Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Explorer & Firefox redirected. Symantec can't update

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Explorer & Firefox redirected. Symantec can't update

Unread postby jdmackey » February 17th, 2009, 11:52 pm

I've been experiencing an increase in redirected websites for last few weeks. Also for last 3 weeks I've not been able to run Symantec's Live update successfully, nor any updates to virus, spyware file definitions of Spybot, Ad-Aware, etc. I have a small home network that is pass key protected and connect to internet through a wired router. Below is the HJT log file generated tonight. Any help would be greatly appreciated. Thanks! Danny

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:04 PM, on 2/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
H:\WINDOWS\System32\wbem\unsecapp.exe
H:\WINDOWS\System32\wbem\wmiprvse.exe
H:\WINDOWS\System32\alg.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Spyware Doctor\pctsAuxs.exe
H:\Program Files\Spyware Doctor\pctsSvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Iomega\AutoDisk\ADUserMon.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
H:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Spyware Doctor\pctsTray.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\TomTom HOME 2\HOMERunner.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] H:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DVDLauncher] "H:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "H:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "H:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-21-606747145-1614895754-725345543-1004\..\Run: [MSMSGS] "H:\Program Files\Messenger\MSMSGS.EXE" /background (User 'Danny')
O4 - HKUS\S-1-5-21-606747145-1614895754-725345543-1004\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe (User 'Danny')
O4 - HKUS\S-1-5-21-606747145-1614895754-725345543-1004\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Danny')
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0666581196
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0667475160
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - H:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - H:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 9615 bytes
jdmackey
Active Member
 
Posts: 7
Joined: February 17th, 2009, 11:32 pm
Advertisement
Register to Remove

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby dan12 » February 18th, 2009, 7:21 am

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby jdmackey » February 18th, 2009, 8:01 am

Hey Dan, Thanks for helping. I do have 4 accounts/users on this computer. Below is the list of programs you requested.

Active Disk
Ad-Aware
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
Application Mover
aquaplay
Bonjour
Broadcom Advanced Control Suite
Broadcom Driver Installer
Conexant D850 56K V.9x DFVc Modem
Dell GPS Navigation System
Dell ResourceCD
Dell Solution Center
DellTouch
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy CD Creator 5 Basic
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
hp instant support
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2100 series
hp psc 2100 series
hp psc 2100 series
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
InterVideo DeviceService
iTunes
Java(TM) 6 Update 12
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Movavi Video Converter 7
Mozilla Firefox (3.0.6)
MyDVD
Norton Internet Security
NVIDIA Display Driver
PowerDVD 5.7
PrintMaster Express
QuickTime
Readiris 7.5
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Spelling Dictionaries Support For Adobe Reader 8
Spyware Doctor 6.0
Symantec KB-DocID:2003093015493306
Theme Generator V2
TomTom HOME 2.5.2.60
TomTom Media Center 4.1.0.13 DEMO
TurboTax Deluxe 2007
Ulead DVD MovieFactory 6
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VC_MergeModuleToMSI
Vegas Movie Studio Platinum 9.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
jdmackey
Active Member
 
Posts: 7
Joined: February 17th, 2009, 11:32 pm

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby dan12 » February 18th, 2009, 12:11 pm

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.




  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

post the reports please :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby jdmackey » February 19th, 2009, 8:22 am

Below is the Gooredlog.txt

GooredFix v1.91 by jpshortstuff
Log created at 07:14 on 19/02/2009 running Option #1 (Administrater)
Firefox version 3.0.6 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="H:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="H:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="H:\Program Files\Java\jre6\lib\deploy\jqs\ff"

Below is the RSIT log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrater at 2009-02-19 07:19:16
Microsoft Windows XP Home Edition Service Pack 3
System drive H: has 138 GB (58%) free of 238 GB
Total RAM: 2047 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:28 AM, on 2/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
H:\WINDOWS\System32\wbem\unsecapp.exe
H:\WINDOWS\System32\wbem\wmiprvse.exe
H:\WINDOWS\System32\alg.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Spyware Doctor\pctsAuxs.exe
H:\Program Files\Spyware Doctor\pctsSvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Iomega\AutoDisk\ADUserMon.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
H:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Spyware Doctor\pctsTray.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\TomTom HOME 2\HOMERunner.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\Administrater\Desktop\RSIT.exe
H:\WINDOWS\System32\wbem\wmiprvse.exe
H:\Program Files\Trend Micro\HijackThis\Administrater.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] H:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DVDLauncher] "H:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "H:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "H:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-21-606747145-1614895754-725345543-1004\..\Run: [MSMSGS] "H:\Program Files\Messenger\MSMSGS.EXE" /background (User 'Danny')
O4 - HKUS\S-1-5-21-606747145-1614895754-725345543-1004\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe (User 'Danny')
O4 - HKUS\S-1-5-21-606747145-1614895754-725345543-1004\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Danny')
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0666581196
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0667475160
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - H:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - H:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 9714 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
H:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1209928282.job
H:\WINDOWS\tasks\User_Feed_Synchronization-{86F4DA44-40D9-43D7-9BE7-3E7AEE4717EE}.job
H:\WINDOWS\tasks\User_Feed_Synchronization-{9605280D-01FA-4D36-9322-8422FA5B165F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll [2009-01-28 340848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL [2009-01-28 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-18 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-18 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - H:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-18 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-14 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll [2009-01-28 340848]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-18 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=H:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]
"nwiz"=nwiz.exe /install []
"ADUserMon"=H:\Program Files\Iomega\AutoDisk\ADUserMon.exe [2002-09-24 147456]
"Adobe Photo Downloader"=H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"DVDLauncher"=H:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Ad-Watch"=H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-18 506712]
"QuickTime Task"=H:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=H:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"ISTray"=H:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"SunJavaUpdateSched"=H:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-02 68856]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"TomTomHOME.exe"=H:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-12-09 234856]

H:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - H:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Bonjour\mDNSResponder.exe"="H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"H:\Program Files\iTunes\iTunes.exe"="H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4820edc3-d9cc-11dd-99b6-0007e979f5e2}]
shell\AutoRun\command - D:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2009-02-19 07:19:16 ----D---- H:\rsit
2009-02-14 08:41:58 ----D---- H:\WINDOWS\Sun
2009-02-14 08:40:05 ----A---- H:\WINDOWS\system32\javaws.exe
2009-02-14 08:40:05 ----A---- H:\WINDOWS\system32\javaw.exe
2009-02-14 08:40:05 ----A---- H:\WINDOWS\system32\java.exe
2009-02-14 08:40:05 ----A---- H:\WINDOWS\system32\deploytk.dll
2009-02-14 08:39:39 ----D---- H:\Program Files\Java
2009-02-14 08:38:32 ----D---- H:\Documents and Settings\Administrater\Application Data\Sun
2009-02-14 08:05:51 ----AD---- H:\Documents and Settings\All Users\Application Data\TEMP
2009-02-14 08:05:39 ----D---- H:\Program Files\Spyware Doctor
2009-02-14 08:05:39 ----D---- H:\Documents and Settings\Administrater\Application Data\PC Tools
2009-02-11 22:38:59 ----D---- H:\Program Files\iPod
2009-02-11 22:38:57 ----D---- H:\Program Files\iTunes
2009-02-11 22:38:57 ----D---- H:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-11 22:23:20 ----D---- H:\Program Files\Bonjour
2009-02-11 22:22:01 ----D---- H:\Program Files\QuickTime
2009-01-29 20:52:52 ----A---- H:\WINDOWS\system32\lsdelete.exe
2009-01-29 07:28:07 ----HDC---- H:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-28 23:41:05 ----D---- H:\Program Files\Norton Support
2009-01-28 23:34:13 ----D---- H:\Program Files\Symantec
2009-01-28 23:34:13 ----A---- H:\WINDOWS\system32\S32EVNT1.DLL
2009-01-28 23:33:44 ----D---- H:\Program Files\Windows Sidebar
2009-01-28 23:33:44 ----D---- H:\Program Files\Norton Internet Security
2009-01-28 19:11:44 ----D---- H:\Program Files\Trend Micro
2009-01-25 15:58:45 ----D---- H:\Program Files\aquaplay
2009-01-22 07:15:03 ----D---- H:\Laptop Backup

======List of files/folders modified in the last 1 months======

2009-02-19 07:15:10 ----D---- H:\Program Files\Mozilla Firefox
2009-02-19 07:04:06 ----D---- H:\WINDOWS\Temp
2009-02-17 22:14:43 ----D---- H:\Documents and Settings\Administrater\Application Data\Apple Computer
2009-02-17 22:13:45 ----D---- H:\WINDOWS\system32\drivers
2009-02-17 22:13:43 ----HD---- H:\WINDOWS\inf
2009-02-17 10:45:05 ----D---- H:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-17 07:29:40 ----D---- H:\WINDOWS\Prefetch
2009-02-16 17:19:00 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-02-14 08:41:58 ----D---- H:\WINDOWS
2009-02-14 08:40:36 ----SHD---- H:\WINDOWS\Installer
2009-02-14 08:40:05 ----D---- H:\WINDOWS\system32
2009-02-14 08:39:39 ----D---- H:\Program Files
2009-02-14 08:06:55 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2009-02-11 23:12:37 ----D---- H:\WINDOWS\system32\CatRoot2
2009-02-11 22:38:59 ----D---- H:\Program Files\Common Files\Apple
2009-02-11 22:24:24 ----DC---- H:\WINDOWS\system32\DRVSTORE
2009-02-11 22:19:51 ----D---- H:\Program Files\Apple Software Update
2009-02-11 22:19:43 ----SD---- H:\WINDOWS\Tasks
2009-02-11 22:00:30 ----D---- H:\WINDOWS\network diagnostic
2009-02-09 06:59:32 ----D---- H:\WINDOWS\Minidump
2009-02-01 08:45:31 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-02-01 08:45:31 ----D---- H:\WINDOWS\system32\en-US
2009-02-01 08:45:30 ----D---- H:\WINDOWS\Media
2009-02-01 08:45:30 ----D---- H:\WINDOWS\Help
2009-02-01 08:45:30 ----D---- H:\Program Files\Internet Explorer
2009-02-01 08:44:27 ----D---- H:\WINDOWS\ie8updates
2009-02-01 08:41:42 ----RSD---- H:\WINDOWS\Fonts
2009-02-01 08:40:02 ----D---- H:\Program Files\Microsoft ActiveSync
2009-01-30 07:19:56 ----AC---- H:\WINDOWS\ntbtlog.txt
2009-01-29 07:35:53 ----D---- H:\Program Files\Lavasoft
2009-01-29 07:35:49 ----D---- H:\WINDOWS\WinSxS
2009-01-29 07:28:50 ----SHD---- H:\System Volume Information
2009-01-29 07:16:27 ----D---- H:\Program Files\Spybot - Search & Destroy
2009-01-29 07:16:15 ----D---- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-29 07:15:46 ----D---- H:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-28 23:34:13 ----D---- H:\Program Files\Common Files\Symantec Shared
2009-01-28 23:33:44 ----D---- H:\Documents and Settings\All Users\Application Data\Norton
2009-01-28 23:32:35 ----D---- H:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-01-28 23:32:07 ----D---- H:\Program Files\NortonInstaller
2009-01-28 21:39:44 ----A---- H:\WINDOWS\imsins.BAK
2009-01-28 21:36:10 ----D---- H:\WINDOWS\Registration
2009-01-28 21:34:07 ----D---- H:\Documents and Settings\All Users\Application Data\Symantec
2009-01-28 19:10:12 ----SHD---- H:\RECYCLER
2009-01-21 22:27:49 ----D---- H:\WINDOWS\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; \??\H:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; \??\H:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys []
R1 Cdr4_xp;Cdr4_xp; H:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-04-22 2432]
R1 Cdralw2k;Cdralw2k; H:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-04-22 2560]
R1 cdudf_xp;cdudf_xp; H:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 eeCtrl;Symantec Eraser Control driver; \??\H:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\H:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys []
R1 IKSysFlt;System Filter Driver; H:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; H:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; H:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; H:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OMCI;OMCI; H:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 pwd_2k;pwd_2k; H:\WINDOWS\system32\drivers\pwd_2k.sys [2007-06-23 143834]
R1 SRTSPX;SRTSPX; \??\H:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
R1 SYMTDI;SYMTDI; \??\H:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMTDI.SYS []
R1 UdfReadr_xp;UdfReadr_xp; H:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2007-06-23 206464]
R2 mdmxsdk;mdmxsdk; H:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 symlcbrd;symlcbrd; \??\H:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 v2imount;Symantec V2i Mount Driver; H:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-01-19 38112]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture; H:\WINDOWS\system32\drivers\aticxcap.sys [2003-04-08 188506]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3); H:\WINDOWS\system32\drivers\aticxtun.sys [2003-04-08 31003]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar; H:\WINDOWS\system32\drivers\aticxxbr.sys [2003-04-08 9882]
R3 dvd_2K;dvd_2K; H:\WINDOWS\system32\drivers\dvd_2K.sys [2007-06-23 25898]
R3 E100B;Intel(R) PRO Adapter Driver; H:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\H:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; H:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; H:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; H:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; H:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
R3 HSF_DP;HSF_DP; H:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; H:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 MODEMCSA;Unimodem Streaming Filter Device; H:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; H:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-03 12160]
R3 NAVENG;NAVENG; \??\H:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090210.038\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\H:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090210.038\NAVEX15.SYS []
R3 nv;nv; H:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 P16X;Creative SB Live! Series (WDM); H:\WINDOWS\system32\drivers\P16X.sys [2002-08-30 1293440]
R3 pfc;Padus ASPI Shell; H:\WINDOWS\system32\drivers\pfc.sys [2002-11-11 9856]
R3 SRTSP;SRTSP; \??\H:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
R3 SYMDNS;SYMDNS; \??\H:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; \??\H:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMFW.SYS []
R3 SYMIDS;SYMIDS; \??\H:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMIDS.SYS []
R3 SymIMMP;SymIMMP; H:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-01-28 35888]
R3 SYMNDIS;SYMNDIS; \??\H:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMNDIS.SYS []
R3 SYMREDRV;SYMREDRV; \??\H:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; H:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; H:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; H:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; H:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; H:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; H:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; H:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 CCDECODE;Closed Caption Decoder; H:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 mmc_2K;mmc_2K; H:\WINDOWS\system32\drivers\mmc_2K.sys [2007-06-23 30630]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; H:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; H:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; H:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NMSCFG;NIC Management Service Configuration Driver; \??\H:\WINDOWS\System32\drivers\NMSCFG.SYS []
S3 SLIP;BDA Slip De-Framer; H:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); H:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; H:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; H:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-01-28 35888]
S3 USBAAPL;Apple Mobile USB Driver; H:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbstor;USB Mass Storage Driver; H:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; H:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext Codec; H:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; H:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-21 168432]
R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; H:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 Norton Internet Security;Norton Internet Security; H:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-01-28 115560]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 sdAuxService;PC Tools Auxiliary Service; H:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; H:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 UleadBurningHelper;Ulead Burning Helper; H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-01-18 67056]
R3 iPod Service;iPod Service; H:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; H:\Program Files\Iomega\AutoDisk\ADService.exe [2002-09-24 151552]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 NMSSvc;Intel(R) NMS; H:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
S3 Pml Driver HPZ12;Pml Driver HPZ12; H:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 Symantec Core LC;Symantec Core LC; H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-05 1251720]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Capture Device Service;Capture Device Service; H:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2006-08-11 200704]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 Iomega App Services;Iomega App Services; H:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-02-19 07:19:31

======Uninstall list======

-->"H:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->H:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}\setup.exe" -l0x9 -L0x9anything
-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}\Setup.exe" -l0x9 -L0x9anything
-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
Active Disk-->H:\WINDOWS\unvise32.exe H:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware-->"H:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->H:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->H:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0-->H:\WINDOWS\ISUNINST.EXE -f"H:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"H:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks 4.0 Runtime - English-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Mover-->H:\Tools\AppMove\UNWISE.EXE H:\Tools\AppMove\INSTALL.LOG
aquaplay-->"H:\Program Files\aquaplay\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Advanced Control Suite-->H:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Broadcom Driver Installer-->H:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Conexant D850 56K V.9x DFVc Modem-->H:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell GPS Navigation System-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{3E3966CE-E4BD-434B-9585-EDF35B272FE3}\Setup.exe" -l0x9
Dell ResourceCD-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellTouch-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{706D5382-7381-4680-9DD0-161832578252}\setup.exe"
DivX Codec-->H:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->H:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->H:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->H:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Google Toolbar for Internet Explorer-->"H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Updater-->"H:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"H:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"H:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"H:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"H:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"H:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp instant support-->H:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 2100 series-->H:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 2100 series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
hp psc 2100 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 2100 series
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Intel(R) PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"H:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"H:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"H:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"H:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Movavi Video Converter 7-->MsiExec.exe /I{AAD37EE3-50A7-45DB-97B9-1C8B900E9E8B}
Mozilla Firefox (3.0.6)-->H:\Program Files\Mozilla Firefox\uninstall\helper.exe
MyDVD-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\SETUP.EXE" -l0x9 -L0x9 /SMAINT
Norton Internet Security-->H:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.0.0.125\InstStub.exe /X
NVIDIA Display Driver-->H:\WINDOWS\System32\nvudisp.exe Uninstall H:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
PowerDVD 5.7-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PrintMaster Express-->H:\PROGRA~1\BRODER~1\PRINTM~1\UNWISE.EXE H:\PROGRA~1\BRODER~1\PRINTM~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Readiris 7.5-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB929969)-->"H:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"H:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"H:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"H:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"H:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"H:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"H:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"H:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"H:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"H:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"H:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"H:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"H:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"H:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"H:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"H:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"H:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"H:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"H:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"H:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"H:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"H:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"H:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"H:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"H:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"H:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"H:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"H:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"H:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"H:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"H:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"H:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"H:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"H:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"H:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"H:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"H:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"H:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"H:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"H:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"H:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"H:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"H:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"H:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"H:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spyware Doctor 6.0-->H:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Theme Generator V2-->MsiExec.exe /X{4FD05420-333C-4233-94A6-9759430D6C2A}
TomTom HOME 2.5.2.60-->H:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom Media Center 4.1.0.13 DEMO-->"H:\Program Files\TomTom Media Center\unins000.exe"
TurboTax Deluxe 2007-->H:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "H:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
Ulead DVD MovieFactory 6-->H:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
Update for Windows XP (KB951072-v2)-->"H:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"H:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"H:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Vegas Movie Studio Platinum 9.0-->MsiExec.exe /X{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->H:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Media Format 11 runtime-->"H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"H:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"H:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"H:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O23 - Service: Iomega App Services - Iomega Corporation - H:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Capture Device Service - InterVideo Inc. - H:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
R3 - Default URLSearchHook is missing
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - H:\Program Files\Iomega\AutoDisk\ADService.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

======Security center information======

AV: Norton Internet Security (outdated)
FW: Norton Internet Security

System event log

Computer Name: DELL4550
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 49165
Source Name: Service Control Manager
Time Written: 20090128213629.000000-300
Event Type: error
User:

Computer Name: DELL4550
Event Code: 7036
Message: The Application Management service entered the stopped state.

Record Number: 49164
Source Name: Service Control Manager
Time Written: 20090128213629.000000-300
Event Type: information
User:

Computer Name: DELL4550
Event Code: 7035
Message: The Application Management service was successfully sent a start control.

Record Number: 49163
Source Name: Service Control Manager
Time Written: 20090128213629.000000-300
Event Type: information
User: DELL4550\Administrater

Computer Name: DELL4550
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 49162
Source Name: Service Control Manager
Time Written: 20090128213629.000000-300
Event Type: error
User:

Computer Name: DELL4550
Event Code: 7036
Message: The Application Management service entered the stopped state.

Record Number: 49161
Source Name: Service Control Manager
Time Written: 20090128213629.000000-300
Event Type: information
User:

Application event log

Computer Name: DELL4550
Event Code: 101
Message:
Record Number: 15154
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090125064116.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DELL4550
Event Code: 101
Message:
Record Number: 15153
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090125064116.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DELL4550
Event Code: 101
Message:
Record Number: 15152
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090125064058.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DELL4550
Event Code: 101
Message:
Record Number: 15151
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090125024726.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DELL4550
Event Code: 101
Message:
Record Number: 15150
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090125024726.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Security event log

Computer Name: DELL4550
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: Winlogon\MSGina

Record Number: 294211
Source Name: Security
Time Written: 20090214074536.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: DELL4550
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: Winlogon

Record Number: 294210
Source Name: Security
Time Written: 20090214074536.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: DELL4550
Event Code: 538
Message: User Logoff:

User Name: Administrater

Domain: DELL4550

Logon ID: (0x0,0x1C65C1E)

Logon Type: 2


Record Number: 294209
Source Name: Security
Time Written: 20090214074535.000000-300
Event Type: audit success
User: DELL4550\Administrater

Computer Name: DELL4550
Event Code: 683
Message: Session disconnected from winstation:

User Name: Danny

Domain: DELL4550

Logon ID: (0x0,0xDC639B)

Session Name: Console

Client Name: Unknown

Client Address: Unknown

Record Number: 294208
Source Name: Security
Time Written: 20090214074534.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: DELL4550
Event Code: 576
Message: Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0x1C65C1E)

Privileges: SeChangeNotifyPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege

Record Number: 294207
Source Name: Security
Time Written: 20090214074533.000000-300
Event Type: audit success
User: DELL4550\Administrater

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;H:\Program Files\Sonic\MyDVD;H:\Program Files\Common Files\Adaptec Shared\System;H:\Program Files\Common Files\Ulead Systems\MPEG;H:\Program Files\TomTom Media Center\mplayer\codecs;H:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;H:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=H:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
jdmackey
Active Member
 
Posts: 7
Joined: February 17th, 2009, 11:32 pm

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby dan12 » February 19th, 2009, 1:42 pm

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby jdmackey » February 19th, 2009, 11:06 pm

Below is the Combofix.txt log file. Thanks for your help. I hope this works!

ComboFix 09-02-18.01 - Administrater 2009-02-19 21:49:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1654 [GMT -5:00]
Running from: h:\documents and settings\Administrater\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Autorun.inf
h:\program files\Mozilla Firefox\components\iamfamous.dll
h:\windows\system32\d3d8caps.dat
h:\windows\system32\drivers\fad.sys
h:\windows\system32\drivers\gaopdxbshcpmae.sys
h:\windows\system32\gaopdxvbbhghvb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-20 to 2009-02-20 )))))))))))))))))))))))))))))))
.

2009-02-19 07:19 . 2009-02-19 07:19 <DIR> d-------- H:\rsit
2009-02-14 08:41 . 2009-02-14 08:41 <DIR> d-------- h:\windows\Sun
2009-02-14 08:40 . 2009-02-14 08:39 410,984 --a------ h:\windows\system32\deploytk.dll
2009-02-14 08:40 . 2009-02-14 08:39 73,728 --a------ h:\windows\system32\javacpl.cpl
2009-02-14 08:39 . 2009-02-14 08:39 <DIR> d-------- h:\program files\Java
2009-02-14 08:05 . 2009-02-14 08:06 <DIR> d-------- h:\program files\Spyware Doctor
2009-02-14 08:05 . 2009-02-19 21:33 <DIR> d-a------ h:\documents and settings\All Users\Application Data\TEMP
2009-02-14 08:05 . 2009-02-14 08:05 <DIR> d-------- h:\documents and settings\Administrater\Application Data\PC Tools
2009-02-14 08:05 . 2008-08-25 12:36 81,288 --a------ h:\windows\system32\drivers\iksyssec.sys
2009-02-14 08:05 . 2008-08-25 12:36 66,952 --a------ h:\windows\system32\drivers\iksysflt.sys
2009-02-14 08:05 . 2008-08-25 12:36 40,840 --a------ h:\windows\system32\drivers\ikfilesec.sys
2009-02-14 08:05 . 2008-06-02 16:19 29,576 --a------ h:\windows\system32\drivers\kcom.sys
2009-02-11 22:38 . 2009-02-11 22:39 <DIR> d-------- h:\program files\iTunes
2009-02-11 22:38 . 2009-02-11 22:38 <DIR> d-------- h:\program files\iPod
2009-02-11 22:38 . 2009-02-11 22:39 <DIR> d-------- h:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-11 22:23 . 2009-02-11 22:23 <DIR> d-------- h:\program files\Bonjour
2009-02-11 22:22 . 2009-02-11 22:22 <DIR> d-------- h:\program files\QuickTime
2009-02-11 22:18 . 2008-11-07 14:23 32,000 --a------ h:\windows\system32\drivers\usbaapl.sys
2009-01-29 20:52 . 2009-01-18 16:35 15,688 --a------ h:\windows\system32\lsdelete.exe
2009-01-29 07:36 . 2009-01-18 16:30 64,160 --a------ h:\windows\system32\drivers\Lbd.sys
2009-01-29 07:28 . 2009-01-29 07:35 <DIR> d--h-c--- h:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-28 23:44 . 2009-01-28 23:44 <DIR> d--hs---- h:\documents and settings\Danny\PrivacIE
2009-01-28 23:41 . 2009-01-28 23:41 <DIR> d-------- h:\program files\Norton Support
2009-01-28 23:36 . 2009-01-28 23:34 35,888 -ra------ h:\windows\system32\drivers\SymIM.sys
2009-01-28 23:34 . 2009-01-28 23:34 <DIR> d-------- h:\program files\Symantec
2009-01-28 23:34 . 2009-01-28 23:34 124,464 --a------ h:\windows\system32\drivers\SYMEVENT.SYS
2009-01-28 23:34 . 2009-01-28 23:34 60,808 --a------ h:\windows\system32\S32EVNT1.DLL
2009-01-28 23:34 . 2009-01-28 23:34 10,635 --a------ h:\windows\system32\drivers\SYMEVENT.CAT
2009-01-28 23:34 . 2009-01-28 23:34 806 --a------ h:\windows\system32\drivers\SYMEVENT.INF
2009-01-28 23:33 . 2009-01-28 23:33 <DIR> d-------- h:\windows\system32\drivers\NIS
2009-01-28 23:33 . 2009-01-28 23:33 <DIR> d-------- h:\program files\Windows Sidebar
2009-01-28 23:33 . 2009-01-28 23:33 <DIR> d-------- h:\program files\Norton Internet Security
2009-01-28 19:11 . 2009-01-28 19:11 <DIR> d-------- h:\program files\Trend Micro
2009-01-25 15:58 . 2009-01-25 15:58 <DIR> d-------- h:\program files\aquaplay
2009-01-22 07:15 . 2009-01-22 07:18 <DIR> d-------- H:\Laptop Backup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 17:45 --------- d-----w h:\documents and settings\All Users\Application Data\Google Updater
2009-02-18 03:14 --------- d-----w h:\documents and settings\Administrater\Application Data\Apple Computer
2009-02-12 03:38 --------- d-----w h:\program files\Common Files\Apple
2009-02-12 03:19 --------- d-----w h:\program files\Apple Software Update
2009-02-01 13:40 --------- d-----w h:\program files\Microsoft ActiveSync
2009-01-29 12:35 --------- d-----w h:\program files\Lavasoft
2009-01-29 12:16 --------- d-----w h:\program files\Spybot - Search & Destroy
2009-01-29 12:16 --------- d-----w h:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-29 12:15 --------- d-----w h:\documents and settings\All Users\Application Data\Lavasoft
2009-01-29 04:34 --------- d-----w h:\program files\Common Files\Symantec Shared
2009-01-29 04:33 --------- d-----w h:\documents and settings\All Users\Application Data\Norton
2009-01-29 04:32 --------- d-----w h:\program files\NortonInstaller
2009-01-29 04:32 --------- d-----w h:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-29 02:34 --------- d-----w h:\documents and settings\All Users\Application Data\Symantec
2009-01-18 13:21 --------- d-----w h:\program files\Google
2009-01-16 12:36 --------- d-----w h:\program files\TomTom Media Center
2009-01-06 02:53 --------- d-----w h:\documents and settings\All Users\Application Data\TomTom
2009-01-06 02:53 --------- d-----w h:\documents and settings\Administrater\Application Data\TomTom
2009-01-06 02:52 --------- d-----w h:\program files\TomTom HOME 2
2009-01-06 02:51 --------- d-----w h:\program files\TomTom DesktopSuite
2009-01-05 01:43 --------- d-----w h:\documents and settings\Administrater\Application Data\Lavasoft
2009-01-04 23:38 --------- d-----w h:\documents and settings\Administrater\Application Data\Sony
2009-01-04 23:19 --------- d-----w h:\documents and settings\Administrater\Application Data\Publish Providers
2009-01-04 14:58 --------- d-----w h:\program files\Vstplugins
2009-01-04 14:58 --------- d-----w h:\documents and settings\All Users\Application Data\Sony
2009-01-04 14:57 --------- d-----w h:\program files\Sony
2009-01-03 19:14 --------- d-----w h:\program files\Dell
2008-12-30 03:53 --------- d-----w h:\program files\DivX
2008-11-21 21:47 524,288 ----a-w h:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w h:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w h:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w h:\windows\system32\libdivx.dll
2008-11-21 21:45 823,296 ----a-w h:\windows\system32\divx_xx0c.dll
2008-11-21 21:45 823,296 ----a-w h:\windows\system32\divx_xx07.dll
2008-11-21 21:45 815,104 ----a-w h:\windows\system32\divx_xx0a.dll
2008-11-21 21:45 81,920 ----a-w h:\windows\system32\dpl100.dll
2008-11-21 21:45 802,816 ----a-w h:\windows\system32\divx_xx11.dll
2008-11-21 21:45 593,920 ----a-w h:\windows\system32\dpuGUI11.dll
2008-11-21 21:45 57,344 ----a-w h:\windows\system32\dpv11.dll
2008-11-21 21:45 53,248 ----a-w h:\windows\system32\dpuGUI10.dll
2008-11-21 21:45 344,064 ----a-w h:\windows\system32\dpus11.dll
2008-11-21 21:45 294,912 ----a-w h:\windows\system32\dpu11.dll
2008-11-21 21:45 294,912 ----a-w h:\windows\system32\dpu10.dll
2008-11-21 21:45 196,608 ----a-w h:\windows\system32\dtu100.dll
2008-11-21 21:44 161,096 ----a-w h:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w h:\windows\system32\DivXWMPExtType.dll
2008-08-19 20:49 32,768 --sha-w h:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 68856]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TomTomHOME.exe"="h:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="h:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"ADUserMon"="h:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Adobe Photo Downloader"="h:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DVDLauncher"="h:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Ad-Watch"="h:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-02-14 148888]
"nwiz"="nwiz.exe" [2003-10-06 h:\windows\system32\nwiz.exe]

h:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - h:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= h:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;h:\windows\system32\drivers\Lbd.sys [2009-01-29 64160]
R0 SymEFA;Symantec Extended File Attributes;h:\windows\system32\drivers\NIS\1000000.07D\SymEFA.sys [2009-01-28 309296]
R1 BHDrvx86;Symantec Heuristics Driver;h:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2009-01-28 254512]
R1 ccHP;Symantec Hash Provider;h:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2009-01-28 362544]
R1 IDSxpx86;IDSxpx86;h:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-01-28 274808]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R2 Norton Internet Security;Norton Internet Security;h:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [2009-01-28 115560]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;h:\windows\system32\drivers\aticxcap.sys [2007-05-31 188506]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);h:\windows\system32\drivers\aticxtun.sys [2007-05-31 31003]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;h:\windows\system32\drivers\aticxxbr.sys [2007-05-31 9882]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;h:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-09 99376]
S3 sdAuxService;PC Tools Auxiliary Service;h:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-14 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4820edc3-d9cc-11dd-99b6-0007e979f5e2}]
\Shell\AutoRun\command - D:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-19 h:\windows\Tasks\Ad-Aware Update (Weekly).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]

2008-08-19 h:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1209928282.job
- h:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2009-02-19 h:\windows\Tasks\User_Feed_Synchronization-{86F4DA44-40D9-43D7-9BE7-3E7AEE4717EE}.job
- h:\windows\system32\msfeedssync.exe [2006-10-17 13:58]

2009-02-20 h:\windows\Tasks\User_Feed_Synchronization-{9605280D-01FA-4D36-9322-8422FA5B165F}.job
- h:\windows\system32\msfeedssync.exe [2006-10-17 13:58]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: DirectAnimation Java Classes - file://h:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://h:\windows\Java\classes\xmldso.cab
FF - ProfilePath - h:\documents and settings\Administrater\Application Data\Mozilla\Firefox\Profiles\3lg7z5cj.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/
FF - component: h:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: h:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: h:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 21:53:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"h:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"h:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2009-02-19 21:55:12
ComboFix-quarantined-files.txt 2009-02-20 02:55:05

Pre-Run: 148,869,242,880 bytes free
Post-Run: 149,729,599,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

210 --- E O F --- 2009-01-14 08:02:27

Below is the Hijackthis.log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:15 PM, on 2/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\notepad.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] H:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DVDLauncher] "H:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "H:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0666581196
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0667475160
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - H:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - H:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - H:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 8102 bytes
jdmackey
Active Member
 
Posts: 7
Joined: February 17th, 2009, 11:32 pm

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby dan12 » February 20th, 2009, 1:09 am

So far so good!

: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt



Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Post reports and a fresh HJT log
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby jdmackey » February 21st, 2009, 12:22 pm

Below is the Malware log file

Malwarebytes' Anti-Malware 1.34
Database version: 1780
Windows 5.1.2600 Service Pack 3

2/21/2009 7:48:34 AM
mbam-log-2009-02-21 (07-48-34).txt

Scan type: Full Scan (H:\|)
Objects scanned: 170808
Time elapsed: 45 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
H:\Program Files\aquaplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
H:\Documents and Settings\Administrater\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
H:\Program Files\aquaplay\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:\Qoobox\Quarantine\H\WINDOWS\system32\gaopdxvbbhghvb.dll.vir (Trojan.DNSChanger) -> Quarantined and deleted successfully.
H:\Documents and Settings\Administrater\Start Menu\Programs\aquaplay\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.

The Kaspersky scan log was empty nothing to report

Below is the final HJT log file


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:19 AM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
H:\Program Files\Iomega\AutoDisk\ADUserMon.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
H:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\TomTom HOME 2\HOMERunner.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Java\jre6\bin\java.exe
H:\Documents and Settings\Administrater\Local Settings\temp\jkos-Administrater\binaries\ScanningProcess.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
F2 - REG:system.ini: UserInit=H:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ADUserMon] H:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DVDLauncher] "H:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "H:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0666581196
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0667475160
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - H:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - H:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - H:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - H:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - H:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 8682 bytes
jdmackey
Active Member
 
Posts: 7
Joined: February 17th, 2009, 11:32 pm

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby dan12 » February 21st, 2009, 1:47 pm

Looks pretty good :) How are things that end before we cleanup tools used?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby jdmackey » February 21st, 2009, 9:26 pm

Things seem to working like normal. I can update the file definitions for Norton, Ad-Aware, Spybot, etc. Thanks so much for your help!

I've been using Lavasoft's Ad-Aware and Spybot in addition to Norton Internet Security. I'm curious as to what programs you'd recommend.
jdmackey
Active Member
 
Posts: 7
Joined: February 17th, 2009, 11:32 pm

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby dan12 » February 21st, 2009, 11:59 pm

I will out line some programs to help with future security n my closing speech.

Ok, let's tidy a few tools up.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

You can remove these.
GooredFix v1.91
C:\RSIT < This folder

let me know when done.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby jdmackey » February 22nd, 2009, 12:37 am

Done
jdmackey
Active Member
 
Posts: 7
Joined: February 17th, 2009, 11:32 pm

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby dan12 » February 22nd, 2009, 12:39 am

Well done!
You don't need to put all of these programs on your system unlike your Antivirus and firewall of which you can only have one of each.
However you can have several Antimalware programs

Congratulations you are clean! :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Create a new System Restore Point
This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Find here changes from older version 1.4 here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article here

Read some information here how to prevent Malware.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions.

>> Here << you can see how you can help us.

Happy safe surfing!

Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Explorer & Firefox redirected. Symantec can't update

Unread postby NonSuch » February 27th, 2009, 2:03 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware