Some Yoog malware on my Firefox and IE search engine

[rocks21]

ComboFix 09-03-18.01 - Omar 2009-03-19 19:04:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.635 [GMT -4:00]
Running from: c:\documents and settings\Omar\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\i386\EULA.txt
c:\documents and settings\i386\hosts
c:\documents and settings\i386\winmsd.exe
c:\program files\Mozilla Firefox\components\7d817ebf-685d-5fc9-8e89-dde647987875.dll
c:\program files\Mozilla Firefox\components\irpecufxanhh.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-19 12:00 . 2009-03-19 12:00 <DIR> d-------- c:\windows\LastGood
2009-03-14 00:27 . 2009-03-14 00:27 <DIR> d-------- C:\rsit
2009-03-13 21:55 . 2009-03-13 21:55 <DIR> d-------- c:\documents and settings\Omar\Application Data\Malwarebytes
2009-03-13 21:54 . 2009-03-13 21:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 21:54 . 2009-03-13 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-13 21:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 21:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 09:45 . 2009-03-11 09:45 <DIR> d-------- c:\documents and settings\Omar\Application Data\URSoft
2009-03-11 09:44 . 2009-03-11 09:47 <DIR> d-------- c:\program files\Your Uninstaller 2008
2009-03-10 23:19 . 2009-03-10 23:19 <DIR> dr------- c:\program files\Norton Support
2009-03-09 18:48 . 2009-03-09 18:48 <DIR> d-------- C:\_OTScanIt
2009-03-07 13:28 . 2009-03-07 13:52 <DIR> d-------- c:\program files\Common Files\Common Share
2009-03-04 21:14 . 2009-03-04 21:14 <DIR> d-------- c:\documents and settings\Omar\Application Data\DivX
2009-03-04 19:40 . 2008-11-06 12:37 129,784 --------- c:\windows\system32\pxafs.dll
2009-03-04 19:40 . 2008-11-06 12:37 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-03-04 19:40 . 2008-11-06 12:37 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-04 15:32 . 2009-02-27 07:20 36,400 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-03-02 09:51 . 2009-03-02 09:51 <DIR> d-------- c:\program files\Bonjour
2009-02-24 22:01 . 2009-02-24 22:01 <DIR> d-------- c:\documents and settings\Omar\Application Data\ACD Systems
2009-02-24 22:01 . 2009-02-24 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-24 21:59 . 2009-02-24 21:59 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-02-24 21:59 . 2009-02-24 21:59 <DIR> d-------- c:\program files\ACD Systems
2009-02-22 21:09 . 2009-03-19 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 14:51 --------- d-----w c:\program files\LimeWire
2009-03-11 22:57 --------- d-----w c:\program files\World of Warcraft
2009-03-11 13:50 --------- d-----w c:\program files\IrfanView
2009-03-11 13:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 20:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 23:41 --------- d-----w c:\program files\DivX
2009-03-03 18:56 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-03 18:56 7,386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-03 18:56 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-03 18:56 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-03 18:56 --------- d-----w c:\program files\Symantec
2009-02-27 16:51 --------- d-----w c:\documents and settings\Omar\Application Data\U3
2009-02-24 20:23 --------- d-----w c:\program files\iPod
2009-02-23 01:14 --------- d-----w c:\program files\Google
2009-02-09 21:50 --------- d-----w c:\program files\HP
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 01:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-09-29 00:16 38,016 ----a-w c:\documents and settings\Omar\Application Data\GDIPFONTCACHEV1.DAT
2008-09-14 04:06 37,240 ----a-w c:\documents and settings\El guest\Application Data\GDIPFONTCACHEV1.DAT
2006-03-26 19:04 147,608 ----a-w c:\documents and settings\i386\FNTCACHE.DAT
2006-03-24 23:51 53,838 ----a-w c:\documents and settings\i386\perfc009.dat
2006-03-24 23:51 382,260 ----a-w c:\documents and settings\i386\perfh009.dat
2006-03-24 23:46 16,384 ----a-w c:\documents and settings\i386\index.dat
2006-03-11 09:02 262,144 ---ha-w c:\documents and settings\i386\UsrClass.dat
2006-03-11 08:58 16,384 ----a-w c:\documents and settings\i386\MSIMGSIZ.DAT
2006-03-11 08:48 17,056 ----a-w c:\documents and settings\i386\AegisP.sys
2005-11-29 11:01 81,920 ----a-w c:\documents and settings\i386\SynTPCo2.dll
2005-11-29 10:58 69,723 ----a-w c:\documents and settings\i386\SynTPFcs.dll
2005-11-29 10:41 94,299 ----a-w c:\documents and settings\i386\SynTPAPI.dll
2005-11-29 10:41 114,688 ----a-w c:\documents and settings\i386\SynCtrl.dll
2005-11-29 10:40 82,014 ----a-w c:\documents and settings\i386\SynCOM.dll
2005-11-29 10:36 191,936 ----a-w c:\documents and settings\i386\SynTP.sys
2005-11-10 01:31 2,585,872 ----a-w c:\documents and settings\i386\KB893803.exe
2005-11-09 04:18 563,952 ----a-w c:\documents and settings\i386\KB908673.exe
2005-11-03 18:00 2,594,032 ----a-w c:\documents and settings\i386\KB896424.exe
2005-10-31 07:01 442,368 ----a-w c:\documents and settings\i386\pxdrv.dll
2005-10-25 23:39 27,264 ----a-w c:\documents and settings\i386\usbehci.sys
2005-10-25 23:39 143,104 ----a-w c:\documents and settings\i386\usbport.sys
2005-10-25 07:00 983,040 ----a-w c:\documents and settings\i386\cmdvdpakENU.dll
2005-10-15 03:15 1,302,812 ----a-w c:\documents and settings\i386\ialmnt5.sys
2005-10-15 03:14 901,242 ----a-w c:\documents and settings\i386\ialmdd5.dll
2005-10-15 03:06 61,440 ----a-w c:\documents and settings\i386\iAlmCoIn_v4410.dll
2005-10-15 03:06 49,152 ----a-w c:\documents and settings\i386\ialmrem.dll
2005-10-15 03:06 36,990 ----a-w c:\documents and settings\i386\ialmrnt5.dll
2005-10-15 03:06 213,274 ----a-w c:\documents and settings\i386\ialmdev5.dll
2005-10-15 03:06 118,395 ----a-w c:\documents and settings\i386\ialmdnt5.dll
2005-10-15 02:59 524,288 ----a-w c:\documents and settings\i386\igldev32.dll
2005-10-15 02:57 2,310,144 ----a-w c:\documents and settings\i386\iglicd32.dll
2005-10-15 02:50 94,208 ----a-w c:\documents and settings\i386\igfxext.exe
2005-10-15 02:50 53,248 ----a-w c:\documents and settings\i386\oemdspif.dll
2005-10-15 02:50 40,960 ----a-w c:\documents and settings\i386\igfxexps.dll
2005-10-15 02:50 114,688 ----a-w c:\documents and settings\i386\igfxzoom.exe
2005-10-15 02:50 114,688 ----a-w c:\documents and settings\i386\igfxpers.exe
2005-10-15 02:49 446,464 ----a-w c:\documents and settings\i386\igfxcfg.exe
2005-10-15 02:49 147,456 ----a-w c:\documents and settings\i386\igfxpph.dll
2005-10-15 02:49 1,503,232 ----a-w c:\documents and settings\i386\igfxress.dll
2005-10-15 02:46 86,016 ----a-w c:\documents and settings\i386\igfxdo.dll
2005-10-15 02:46 77,824 ----a-w c:\documents and settings\i386\hkcmd.exe
2005-10-15 02:46 57,344 ----a-w c:\documents and settings\i386\igfxsrvc.dll
2005-10-15 02:46 159,744 ----a-w c:\documents and settings\i386\igfxsrvc.exe
2005-10-15 02:45 73,728 ----a-w c:\documents and settings\i386\hccutils.dll
2005-10-15 02:45 135,168 ----a-w c:\documents and settings\i386\igfxres.dll
2005-10-15 02:45 135,168 ----a-w c:\documents and settings\i386\igfxdev.dll
2005-10-10 18:00 559,856 ----a-w c:\documents and settings\i386\KB906569.exe
2005-10-10 18:00 4,966,128 ----a-w c:\documents and settings\i386\KB896688.Exe
2005-10-10 18:00 1,393,392 ----a-w c:\documents and settings\i386\KB904706.Exe
2005-10-07 17:28 349,760 ----a-w c:\documents and settings\i386\mcinsctl.dll
2005-10-07 17:28 288,320 ----a-w c:\documents and settings\i386\mcgdmgr.dll
2005-10-06 03:09 280,064 ----a-w c:\documents and settings\i386\gdi32.dll
2005-10-06 00:05 1,839,488 ----a-w c:\documents and settings\i386\win32k.sys
2005-10-04 23:26 3,015,168 ----a-w c:\documents and settings\i386\mshtml.dll
2005-09-27 00:29 21,504 ----a-w c:\documents and settings\i386\xpsp3res.dll
2005-09-12 09:30 89,264 ----a-w c:\documents and settings\i386\DRVMCDB.SYS
2005-09-10 05:21 109,056 ----a-w c:\documents and settings\i386\staco.dll
2005-09-10 05:18 389,120 ----a-w c:\documents and settings\i386\STLang.dll
2005-09-10 05:18 167,936 ----a-w c:\documents and settings\i386\stacapi.dll
2005-09-10 05:15 1,032,472 ----a-w c:\documents and settings\i386\sthda.sys
2005-09-02 23:52 96,256 ----a-w c:\documents and settings\i386\inseng.dll
2005-08-30 03:54 1,287,168 ----a-w c:\documents and settings\i386\quartz.dll
2005-08-25 18:16 5,628 ----a-w c:\documents and settings\i386\DLACDBHM.SYS
2005-08-25 18:16 22,684 ----a-w c:\documents and settings\i386\DLARTL_N.SYS
2005-08-16 22:18 80,640 ----a-w c:\documents and settings\i386\MpFirewall.sys
2005-08-16 22:13 9,216 ----a-w c:\documents and settings\i386\MpfApi.dll
2005-08-12 11:20 40,544 ----a-w c:\documents and settings\i386\DRVNDDM.SYS
2005-08-12 07:00 28,672 ----a-w c:\documents and settings\i386\VXBLOCK.dll
2005-08-10 17:22 114,464 ----a-w c:\documents and settings\i386\naiavf5x.sys
2005-08-05 09:32 45,312 ----a-r c:\documents and settings\i386\bcm4sbxp.sys
2005-08-04 18:00 583,920 ----a-w c:\documents and settings\i386\KB899591.exe
2005-08-04 18:00 579,312 ----a-w c:\documents and settings\i386\KB899588.exe
2005-08-04 18:00 563,440 ----a-w c:\documents and settings\i386\KB896423.exe
2005-08-03 16:44 16,128 ----a-w c:\documents and settings\i386\APPDRV.SYS
2005-07-22 09:02 1,035,008 ----a-w c:\documents and settings\i386\HSF_DPV.sys
2005-07-22 09:01 717,952 ----a-w c:\documents and settings\i386\HSF_CNXT.sys
2005-07-22 09:01 201,600 ----a-w c:\documents and settings\i386\HSFHWAZL.sys
2008-09-18 19:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091820080919\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-03-11 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PASPortal.lnk - c:\windows\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe [2006-08-30 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 18:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= NUVision.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\El guest\\Desktop\\WEB-WOWEx-E3-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SymEFA.sys [2009-03-03 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [2009-03-03 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\cchpx86.sys [2009-03-03 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSXpx86.sys [2009-03-11 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [2009-03-03 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S2 gupdate1c9955416be3348;Servicio de actualización de Google (gupdate1c9955416be3348);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
S3 nuvaudio;NUVision Audio Service;c:\windows\system32\drivers\nuvaudio.sys [2006-11-19 20704]
S3 NUVision;ATI TV Wonder, USB Edition (NTSC+);c:\windows\system32\drivers\NUVision.sys [2006-11-19 145184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d3d59fa-234f-11dc-a033-0014229e8b54}]
\shell\verb1\command - desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}]
\Shell\AutoRun\command - F:\oq.cmd
\Shell\explore\Command - F:\oq.cmd
\Shell\open\Command - F:\oq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - G:\system.exe
\Shell\Open\command - G:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}]
\Shell\AutoRun\command - F:\oq.cmd
\Shell\explore\Command - F:\oq.cmd
\Shell\open\Command - F:\oq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5204176-eed7-11dc-a123-0014229e8b54}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 21:09]

2009-03-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 21:14]

2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2008-05-11 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/news?ned=us
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.5.0.134\CoIEPlg.dll
FF - ProfilePath - c:\documents and settings\Omar\Application Data\Mozilla\Firefox\Profiles\drj06ki6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 19:06:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2193605024-3644771226-1533073982-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2193605024-3644771226-1533073982-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0BB8495C-2C8D-80CB-624C-A545C4C023A2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"najbmdahbnonjlcimcplodlnbden"=hex:6a,61,66,6d,61,62,65,70,61,70,70,68,64,70,
6e,68,62,6f,65,67,00,00
"maddgacgncmpgalemooonmaphd"=hex:6b,61,69,6f,6d,61,69,6e,62,6a,68,6e,62,66,63,
6a,6a,66,6a,61,6d,65,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1464)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-19 19:09:43
ComboFix-quarantined-files.txt 2009-03-19 23:08:53

Pre-Run: 18,505,330,688 bytes free
Post-Run: 18,552,950,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

320 --- E O F --- 2009-03-17 16:47:00

[peku006]

Hi rocks21

1 - Run CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Firefox::
FF - ProfilePath - c:\documents and settings\Omar\Application Data\Mozilla\Firefox\Profiles\drj06ki6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d3d59fa-234f-11dc-a033-0014229e8b54}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}]

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
3. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006

[rocks21]

ComboFix 09-03-18.01 - Omar 2009-03-20 13:57:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.567 [GMT -4:00]
Running from: c:\documents and settings\Omar\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Omar\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-20 09:45 . 2009-03-20 09:45 <DIR> d-------- c:\windows\LastGood
2009-03-14 00:27 . 2009-03-14 00:27 <DIR> d-------- C:\rsit
2009-03-13 21:55 . 2009-03-13 21:55 <DIR> d-------- c:\documents and settings\Omar\Application Data\Malwarebytes
2009-03-13 21:54 . 2009-03-13 21:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 21:54 . 2009-03-13 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-13 21:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 21:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 09:45 . 2009-03-11 09:45 <DIR> d-------- c:\documents and settings\Omar\Application Data\URSoft
2009-03-11 09:44 . 2009-03-11 09:47 <DIR> d-------- c:\program files\Your Uninstaller 2008
2009-03-10 23:19 . 2009-03-10 23:19 <DIR> dr------- c:\program files\Norton Support
2009-03-09 18:48 . 2009-03-09 18:48 <DIR> d-------- C:\_OTScanIt
2009-03-07 13:28 . 2009-03-07 13:52 <DIR> d-------- c:\program files\Common Files\Common Share
2009-03-04 21:14 . 2009-03-04 21:14 <DIR> d-------- c:\documents and settings\Omar\Application Data\DivX
2009-03-04 19:40 . 2008-11-06 12:37 129,784 --------- c:\windows\system32\pxafs.dll
2009-03-04 19:40 . 2008-11-06 12:37 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-03-04 19:40 . 2008-11-06 12:37 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-04 15:32 . 2009-02-27 07:20 36,400 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-03-02 09:51 . 2009-03-02 09:51 <DIR> d-------- c:\program files\Bonjour
2009-02-24 22:01 . 2009-02-24 22:01 <DIR> d-------- c:\documents and settings\Omar\Application Data\ACD Systems
2009-02-24 22:01 . 2009-02-24 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-24 21:59 . 2009-02-24 21:59 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-02-24 21:59 . 2009-02-24 21:59 <DIR> d-------- c:\program files\ACD Systems
2009-02-22 21:09 . 2009-03-19 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 14:51 --------- d-----w c:\program files\LimeWire
2009-03-11 22:57 --------- d-----w c:\program files\World of Warcraft
2009-03-11 13:50 --------- d-----w c:\program files\IrfanView
2009-03-11 13:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 20:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 23:41 --------- d-----w c:\program files\DivX
2009-03-03 18:56 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-03 18:56 7,386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-03 18:56 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-03 18:56 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-03 18:56 --------- d-----w c:\program files\Symantec
2009-02-27 16:51 --------- d-----w c:\documents and settings\Omar\Application Data\U3
2009-02-24 20:23 --------- d-----w c:\program files\iPod
2009-02-23 01:14 --------- d-----w c:\program files\Google
2009-02-09 21:50 --------- d-----w c:\program files\HP
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 01:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-09-29 00:16 38,016 ----a-w c:\documents and settings\Omar\Application Data\GDIPFONTCACHEV1.DAT
2008-09-14 04:06 37,240 ----a-w c:\documents and settings\El guest\Application Data\GDIPFONTCACHEV1.DAT
2006-03-26 19:04 147,608 ----a-w c:\documents and settings\i386\FNTCACHE.DAT
2006-03-24 23:51 53,838 ----a-w c:\documents and settings\i386\perfc009.dat
2006-03-24 23:51 382,260 ----a-w c:\documents and settings\i386\perfh009.dat
2006-03-24 23:46 16,384 ----a-w c:\documents and settings\i386\index.dat
2006-03-11 09:02 262,144 ---ha-w c:\documents and settings\i386\UsrClass.dat
2006-03-11 08:58 16,384 ----a-w c:\documents and settings\i386\MSIMGSIZ.DAT
2006-03-11 08:48 17,056 ----a-w c:\documents and settings\i386\AegisP.sys
2005-11-29 11:01 81,920 ----a-w c:\documents and settings\i386\SynTPCo2.dll
2005-11-29 10:58 69,723 ----a-w c:\documents and settings\i386\SynTPFcs.dll
2005-11-29 10:41 94,299 ----a-w c:\documents and settings\i386\SynTPAPI.dll
2005-11-29 10:41 114,688 ----a-w c:\documents and settings\i386\SynCtrl.dll
2005-11-29 10:40 82,014 ----a-w c:\documents and settings\i386\SynCOM.dll
2005-11-29 10:36 191,936 ----a-w c:\documents and settings\i386\SynTP.sys
2005-11-10 01:31 2,585,872 ----a-w c:\documents and settings\i386\KB893803.exe
2005-11-09 04:18 563,952 ----a-w c:\documents and settings\i386\KB908673.exe
2005-11-03 18:00 2,594,032 ----a-w c:\documents and settings\i386\KB896424.exe
2005-10-31 07:01 442,368 ----a-w c:\documents and settings\i386\pxdrv.dll
2005-10-25 23:39 27,264 ----a-w c:\documents and settings\i386\usbehci.sys
2005-10-25 23:39 143,104 ----a-w c:\documents and settings\i386\usbport.sys
2005-10-25 07:00 983,040 ----a-w c:\documents and settings\i386\cmdvdpakENU.dll
2005-10-15 03:15 1,302,812 ----a-w c:\documents and settings\i386\ialmnt5.sys
2005-10-15 03:14 901,242 ----a-w c:\documents and settings\i386\ialmdd5.dll
2005-10-15 03:06 61,440 ----a-w c:\documents and settings\i386\iAlmCoIn_v4410.dll
2005-10-15 03:06 49,152 ----a-w c:\documents and settings\i386\ialmrem.dll
2005-10-15 03:06 36,990 ----a-w c:\documents and settings\i386\ialmrnt5.dll
2005-10-15 03:06 213,274 ----a-w c:\documents and settings\i386\ialmdev5.dll
2005-10-15 03:06 118,395 ----a-w c:\documents and settings\i386\ialmdnt5.dll
2005-10-15 02:59 524,288 ----a-w c:\documents and settings\i386\igldev32.dll
2005-10-15 02:57 2,310,144 ----a-w c:\documents and settings\i386\iglicd32.dll
2005-10-15 02:50 94,208 ----a-w c:\documents and settings\i386\igfxext.exe
2005-10-15 02:50 53,248 ----a-w c:\documents and settings\i386\oemdspif.dll
2005-10-15 02:50 40,960 ----a-w c:\documents and settings\i386\igfxexps.dll
2005-10-15 02:50 114,688 ----a-w c:\documents and settings\i386\igfxzoom.exe
2005-10-15 02:50 114,688 ----a-w c:\documents and settings\i386\igfxpers.exe
2005-10-15 02:49 446,464 ----a-w c:\documents and settings\i386\igfxcfg.exe
2005-10-15 02:49 147,456 ----a-w c:\documents and settings\i386\igfxpph.dll
2005-10-15 02:49 1,503,232 ----a-w c:\documents and settings\i386\igfxress.dll
2005-10-15 02:46 86,016 ----a-w c:\documents and settings\i386\igfxdo.dll
2005-10-15 02:46 77,824 ----a-w c:\documents and settings\i386\hkcmd.exe
2005-10-15 02:46 57,344 ----a-w c:\documents and settings\i386\igfxsrvc.dll
2005-10-15 02:46 159,744 ----a-w c:\documents and settings\i386\igfxsrvc.exe
2005-10-15 02:45 73,728 ----a-w c:\documents and settings\i386\hccutils.dll
2005-10-15 02:45 135,168 ----a-w c:\documents and settings\i386\igfxres.dll
2005-10-15 02:45 135,168 ----a-w c:\documents and settings\i386\igfxdev.dll
2005-10-10 18:00 559,856 ----a-w c:\documents and settings\i386\KB906569.exe
2005-10-10 18:00 4,966,128 ----a-w c:\documents and settings\i386\KB896688.Exe
2005-10-10 18:00 1,393,392 ----a-w c:\documents and settings\i386\KB904706.Exe
2005-10-07 17:28 349,760 ----a-w c:\documents and settings\i386\mcinsctl.dll
2005-10-07 17:28 288,320 ----a-w c:\documents and settings\i386\mcgdmgr.dll
2005-10-06 03:09 280,064 ----a-w c:\documents and settings\i386\gdi32.dll
2005-10-06 00:05 1,839,488 ----a-w c:\documents and settings\i386\win32k.sys
2005-10-04 23:26 3,015,168 ----a-w c:\documents and settings\i386\mshtml.dll
2005-09-27 00:29 21,504 ----a-w c:\documents and settings\i386\xpsp3res.dll
2005-09-12 09:30 89,264 ----a-w c:\documents and settings\i386\DRVMCDB.SYS
2005-09-10 05:21 109,056 ----a-w c:\documents and settings\i386\staco.dll
2005-09-10 05:18 389,120 ----a-w c:\documents and settings\i386\STLang.dll
2005-09-10 05:18 167,936 ----a-w c:\documents and settings\i386\stacapi.dll
2005-09-10 05:15 1,032,472 ----a-w c:\documents and settings\i386\sthda.sys
2005-09-02 23:52 96,256 ----a-w c:\documents and settings\i386\inseng.dll
2005-08-30 03:54 1,287,168 ----a-w c:\documents and settings\i386\quartz.dll
2005-08-25 18:16 5,628 ----a-w c:\documents and settings\i386\DLACDBHM.SYS
2005-08-25 18:16 22,684 ----a-w c:\documents and settings\i386\DLARTL_N.SYS
2005-08-16 22:18 80,640 ----a-w c:\documents and settings\i386\MpFirewall.sys
2005-08-16 22:13 9,216 ----a-w c:\documents and settings\i386\MpfApi.dll
2005-08-12 11:20 40,544 ----a-w c:\documents and settings\i386\DRVNDDM.SYS
2005-08-12 07:00 28,672 ----a-w c:\documents and settings\i386\VXBLOCK.dll
2005-08-10 17:22 114,464 ----a-w c:\documents and settings\i386\naiavf5x.sys
2005-08-05 09:32 45,312 ----a-r c:\documents and settings\i386\bcm4sbxp.sys
2005-08-04 18:00 583,920 ----a-w c:\documents and settings\i386\KB899591.exe
2005-08-04 18:00 579,312 ----a-w c:\documents and settings\i386\KB899588.exe
2005-08-04 18:00 563,440 ----a-w c:\documents and settings\i386\KB896423.exe
2005-08-03 16:44 16,128 ----a-w c:\documents and settings\i386\APPDRV.SYS
2005-07-22 09:02 1,035,008 ----a-w c:\documents and settings\i386\HSF_DPV.sys
2005-07-22 09:01 717,952 ----a-w c:\documents and settings\i386\HSF_CNXT.sys
2005-07-22 09:01 201,600 ----a-w c:\documents and settings\i386\HSFHWAZL.sys
2005-07-14 16:58 28,544 ----a-w c:\documents and settings\i386\rimmptsk.sys
2005-07-14 15:28 307,968 ----a-w c:\documents and settings\i386\rixdptsk.sys
2005-07-12 17:00 51,328 ----a-w c:\documents and settings\i386\rimsptsk.sys
2005-07-06 18:00 625,904 ----a-w c:\documents and settings\i386\KB901214.exe
2008-09-18 19:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091820080919\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-19_19.07.17.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-20 13:42:50 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_440.dat
+ 2009-03-20 13:43:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_54c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-03-11 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PASPortal.lnk - c:\windows\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe [2006-08-30 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 18:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= NUVision.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\El guest\\Desktop\\WEB-WOWEx-E3-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SymEFA.sys [2009-03-03 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [2009-03-03 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\cchpx86.sys [2009-03-03 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSXpx86.sys [2009-03-11 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [2009-03-03 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S2 gupdate1c9955416be3348;Servicio de actualización de Google (gupdate1c9955416be3348);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
S3 nuvaudio;NUVision Audio Service;c:\windows\system32\drivers\nuvaudio.sys [2006-11-19 20704]
S3 NUVision;ATI TV Wonder, USB Edition (NTSC+);c:\windows\system32\drivers\NUVision.sys [2006-11-19 145184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5204176-eed7-11dc-a123-0014229e8b54}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 21:09]

2009-03-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 21:14]

2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2008-05-11 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/news?ned=us
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.5.0.134\CoIEPlg.dll
FF - ProfilePath - c:\documents and settings\Omar\Application Data\Mozilla\Firefox\Profiles\drj06ki6.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 14:00:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2193605024-3644771226-1533073982-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2193605024-3644771226-1533073982-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0BB8495C-2C8D-80CB-624C-A545C4C023A2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"najbmdahbnonjlcimcplodlnbden"=hex:6a,61,66,6d,61,62,65,70,61,70,70,68,64,70,
6e,68,62,6f,65,67,00,00
"maddgacgncmpgalemooonmaphd"=hex:6b,61,69,6f,6d,61,69,6e,62,6a,68,6e,62,66,63,
6a,6a,66,6a,61,6d,65,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1452)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-20 14:03:22
ComboFix-quarantined-files.txt 2009-03-20 18:03:02
ComboFix2.txt 2009-03-19 23:09:44

Pre-Run: 18,451,992,576 bytes free
Post-Run: 18,487,676,928 bytes free

284 --- E O F --- 2009-03-20 13:48:50

[rocks21]

Hi,Now Google is set as my default search engine :-) but the Yoog search engine is still there,I'm still able to choose it, how can i get rid of it?
thx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:07:27 p.m., on 20/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PASPortal.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servicio de actualización de Google (gupdate1c9955416be3348) (gupdate1c9955416be3348) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11404 bytes

[peku006]

Hi rocks21

Let´s try this.....

FireFox
Remove Yoog Search from FireFoxLook in your Firefox profile folder for a file with a name like Yoog search.XML and delete it.
Typical path is like: C:\Documents and Settings\your name\Application Data\Mozilla\Firefox\Profiles\random name.default
On the address bar of Firefox you type: about:config and press the Enter key
Click on the "I will be careful, I promise" button.
Type in Yoog for the filter and a list of items that have Yoog in them should appear
For each entry that has been modified and now has Yoog in it you can RIGHT CLICK and choose RESET

IE7
Click on Tools/Internet Options
In the middle under Search section click the Settings button
Highlight Yoog and click the Remove button.

post back if it helped

Thanks peku006

[rocks21]

Yes,it worked ,thanks a lot for the help,i still have to see if the windows update are working,since they seem to be in a loop

[peku006]

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.