstream/registration/dell/xmprofiler.CAB
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///D:/CDVIEWER/CdViewer.cab
FF - ProfilePath - c:\documents and settings\alison\Application Data\Mozilla\Firefox\Profiles\5gbdssyz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlaxoUpdate - c:\program files\Plaxo\2.12.1.1\PlaxoHelper.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_02\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 17:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-12 17:41:30
ComboFix-quarantined-files.txt 2010-05-12 21:41
ComboFix2.txt 2010-05-10 22:21

Pre-Run: 116,569,563,136 bytes free
Post-Run: 116,737,830,912 bytes free

- - End Of File - - 029E5803E13F877ABE4F36623F8A21F0
Upload was successful

JonTom

2010-05-13, 09:15

Hello kcbaby

Thank you for the log.

Please work your way through the following steps:

P2P Programs:

P2P programs are a major source of Malware infections.
From your log I see you have LimeWire. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.

Information regarding the risk of using these programs can be found from here (http://malwareremoval.com/p2pindex.php) and here. (http://www.internetworldstats.com/articles/art053.htm)

It is strongly recommend that you uninstall any P2P programs you have on your system.

To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs".
A list of currently installed programs will be displayed.
Find the "LimeWire" program, click on it once and then click on the "Remove" button.
If you are prompted to re-boot your computer to complete the uninstall please do so.

PLEASE NOTE:
Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.

MalwareBytes AntiMalware:

I can see that you have MalwareBytes AntiMalware installed.
Double click on your MalwareBytes AntiMalware icon to launch the program.
Click on the "Update" tab and then on "Check for Updates".
The program will now install the latest Malware definition files.
Once complete, click on the "Scanner" tab, select "Perform full scan"and then click on "Scan".
Once the program has scanned your computer, a log file will be created in Notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Come back here to this thread and Paste the log in your next reply.

Please update your Java

Click on "Start", then on "Control Panel".
Go to "Add or Remove Programs" and uninstall any previous versions of Java that you find.
Reboot your computer.
Next, download the latest version of Java by clicking here (http://java.sun.com/javase/downloads/index.jsp)
Scroll down the page until you reach "Java Platform Standard Edition".
Beneath this and to the right, you will see a red button marked "Download JRE".
Click the "Download JRE" button.
Select the platform (Windows, in your case), multi language.
Accept the license agreement and click on "Continue".
You do not have to register if you do not want to (the registration step is optional).
Scroll down and click on the file called jre-6u20-windows-i586.exe located under "Windows Offline Installation".
Save the file to your desktop.
Do not select Run.
Double click on the saved file (jre-6u20-windows-i586.exe) to install the update.
Delete the downloaded installation file after completing the above procedure and reboot your system if not prompted to do so.

Please perform the following scan:

This is a very deep scan that can take many hours. In some instances you may need to let it run overnight. Please be patient.

It is recommended that you disable your onboard antivirus program and antispyware programs while performing scans to eliminate software conflicts and to speed up scan time.
DO NOT surf the net while your resident protection is disabled!
Once the scan is finished remember to re-enable your resident antivirus protection along with whatever antispyware applications you use.

Please perform a Kaspersky Online Scan of your computer by clicking here (http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1240137288999) or here (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html).

Click on the Accept button and install any components it needs.
The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run (at times it may appear to stall).
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

Once the scan is complete, click on View scan report. To obtain the report:
Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
If you need help performing the above steps, an animated tutorial can be found here. (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

Please provide the MBAM log and the Kaspersky Online Scan log in your next reply.

Also, please let me know how your machine is behaving now. Are you still experiencing problems?

kcbaby

2010-05-14, 14:45

Hi JonTom:

I am pretty sure that Limewire is where this all started..my daughter had downloaded it around the same time. I had removed it from the program list awhile ago and I don't see it there again.

Here are the mbam and Kapersky logs for you.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4097

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/13/2010 9:13:49 PM
mbam-log-2010-05-13 (21-13-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 328994
Time elapsed: 3 hour(s), 46 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, May 14, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, May 13, 2010 22:46:07
Records in database: 4110200
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan statistics:
Objects scanned: 170952
Threats found: 10
Infected objects found: 83
Suspicious objects found: 0
Scan duration: 04:48:57

File name / Threat / Threats count
C:\Documents and Settings\alison\Application Data\Sun\Java\Deployment\cache\6.0\28\6cf309dc-3893b31f Infected: Trojan.Win32.FakeAV.mt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04A7358F.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04C20572.dll Infected: Trojan-Spy.Win32.VBStat.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04E5534A.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\071F2560.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A8C0515.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A96030A.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AAA7EF4.dll Infected: Trojan-Spy.Win32.VBStat.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AE81CB0.dll Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B4978AC.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BB06EB3.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F5109DF.sys Infected: Trojan.Win32.Agent.ny 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\103D20D0.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11AA718A.dll Infected: Trojan-Spy.Win32.VBStat.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11CE3F63.dll Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D1695F.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D4135C.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\122E3065.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1255283A.dll Infected: Trojan-Spy.Win32.VBStat.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1255283A.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14BA5BDF.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17402AB2.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2523521E.dll Infected: Trojan-Spy.Win32.VBStat.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25471FF6.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\255771E4.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E2C2F7B.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E2E13A9.swf Infected: Trojan-Downloader.SWF.Gida.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E3567A2.swf Infected: Trojan-Downloader.SWF.Gida.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E690768.swf Infected: Trojan-Downloader.SWF.Gida.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E795956.swf Infected: Trojan-Downloader.SWF.Gida.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4426622B.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54107173.EXE Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54343F4B.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54376948.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\543A1344.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\543E3D41.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5441673D.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54441139.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54483B36.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\544B6532.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5451392B.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54556327.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54580D24.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\545B3720.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5ADE413C.dll Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5ADF22C2.exe Infected: Trojan.Win32.Agent.ny 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BAA4DE3.exe Infected: Trojan.Win32.Agent.ny 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D9556DD.dll Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FF11C8A.dll Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60360E3F.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\605D0613.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60742BFA.dll Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\609879D3.dll Infected: Trojan-Spy.Win32.VBStat.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\631B5AC9.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63482697.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\670E72F1.swf Infected: Trojan-Downloader.SWF.Gida.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\689844B0.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CAE5A85.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CC82A68.dll Infected: Trojan-Spy.Win32.VBStat.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CD2285D.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\742900AE.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76D13761.dll Infected: Trojan-Spy.Win32.VBStat.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76D70B5A.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\772C4EFC.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79263ACF.dll Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79C50AB2.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79CF08A8.dll Infected: Trojan.Win32.BHO.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A137A5C.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB93CAD.exe Infected: Trojan.Win32.Agent.bxj 1
C:\Program Files\ATI Technologies\ATI Control Panel\bak\ComponentDesktop.exe Infected: Trojan.Win32.FakeAV.mt 1
C:\Qoobox\Quarantine\C\Documents and Settings\alison\Application Data\Desktop Security 2010\securitycenter.exe.vir Infected: Packed.Win32.Katusha.l 1
C:\Qoobox\Quarantine\C\Documents and Settings\alison\Application Data\Desktop Security 2010\taskmgr.dll.vir Infected: Packed.Win32.Katusha.l 1
C:\Qoobox\Quarantine\[4]-Submit_2010-05-12_17.23.43.zip Infected: Trojan.Win32.FakeAV.mt 1
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP161\A0020008.exe Infected: Packed.Win32.Katusha.l 1
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP163\A0028215.exe Infected: Packed.Win32.Katusha.l 1
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP163\A0028217.dll Infected: Packed.Win32.Katusha.l 1
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP164\A0030385.exe Infected: Trojan.Win32.FakeAV.mt 1
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP164\A0030386.exe Infected: Trojan.Win32.FakeAV.mt 1
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP164\A0030387.exe Infected: Trojan.Win32.FakeAV.mt 1
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP164\A0030388.exe Infected: Trojan.Win32.FakeAV.mt 1
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP164\A0030389.exe Infected: Trojan.Win32.FakeAV.mt 1
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP164\A0030390.exe Infected: Trojan.Win32.FakeAV.mt 1
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP164\A0030391.exe Infected: Trojan.Win32.FakeAV.mt 1

Selected area has been scanned.

I can't thank you enough for your help!

kcbaby

2010-05-14, 16:33

Hi again:

The computer seems to be running fine..no pop ups/redirects. It actually seems to be running better than it has in awhile!

:thanks:

JonTom

2010-05-14, 20:23

Hello kcbaby

I am pretty sure that Limewire is where this all started
Very possible. P2P programs are bad news and best avoided.

It actually seems to be running better than it has in awhile!
Thats good, but we still have a few things to take care of. The Kaspersky Online Scan has flagged an infected file and an infected Java Cache. We will take care of these in the steps below:

Please Clear Your Sun Java Cache

Click on "Start", then on "Control Panel" and then on the Java icon (looks like a coffee cup). If you do not see the icon, look to your left and click "Switch to Classic View".
On the "General" tab, under "Temporary Internet Files", click the "Settings" button.
Next, click on the "Delete Files" button.
There are two options in the window to clear the cache - ("Applications and Applets" and "Trace and Log Files").
Leave BOTH Checked
Click "OK" on Delete Temporary Files Window.
Note: This deletes ALL the Downloaded Applications and Applets from the Cache.
Click "OK" to leave the Temporary Files Window.
Click "OK" to leave the Java Control Panel.

Please run the following Command

Click on "Start" and then on "Run".
Copy and Paste the following command into the Run box:

cmd /c del /f/a/q "C:\Program Files\ATI Technologies\ATI Control Panel\bak\ComponentDesktop.exe"

Click on "OK".

Please Uninstall Combofix

Click on "Start" and then on "Run".
Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.

Removal of Tools

You no longer need DDS, GMER or RootRepeal. Please delete them from your system.

Your Adobe is out of date

You can obtain the latest version of Adobe Reader from here (http://get.adobe.com/uk/reader/), and the latest version of Flash Player from here. (http://www.adobe.com/products/flashplayer/)
For more information and links to Adobe updates and downloads click here. (http://www.adobe.com/downloads/)

Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.

Finally, please take the time to read through the information provided below:

Enhance your System Security

For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here. (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
Once complete, remember to re-engage your resident security before going online.

Web Browsers and Browser Security

Firefox

Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here. (http://www.mozilla.com/en-US/firefox/)

No-Script

If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
You can download No-Script by clicking here. (https://addons.mozilla.org/en-US/firefox/addon/722)

Internet Explorer

The newest version of Internet Explorer is available from here. (http://www.microsoft.com/windows/internet-explorer/?ocid=ie8_s_94735d11-65d1-4bb8-bf6f-72d7b059a928)

SpywareBlaster

If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
You can download SpywareBlaster by clicking here. (http://www.javacoolsoftware.com/sbdownload.html)

Web of Trust

When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
You can download Web of Trust by clicking here. (http://www.mywot.com/)

Keep your Software Updated

Outdated software can sometimes have vulnerabilities that are exploitable by malware.
Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here. (http://secunia.com/vulnerability_scanning/online/)

Passwords

Learn how to create strong passwords by clicking here (http://www.microsoft.com/protect/yourself/password/create.mspx) and test the strength of the passwords you already use by clicking here. (http://www.microsoft.com/protect/yourself/password/checker.mspx)

General Reading

How did I get infected in the first place? (http://www.spywareinfoforum.com/index.php?showtopic=60955)

PC Safety and Security - What do I need? (http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html)

How to prevent Malware (by Miekiemoes) (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)

Learn How To Combat Malware

Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here. (http://forums.whatthetech.com/What_Tech_Classroom_t80368.html)

kcbaby

2010-05-18, 04:00

Hi JonTom:

I followed all of your final steps...thank you so much for the help! If left to my own devices, I probably would have bought a new computer by now. :red:

:wav:

:bigthumb:

JonTom

2010-05-18, 09:24

thank you so much for the help!

You are Very Welcome kcbaby

Best wishes
JonTom