Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: Virus--W32.SillyFDC

  1. #11
    Member
    Join Date
    Oct 2008
    Location
    New York
    Posts
    58

    Default

    no, not yet. Im kinda an idiot about these things, so when something doesnt go as planned, and i can't see a reason why, I wait before doing the next step. Sorry if I'm being a little cowardly.

  2. #12
    Member
    Join Date
    Oct 2008
    Location
    New York
    Posts
    58

    Default Not yet.

    no, not yet. Im kinda an idiot about these things, so when something doesnt go as planned, and i can't see a reason why, I wait before doing the next step. Sorry if I'm being a little cowardly.

  3. #13
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    when something doesnt go as planned, and i can't see a reason why, I wait before doing the next step.
    That's actually right way to proceed
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #14
    Member
    Join Date
    Oct 2008
    Location
    New York
    Posts
    58

    Default Okay, so what now?

    So, no, I didn't run combo fix yet. In light of the issues I expressed in yesterday's post, what should I do? Run the Combo Fix as you said?

  5. #15
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Yes, I'd run it with your usb drive plugged in.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #16
    Member
    Join Date
    Oct 2008
    Location
    New York
    Posts
    58

    Smile Done, finally!

    First, after combofix internet explorer stated that it was no longer my default browser. I told it to make it my default, but I just thought I would make mention of it just in case that meant something bad.

    Here is the Combo Fix, the DDS and attach.txt. as I stated before, Kaspersky did not spit up a report, and stated there was nothing found.

    ComboFix 09-05-31.02 - Alexa 05/31/2009 16:01.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.224 [GMT -4:00]
    Running from: c:\documents and settings\Alexa\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .

    ((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
    .

    2009-05-30 01:52 . 2009-05-30 01:52 -------- d-sh--w- c:\documents and settings\Alexa\UserData
    2009-05-28 22:28 . 2009-05-28 20:18 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-05-28 20:18 . 2009-05-28 20:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-05-28 20:18 . 2009-05-28 20:18 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
    2009-05-28 20:18 . 2009-05-28 20:18 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
    2009-05-28 20:18 . 2009-05-28 20:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
    2009-05-28 20:18 . 2009-05-28 20:18 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2009-05-28 20:18 . 2009-05-28 20:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2009-05-28 20:18 . 2009-05-28 20:18 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2009-05-28 20:18 . 2009-05-28 20:18 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
    2009-05-28 20:17 . 2009-05-28 20:17 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
    2009-05-28 20:17 . 2009-05-28 20:17 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
    2009-05-28 20:17 . 2009-05-28 20:17 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
    2009-05-28 20:17 . 2009-05-28 20:17 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
    2009-05-28 20:17 . 2009-05-28 20:17 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2009-05-28 20:17 . 2009-05-28 20:17 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2009-05-28 20:17 . 2009-05-28 20:17 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2009-05-28 20:17 . 2009-05-28 20:17 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2009-05-28 20:17 . 2009-05-28 20:17 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
    2009-05-28 20:17 . 2009-05-28 20:17 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2009-05-28 20:17 . 2009-05-28 20:17 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2009-05-28 20:10 . 2009-05-28 20:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-05-28 20:10 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
    2009-05-28 20:10 . 2009-05-28 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-05-27 22:33 . 2009-05-27 22:33 -------- d-----w- c:\program files\ERUNT
    2009-05-09 00:40 . 2009-05-09 00:40 127877 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\uninstall.exe
    2009-05-09 00:39 . 2009-05-09 00:40 1685856 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-29 22:31 . 2008-09-27 03:34 -------- d-----w- c:\documents and settings\Alexa\Application Data\Move Networks
    2009-05-28 20:10 . 2006-07-29 02:25 -------- d-----w- c:\program files\Lavasoft
    2009-05-28 20:01 . 2006-06-15 19:13 -------- d-----w- c:\program files\Common Files\Adobe
    2009-05-28 19:58 . 2006-06-09 23:17 -------- d-----w- c:\program files\Java
    2009-05-15 22:57 . 2007-11-29 19:25 -------- d-----w- c:\program files\EA GAMES
    2009-05-13 07:05 . 2008-02-14 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-05-12 01:26 . 2006-12-14 22:48 -------- d-----w- c:\program files\Diablo II
    2009-05-01 00:35 . 2007-07-06 19:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-05-01 00:34 . 2007-07-07 03:58 16 ----a-w- c:\windows\popcinfo.dat
    2009-04-06 23:16 . 2006-06-09 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2009-04-06 23:14 . 2006-06-09 23:25 -------- d-----w- c:\program files\Symantec
    2009-04-06 23:14 . 2009-01-22 11:41 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-06 23:14 . 2009-01-22 11:41 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2009-04-06 23:14 . 2009-01-22 11:41 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-06 23:14 . 2009-01-22 11:41 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-06 23:12 . 2006-06-09 23:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-04-06 22:38 . 2006-07-29 01:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-03-28 02:06 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2009-03-13 22:01 . 2008-04-16 18:59 149768 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
    2009-03-09 09:19 . 2008-11-05 18:29 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-03-06 14:22 . 2004-08-11 21:00 284160 ----a-w- c:\windows\system32\pdh.dll
    2009-03-06 13:38 . 2009-03-06 07:37 34 ----a-w- c:\documents and settings\Alexa\jagex_runescape_preferences.dat
    2009-03-03 00:18 . 2004-08-11 21:00 826368 ----a-w- c:\windows\system32\wininet.dll
    2007-07-19 01:40 . 2006-10-17 00:58 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-10-18 19:07 . 2006-07-20 21:53 88 --sh--r- c:\windows\system32\2CEAF28523.sys
    2007-10-18 19:07 . 2006-07-20 21:53 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "medicsp2"="c:\program files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 198184]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-28 198160]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
    "NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-05-16 86016]

    c:\documents and settings\Alexa\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-25 113664]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-9 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
    Windows Desktop Search.lnk.disabled [2007-10-19 1781]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "wave"= serwvdrv.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^Alexa^Start Menu^Programs^Startup^Microsoft Office Groove.lnk.disabled]
    path=c:\documents and settings\Alexa\Start Menu\Programs\Startup\Microsoft Office Groove.lnk.disabled
    backup=c:\windows\pss\Microsoft Office Groove.lnk.disabledStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "nwiz"=nwiz.exe /install
    "PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Converter 4\\RegistryController.exe"
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\Smc.exe"=
    "c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\SNAC.EXE"=
    "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/28/2009 4:18 PM 64160]
    R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [5/21/2008 10:48 AM 202280]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/4/2009 10:36 AM 101936]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [4/16/2008 2:59 PM 23888]
    S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [4/30/2008 11:40 AM 9312]
    S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\Ares\tcpip_patcher.sys --> c:\program files\Ares\tcpip_patcher.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:17]

    2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2009-05-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    Notify-NavLogon - (no file)
    SafeBoot-procexp90.Sys
    SafeBoot-Symantec Antvirus


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://verizon.yahoo.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-31 16:22
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(6116)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-05-31 16:38
    ComboFix-quarantined-files.txt 2009-05-31 20:38

    Pre-Run: 3,774,394,368 bytes free
    Post-Run: 4,220,702,720 bytes free

    215 --- E O F --- 2009-05-13 07:05



    DDS (Ver_09-05-14.01) - NTFSx86
    Run by Alexa at 16:45:07.60 on Sun 05/31/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.138 [GMT -4:00]

    AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Symantec\LiveUpdate\luall.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\WINDOWS\explorer.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt502\spa.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\Alexa\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://verizon.yahoo.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [hplampc] c:\windows\system32\hplampc.exe
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [medicsp2] c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    StartupFolder: c:\docume~1\alexa\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Windows Desktop Search.lnk.disabled
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf converter 4\cnvres_eng.dll /100
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170297346062
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-28 64160]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
    R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2008-5-21 202280]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2008-9-11 2436536]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-4 101936]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090530.003\NAVENG.SYS [2009-5-30 89104]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090530.003\NAVEX15.SYS [2009-5-30 876144]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-4-16 23888]
    S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2008-4-30 9312]
    S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\ares\tcpip_patcher.sys --> c:\program files\ares\tcpip_patcher.sys [?]

    =============== Created Last 30 ================

    2009-05-31 15:57 161,792 a------- c:\windows\SWREG.exe
    2009-05-31 15:57 154,624 a------- c:\windows\PEV.exe
    2009-05-31 15:57 98,816 a------- c:\windows\sed.exe
    2009-05-29 21:52 <DIR> --dsh--- c:\documents and settings\alexa\UserData
    2009-05-29 18:12 <DIR> a-dshr-- C:\autorun.inf
    2009-05-28 18:28 15,688 a------- c:\windows\system32\lsdelete.exe
    2009-05-28 16:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys
    2009-05-28 16:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

    ==================== Find3M ====================

    2009-04-06 19:14 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-06 19:14 60,800 a------- c:\windows\system32\S32EVNT1.DLL
    2009-04-06 19:14 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-06 19:14 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
    2009-03-27 22:06 348,160 a------- c:\windows\system32\msvcr71.dll
    2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
    2009-03-10 22:18 934,792 a------- c:\windows\system32\dllcache\WgaTray.exe
    2009-03-10 22:18 239,496 a------- c:\windows\system32\dllcache\wgaLogon.dll
    2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
    2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
    2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
    2009-03-06 09:38 34 a------- c:\documents and settings\alexa\jagex_runescape_preferences.dat
    2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
    2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
    2007-10-18 15:07 88 ---shr-- c:\windows\system32\2CEAF28523.sys
    2007-10-18 15:07 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
    2008-09-04 10:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

    ============= FINISH: 16:45:45.95 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-05-14.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/15/2006 3:01:26 PM
    System Uptime: 5/28/2009 10:06:03 PM (66 hours ago)

    Motherboard: Dell Inc. | | 0JC474
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 53 GiB total, 3.951 GiB free.
    D: is FIXED (NTFS) - 19 GiB total, 18.539 GiB free.
    E: is CDROM (CDFS)
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) 82915G/GV/910GL Express Chipset Family
    Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
    Manufacturer: Intel Corporation
    Name: Intel(R) 82915G/GV/910GL Express Chipset Family
    PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
    Service: ialm

    ==== System Restore Points ===================

    RP195: 5/9/2009 5:36:07 PM - System Checkpoint
    RP196: 5/10/2009 7:57:43 PM - System Checkpoint
    RP197: 5/12/2009 12:06:54 AM - System Checkpoint
    RP198: 5/13/2009 3:00:38 AM - Software Distribution Service 3.0
    RP199: 5/14/2009 3:56:34 AM - System Checkpoint
    RP200: 5/15/2009 9:10:17 AM - System Checkpoint
    RP201: 5/16/2009 12:25:13 PM - System Checkpoint
    RP202: 5/17/2009 2:47:00 PM - System Checkpoint
    RP203: 5/18/2009 9:28:56 PM - System Checkpoint
    RP204: 5/19/2009 11:39:37 PM - System Checkpoint
    RP205: 5/21/2009 2:59:15 AM - System Checkpoint
    RP206: 5/22/2009 3:50:15 AM - System Checkpoint
    RP207: 5/23/2009 7:49:13 AM - System Checkpoint
    RP208: 5/24/2009 11:49:04 AM - System Checkpoint
    RP209: 5/25/2009 11:54:15 AM - System Checkpoint
    RP210: 5/26/2009 12:09:32 PM - System Checkpoint
    RP211: 5/27/2009 1:07:05 PM - System Checkpoint
    RP212: 5/28/2009 2:59:08 PM - System Checkpoint
    RP213: 5/28/2009 3:52:23 PM - Removed Adobe Reader 7.0.8
    RP214: 5/28/2009 3:55:53 PM - Removed J2SE Runtime Environment 5.0 Update 11
    RP215: 5/28/2009 3:56:44 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
    RP216: 5/28/2009 3:58:22 PM - Removed Java(TM) 6 Update 7
    RP217: 5/28/2009 4:00:28 PM - Installed Adobe Reader 9.1.
    RP218: 5/29/2009 4:36:27 PM - System Checkpoint
    RP219: 5/30/2009 5:38:54 PM - System Checkpoint

    ==== Installed Programs ======================


    2007 Microsoft Office Suite Service Pack 1 (SP1)
    7-Zip 4.64
    AAC Decoder
    Ad-Aware
    Ad-Aware SE Personal
    Adobe Acrobat 7.0 Professional
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin
    Adobe Photoshop 7.0
    Adobe Reader 9.1
    Adobe Shockwave Player 11.5
    AGEIA PhysX v7.11.13
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    Avid DVD Limited by Sonic
    Bejeweled 2 Deluxe
    Bonjour
    BufferChm
    CEP - Color Enable Package
    Championship Mah Jongg
    Character Builder Beta
    Conexant D850 56K V.9x DFVc Modem
    Critical Update for Windows Media Player 11 (KB959772)
    CustomerResearchQFolder
    Data Access Objects (DAO) 3.0
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Support Center (Support Software)
    Dell System Restore
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    Diablo II
    Digital Content Portal
    Digital Line Detect
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    Emperor: Rise of the Middle Kingdom
    ERUNT 1.1j
    eSupportQFolder
    FLV Player 1.3.3
    Font Creator Program 3.0
    Form Fill (Windows Live Toolbar)
    GdiplusUpgrade
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Video Player
    GRE POWERPREP
    H.264 Decoder
    High Definition Audio Driver Package - KB835221
    Highlight Viewer (Windows Live Toolbar)
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Deskjet 3900 series
    HP Extended Capabilities 5.0
    HP Imaging Device Functions 5.0
    HP Photosmart Essential
    HP Product Detection
    HP Solution Center & Imaging Support Tools 5.0
    HP Update
    HPDeskjet3900Series
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    ISI ResearchSoft - Export Helper
    iTunes
    Java(TM) 6 Update 13
    LiveReg (Symantec Corporation)
    LiveUpdate 3.3 (Symantec Corporation)
    Macromedia Shockwave Player
    Map Button (Windows Live Toolbar)
    MarketResearch
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office Access 2003 Runtime
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Web Components
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Theme Nunavut
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft XML Parser
    MKV Splitter
    Modem Helper
    Move Media Player
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Netflix Movie Viewer
    NetWaiting
    NVIDIA Drivers
    PC Connectivity Solution
    PhotoRecall Deluxe
    QuickTime
    RealPlayer
    Rhapsody Player Engine
    Road Runner Install
    Road Runner Medic 6.1
    Roxio DLA
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Roxio Update Manager
    ScanSoft PDF Converter 4
    Search Assist
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB960003)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB959997)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Visio 2007 (KB947590)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Sid Meier's Civilization 4
    Sid Meier's Pirates!
    Smart Menus (Windows Live Toolbar)
    SolutionCenter
    Sonic Activation Module
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    Status
    Symantec Endpoint Protection
    Symantec Technical Support Web Controls
    System Requirements Lab
    The Sims 2 Open For Business
    The Sims 2 University
    The Sims™ 2 Deluxe
    The Sims™ 2 FreeTime
    The Sims™ 2 Seasons
    TrayApp
    Uniblue Registry Booster
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Outlook 2007 Junk Email Filter (kb968503)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    URL Assistant
    VC80CRTRedist - 8.0.50727.762
    VDMSound 2.0.4
    Verizon Online Help & Support
    Verizon Yahoo! Applications
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Warcraft III
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WebReg
    Windows Desktop Search
    Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Favorites for Windows Live Toolbar
    Windows Live installer
    Windows Live OneCare safety scanner
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WinUAE 1.4.2
    Yahoo! Browser Services
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    5/31/2009 4:01:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
    5/27/2009 6:14:06 PM, error: Service Control Manager [7000] - The MSSQL$MICROSOFTSMLBIZ service failed to start due to the following error: The system cannot find the path specified.
    5/27/2009 3:46:02 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
    5/27/2009 1:27:45 PM, error: SRTSP [4] - Error loading virus definitions.

    ==== End Of File ===========================

  7. #17
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    DDS::
    BHO: 1 (0x1) - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log & a fresh dds.txt file. What kind of odd files external drive contains? Which drive letter does it use? Just asking so that we can create a batch file to track those down.


    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #18
    Member
    Join Date
    Oct 2008
    Location
    New York
    Posts
    58

    Default

    ComboFix asked me if I wanted to update to a newer v of combofix, I chose no.

    Windows has been asking to install some updates, I have been putting that off until we are finished.

    Combofix detected Symantec running, i disabled the auto protect (which, infuriously, keeps coming back on it's own) but every other Symantec process says it is disabled.

    In my flash drive there is: "RECYCLER" location is F drive, all the same data as my desktop recycle bin. Right now my recycle bin is empty, when it wasn't, they both had the same stuff in it, when I delete it from the desktop bin, those items are deleted from the one in the flash drive simultaneously. Set to read only.

    DRMv1PM.lic is another file, located on F drive, set to archive.

    WMPInfo.xml is the third, located on F drive, set to read only and hidden.

    Then there is the autorun.inf file that flash disinfect put there.

    Here is ComboFix, DDS, and Attach

    ComboFix 09-05-31.02 - Alexa 06/01/2009 14:17.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.226 [GMT -4:00]
    Running from: c:\documents and settings\Alexa\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Alexa\Desktop\CFScript.txt
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .

    ((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
    .

    2009-05-30 01:52 . 2009-05-30 01:52 -------- d-sh--w- c:\documents and settings\Alexa\UserData
    2009-05-28 22:28 . 2009-05-28 20:18 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2009-05-28 20:18 . 2009-05-28 20:17 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-05-28 20:18 . 2009-05-28 20:18 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
    2009-05-28 20:18 . 2009-05-28 20:18 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
    2009-05-28 20:18 . 2009-05-28 20:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
    2009-05-28 20:18 . 2009-05-28 20:18 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2009-05-28 20:18 . 2009-05-28 20:18 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2009-05-28 20:18 . 2009-05-28 20:18 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2009-05-28 20:18 . 2009-05-28 20:18 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
    2009-05-28 20:17 . 2009-05-28 20:17 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
    2009-05-28 20:17 . 2009-05-28 20:17 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
    2009-05-28 20:17 . 2009-05-28 20:17 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
    2009-05-28 20:17 . 2009-05-28 20:17 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
    2009-05-28 20:17 . 2009-05-28 20:17 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2009-05-28 20:17 . 2009-05-28 20:17 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2009-05-28 20:17 . 2009-05-28 20:17 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2009-05-28 20:17 . 2009-05-28 20:17 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2009-05-28 20:17 . 2009-05-28 20:17 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
    2009-05-28 20:17 . 2009-05-28 20:17 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2009-05-28 20:17 . 2009-05-28 20:17 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2009-05-28 20:10 . 2009-05-28 20:10 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-05-28 20:10 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
    2009-05-28 20:10 . 2009-05-28 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-05-27 22:33 . 2009-05-27 22:33 -------- d-----w- c:\program files\ERUNT
    2009-05-09 00:40 . 2009-05-09 00:40 127877 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\uninstall.exe
    2009-05-09 00:39 . 2009-05-09 00:40 1685856 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-29 22:31 . 2008-09-27 03:34 -------- d-----w- c:\documents and settings\Alexa\Application Data\Move Networks
    2009-05-28 20:10 . 2006-07-29 02:25 -------- d-----w- c:\program files\Lavasoft
    2009-05-28 20:01 . 2006-06-15 19:13 -------- d-----w- c:\program files\Common Files\Adobe
    2009-05-28 19:58 . 2006-06-09 23:17 -------- d-----w- c:\program files\Java
    2009-05-15 22:57 . 2007-11-29 19:25 -------- d-----w- c:\program files\EA GAMES
    2009-05-13 07:05 . 2008-02-14 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-05-12 01:26 . 2006-12-14 22:48 -------- d-----w- c:\program files\Diablo II
    2009-05-09 00:40 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\plugins\npqmp071500000347.dll
    2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Alexa\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
    2009-05-01 00:35 . 2007-07-06 19:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-05-01 00:34 . 2007-07-07 03:58 16 ----a-w- c:\windows\popcinfo.dat
    2009-04-06 23:16 . 2006-06-09 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2009-04-06 23:14 . 2006-06-09 23:25 -------- d-----w- c:\program files\Symantec
    2009-04-06 23:14 . 2009-01-22 11:41 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2009-04-06 23:14 . 2009-01-22 11:41 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2009-04-06 23:14 . 2009-01-22 11:41 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-06 23:14 . 2009-01-22 11:41 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-06 23:12 . 2006-06-09 23:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-04-06 22:38 . 2006-07-29 01:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-04-03 21:26 . 2009-04-03 21:26 152576 ----a-w- c:\documents and settings\Alexa\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-03-28 02:06 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2009-03-13 22:01 . 2008-04-16 18:59 149768 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
    2009-03-12 19:50 . 2009-03-12 19:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.51\SetupAdmin.exe
    2009-03-11 17:02 . 2009-03-11 17:02 503808 ----a-w- c:\documents and settings\Alexa\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-701f446b-n\msvcp71.dll
    2009-03-11 17:02 . 2009-03-11 17:02 499712 ----a-w- c:\documents and settings\Alexa\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-701f446b-n\jmc.dll
    2009-03-11 17:02 . 2009-03-11 17:02 348160 ----a-w- c:\documents and settings\Alexa\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-701f446b-n\msvcr71.dll
    2009-03-11 16:59 . 2009-03-11 16:59 152576 ----a-w- c:\documents and settings\Alexa\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
    2009-03-09 09:19 . 2008-11-05 18:29 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-03-06 14:22 . 2004-08-11 21:00 284160 ----a-w- c:\windows\system32\pdh.dll
    2009-03-06 13:38 . 2009-03-06 07:37 34 ----a-w- c:\documents and settings\Alexa\jagex_runescape_preferences.dat
    2007-07-19 01:40 . 2006-10-17 00:58 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-10-18 19:07 . 2006-07-20 21:53 88 --sh--r- c:\windows\system32\2CEAF28523.sys
    2007-10-18 19:07 . 2006-07-20 21:53 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "hplampc"="c:\windows\system32\hplampc.exe" [2002-01-17 40448]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
    "medicsp2"="c:\program files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 198184]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-28 198160]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
    "NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-05-16 86016]

    c:\documents and settings\Alexa\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-25 113664]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-9 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
    Windows Desktop Search.lnk.disabled [2007-10-19 1781]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    "wave"= serwvdrv.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^Alexa^Start Menu^Programs^Startup^Microsoft Office Groove.lnk.disabled]
    path=c:\documents and settings\Alexa\Start Menu\Programs\Startup\Microsoft Office Groove.lnk.disabled
    backup=c:\windows\pss\Microsoft Office Groove.lnk.disabledStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "MSKDetectorExe"=c:\program files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "nwiz"=nwiz.exe /install
    "PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Converter 4\\RegistryController.exe"
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\Smc.exe"=
    "c:\\Program Files\\Symantec Client Security\\Symantec AntiVirus\\SNAC.EXE"=
    "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-28 1005904]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
    R3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\DRIVERS\hp4200c.sys [2001-02-18 9312]
    R3 tcpip_patcher;tcpip_patcher;c:\program files\Ares\tcpip_patcher.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-28 64160]
    S2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 202280]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - AFD
    *Deregistered* - ALG
    *Deregistered* - Apple Mobile Device
    *Deregistered* - ASPI32
    *Deregistered* - AudioSrv
    *Deregistered* - audstub
    *Deregistered* - Beep
    *Deregistered* - BITS
    *Deregistered* - Bonjour Service
    *Deregistered* - Browser
    *Deregistered* - ccEvtMgr
    *Deregistered* - ccSetMgr
    *Deregistered* - Cdfs
    *Deregistered* - COH_Mon
    *Deregistered* - CryptSvc
    *Deregistered* - DcomLaunch
    *Deregistered* - Dhcp
    *Deregistered* - DLABOIOM
    *Deregistered* - DLADResN
    *Deregistered* - DLAIFS_M
    *Deregistered* - DLAOPIOM
    *Deregistered* - DLAPoolM
    *Deregistered* - DLARTL_N
    *Deregistered* - DLAUDF_M
    *Deregistered* - DLAUDFAM
    *Deregistered* - dmio
    *Deregistered* - dmload
    *Deregistered* - dmserver
    *Deregistered* - Dnscache
    *Deregistered* - DRVNDDM
    *Deregistered* - eeCtrl
    *Deregistered* - EraserUtilRebootDrv
    *Deregistered* - ERSvc
    *Deregistered* - EventSystem
    *Deregistered* - Fastfat
    *Deregistered* - FastUserSwitchingCompatibility
    *Deregistered* - Fax
    *Deregistered* - Fips
    *Deregistered* - FltMgr
    *Deregistered* - Ftdisk
    *Deregistered* - Gpc
    *Deregistered* - helpsvc
    *Deregistered* - HidServ
    *Deregistered* - HTTP
    *Deregistered* - i2omgmt
    *Deregistered* - ImapiService
    *Deregistered* - IntelIde
    *Deregistered* - IpNat
    *Deregistered* - iPod Service
    *Deregistered* - IPSec
    *Deregistered* - JavaQuickStarterService
    *Deregistered* - Kbdclass
    *Deregistered* - KSecDD
    *Deregistered* - lanmanserver
    *Deregistered* - lanmanworkstation
    *Deregistered* - Lavasoft Ad-Aware Service
    *Deregistered* - Lbd
    *Deregistered* - LiveUpdate
    *Deregistered* - LmHosts
    *Deregistered* - MDM
    *Deregistered* - mdmxsdk
    *Deregistered* - mnmdd
    *Deregistered* - Mouclass
    *Deregistered* - MountMgr
    *Deregistered* - MRxDAV
    *Deregistered* - MRxSmb
    *Deregistered* - Msfs
    *Deregistered* - mssmbios
    *Deregistered* - Mup
    *Deregistered* - NAVENG
    *Deregistered* - NAVEX15
    *Deregistered* - NDIS
    *Deregistered* - NdisTapi
    *Deregistered* - Ndisuio
    *Deregistered* - NdisWan
    *Deregistered* - NDProxy
    *Deregistered* - NetBIOS
    *Deregistered* - NetBT
    *Deregistered* - Netman
    *Deregistered* - Nla
    *Deregistered* - Npfs
    *Deregistered* - Ntfs
    *Deregistered* - Null
    *Deregistered* - NVSvc
    *Deregistered* - ose
    *Deregistered* - PartMgr
    *Deregistered* - PolicyAgent
    *Deregistered* - PptpMiniport
    *Deregistered* - ProtectedStorage
    *Deregistered* - PSched
    *Deregistered* - RasAcd
    *Deregistered* - Rasl2tp
    *Deregistered* - RasMan
    *Deregistered* - RasPppoe
    *Deregistered* - Raspti
    *Deregistered* - Rdbss
    *Deregistered* - RDPCDD
    *Deregistered* - rdpdr
    *Deregistered* - RpcSs
    *Deregistered* - SamSs
    *Deregistered* - Schedule
    *Deregistered* - seclogon
    *Deregistered* - SENS
    *Deregistered* - SharedAccess
    *Deregistered* - ShellHWDetection
    *Deregistered* - SmcService
    *Deregistered* - SPBBCDrv
    *Deregistered* - Spooler
    *Deregistered* - sprtsvc_dellsupportcenter
    *Deregistered* - sprtsvc_medicsp2
    *Deregistered* - sr
    *Deregistered* - srservice
    *Deregistered* - SRTSP
    *Deregistered* - SRTSPX
    *Deregistered* - Srv
    *Deregistered* - SSDPSRV
    *Deregistered* - stisvc
    *Deregistered* - swenum
    *Deregistered* - Symantec AntiVirus
    *Deregistered* - SymEvent
    *Deregistered* - SYMREDRV
    *Deregistered* - SYMTDI
    *Deregistered* - TapiSrv
    *Deregistered* - Tcpip
    *Deregistered* - Teefer2
    *Deregistered* - TermService
    *Deregistered* - Themes
    *Deregistered* - tmcomm
    *Deregistered* - TrkWks
    *Deregistered* - Update
    *Deregistered* - VgaSave
    *Deregistered* - VolSnap
    *Deregistered* - w32time
    *Deregistered* - Wanarp
    *Deregistered* - WebClient
    *Deregistered* - winmgmt
    *Deregistered* - WmiApSrv
    *Deregistered* - WPS
    *Deregistered* - WpsHelper
    *Deregistered* - wscsvc
    *Deregistered* - wuauserv
    *Deregistered* - WZCSVC
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:17]

    2009-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2009-06-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://verizon.yahoo.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-01 14:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3740)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-06-01 14:50
    ComboFix-quarantined-files.txt 2009-06-01 18:50
    ComboFix2.txt 2009-05-31 20:38

    Pre-Run: 4,402,958,336 bytes free
    Post-Run: 4,474,146,816 bytes free

    358 --- E O F --- 2009-05-13 07:05



    DDS (Ver_09-05-14.01) - NTFSx86
    Run by Alexa at 16:40:10.53 on Mon 06/01/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.146 [GMT -4:00]

    AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Symantec\LiveUpdate\luall.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt96\spa.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Alexa\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://verizon.yahoo.com
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [hplampc] c:\windows\system32\hplampc.exe
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [medicsp2] c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    StartupFolder: c:\docume~1\alexa\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Windows Desktop Search.lnk.disabled
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\scansoft\pdf converter 4\cnvres_eng.dll /100
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170297346062
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h20264.www2.hp.com/ediags/hpfix/sj/en/check/xp/qdiagh.cab?326
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-28 64160]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-14 108392]
    R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2008-5-21 202280]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2008-9-11 2436536]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-4 101936]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090531.003\NAVENG.SYS [2009-5-31 89104]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090531.003\NAVEX15.SYS [2009-5-31 876144]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-4-16 23888]
    S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2008-4-30 9312]
    S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\ares\tcpip_patcher.sys --> c:\program files\ares\tcpip_patcher.sys [?]

    =============== Created Last 30 ================

    2009-05-31 15:57 161,792 a------- c:\windows\SWREG.exe
    2009-05-31 15:57 154,624 a------- c:\windows\PEV.exe
    2009-05-31 15:57 98,816 a------- c:\windows\sed.exe
    2009-05-29 21:52 <DIR> --dsh--- c:\documents and settings\alexa\UserData
    2009-05-29 18:12 <DIR> a-dshr-- C:\autorun.inf
    2009-05-28 18:28 15,688 a------- c:\windows\system32\lsdelete.exe
    2009-05-28 16:18 64,160 a------- c:\windows\system32\drivers\Lbd.sys
    2009-05-28 16:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

    ==================== Find3M ====================

    2009-04-06 19:14 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-04-06 19:14 60,800 a------- c:\windows\system32\S32EVNT1.DLL
    2009-04-06 19:14 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
    2009-04-06 19:14 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
    2009-03-27 22:06 348,160 a------- c:\windows\system32\msvcr71.dll
    2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
    2009-03-10 22:18 934,792 a------- c:\windows\system32\dllcache\WgaTray.exe
    2009-03-10 22:18 239,496 a------- c:\windows\system32\dllcache\wgaLogon.dll
    2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
    2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
    2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
    2009-03-06 09:38 34 a------- c:\documents and settings\alexa\jagex_runescape_preferences.dat
    2007-10-18 15:07 88 ---shr-- c:\windows\system32\2CEAF28523.sys
    2007-10-18 15:07 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
    2008-09-04 10:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

    ============= FINISH: 16:40:59.71 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-05-14.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/15/2006 3:01:26 PM
    System Uptime: 5/28/2009 10:06:03 PM (90 hours ago)

    Motherboard: Dell Inc. | | 0JC474
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 53 GiB total, 4.185 GiB free.
    D: is FIXED (NTFS) - 19 GiB total, 18.539 GiB free.
    E: is CDROM (CDFS)
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) 82915G/GV/910GL Express Chipset Family
    Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
    Manufacturer: Intel Corporation
    Name: Intel(R) 82915G/GV/910GL Express Chipset Family
    PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_01C41028&REV_04\3&172E68DD&0&10
    Service: ialm

    ==== System Restore Points ===================

    RP200: 5/15/2009 9:10:17 AM - System Checkpoint
    RP201: 5/16/2009 12:25:13 PM - System Checkpoint
    RP202: 5/17/2009 2:47:00 PM - System Checkpoint
    RP203: 5/18/2009 9:28:56 PM - System Checkpoint
    RP204: 5/19/2009 11:39:37 PM - System Checkpoint
    RP205: 5/21/2009 2:59:15 AM - System Checkpoint
    RP206: 5/22/2009 3:50:15 AM - System Checkpoint
    RP207: 5/23/2009 7:49:13 AM - System Checkpoint
    RP208: 5/24/2009 11:49:04 AM - System Checkpoint
    RP209: 5/25/2009 11:54:15 AM - System Checkpoint
    RP210: 5/26/2009 12:09:32 PM - System Checkpoint
    RP211: 5/27/2009 1:07:05 PM - System Checkpoint
    RP212: 5/28/2009 2:59:08 PM - System Checkpoint
    RP213: 5/28/2009 3:52:23 PM - Removed Adobe Reader 7.0.8
    RP214: 5/28/2009 3:55:53 PM - Removed J2SE Runtime Environment 5.0 Update 11
    RP215: 5/28/2009 3:56:44 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
    RP216: 5/28/2009 3:58:22 PM - Removed Java(TM) 6 Update 7
    RP217: 5/28/2009 4:00:28 PM - Installed Adobe Reader 9.1.
    RP218: 5/29/2009 4:36:27 PM - System Checkpoint
    RP219: 5/30/2009 5:38:54 PM - System Checkpoint
    RP220: 5/31/2009 10:10:27 PM - System Checkpoint

    ==== Installed Programs ======================


    2007 Microsoft Office Suite Service Pack 1 (SP1)
    7-Zip 4.64
    AAC Decoder
    Ad-Aware
    Ad-Aware SE Personal
    Adobe Acrobat 7.0 Professional
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player Plugin
    Adobe Photoshop 7.0
    Adobe Reader 9.1
    Adobe Shockwave Player 11.5
    AGEIA PhysX v7.11.13
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    Avid DVD Limited by Sonic
    Bejeweled 2 Deluxe
    Bonjour
    BufferChm
    CEP - Color Enable Package
    Championship Mah Jongg
    Character Builder Beta
    Conexant D850 56K V.9x DFVc Modem
    Critical Update for Windows Media Player 11 (KB959772)
    CustomerResearchQFolder
    Data Access Objects (DAO) 3.0
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Support Center (Support Software)
    Dell System Restore
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    Diablo II
    Digital Content Portal
    Digital Line Detect
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    Emperor: Rise of the Middle Kingdom
    ERUNT 1.1j
    eSupportQFolder
    FLV Player 1.3.3
    Font Creator Program 3.0
    Form Fill (Windows Live Toolbar)
    GdiplusUpgrade
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Video Player
    GRE POWERPREP
    H.264 Decoder
    High Definition Audio Driver Package - KB835221
    Highlight Viewer (Windows Live Toolbar)
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HP Deskjet 3900 series
    HP Extended Capabilities 5.0
    HP Imaging Device Functions 5.0
    HP Photosmart Essential
    HP Product Detection
    HP Solution Center & Imaging Support Tools 5.0
    HP Update
    HPDeskjet3900Series
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    ISI ResearchSoft - Export Helper
    iTunes
    Java(TM) 6 Update 13
    LiveReg (Symantec Corporation)
    LiveUpdate 3.3 (Symantec Corporation)
    Macromedia Shockwave Player
    Map Button (Windows Live Toolbar)
    MarketResearch
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office Access 2003 Runtime
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Web Components
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Theme Nunavut
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft XML Parser
    MKV Splitter
    Modem Helper
    Move Media Player
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    Netflix Movie Viewer
    NetWaiting
    NVIDIA Drivers
    PC Connectivity Solution
    PhotoRecall Deluxe
    QuickTime
    RealPlayer
    Rhapsody Player Engine
    Road Runner Install
    Road Runner Medic 6.1
    Roxio DLA
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    Roxio Update Manager
    ScanSoft PDF Converter 4
    Search Assist
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB960003)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB959997)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Visio 2007 (KB947590)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Sid Meier's Civilization 4
    Sid Meier's Pirates!
    Smart Menus (Windows Live Toolbar)
    SolutionCenter
    Sonic Activation Module
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    Status
    Symantec Endpoint Protection
    Symantec Technical Support Web Controls
    System Requirements Lab
    The Sims 2 Open For Business
    The Sims 2 University
    The Sims™ 2 Deluxe
    The Sims™ 2 FreeTime
    The Sims™ 2 Seasons
    TrayApp
    Uniblue Registry Booster
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Outlook 2007 Junk Email Filter (kb968503)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    URL Assistant
    VC80CRTRedist - 8.0.50727.762
    VDMSound 2.0.4
    Verizon Online Help & Support
    Verizon Yahoo! Applications
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Warcraft III
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WebReg
    Windows Desktop Search
    Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Favorites for Windows Live Toolbar
    Windows Live installer
    Windows Live OneCare safety scanner
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WinUAE 1.4.2
    Yahoo! Browser Services
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    5/31/2009 4:01:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
    5/27/2009 6:14:06 PM, error: Service Control Manager [7000] - The MSSQL$MICROSOFTSMLBIZ service failed to start due to the following error: The system cannot find the path specified.
    5/27/2009 3:46:02 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
    5/27/2009 1:27:45 PM, error: SRTSP [4] - Error loading virus definitions.

    ==== End Of File ===========================

  9. #19
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Both those files are related to DRM protection. Have you had any music files on that external drive?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  10. #20
    Member
    Join Date
    Oct 2008
    Location
    New York
    Posts
    58

    Default

    I don't think so, I don't remember ever trying to transport music on the flash drive, but it is possible I guess.

    So what about the Recycler? should that be there? and, like I said before, for the longest time I saw a autorun.inf file on the flash drive, not hidden, and I just assumed it was supposed to be there (I'm not talking about the one flash disinfector put there). My research on W32.SillyFDC virus suggested that it tends to come from infected flash drives.

    I guess my question is; am I infected or not? What is going on with my machine that you are aware of? What is the virus Symantec caught doing? I just want to know what is going on.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •