Free Malware Removal Forum

[dan12]

Ok, don't worry,we will address it another way.

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
• If you need help to disable your protection programs see here.
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

[lando2000]

Combofix Log:

ComboFix 09-03-29.02 - Landon 2009-03-29 17:16:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.493 [GMT -7:00]
Running from: c:\documents and settings\Landon\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Landon\LOCALS~1\Temp\tmp2.tmp
c:\windows\system32\drivers\gaopdxwmdbymsnswwkthxxnkjppbvdvymggwqp.sys

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-29 03:51 . 2009-03-29 04:06 <DIR> d-------- C:\RootRepeal
2009-03-29 03:00 . 2006-08-21 02:14 128,896 -----c--- c:\windows\system32\dllcache\fltmgr.sys
2009-03-29 03:00 . 2006-08-21 02:14 23,040 -----c--- c:\windows\system32\dllcache\fltmc.exe
2009-03-29 03:00 . 2006-08-21 05:21 16,896 -----c--- c:\windows\system32\dllcache\fltlib.dll
2009-03-29 02:44 . 2007-07-09 06:09 584,192 -----c--- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-28 20:13 . 2009-03-28 20:13 <DIR> d-------- c:\documents and settings\Landon\Application Data\Malwarebytes
2009-03-27 13:48 . 2009-03-29 14:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 13:48 . 2009-03-27 13:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 13:48 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 13:48 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-24 01:28 . 2009-03-24 01:28 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-23 01:12 . 2009-03-25 15:44 <DIR> d-------- c:\program files\Autorun Eater
2009-03-22 18:11 . 2008-07-30 17:42 23,888 --a------ c:\windows\system32\drivers\COH_Mon.sys
2009-03-22 18:11 . 2008-07-30 17:28 10,537 --a------ c:\windows\system32\drivers\COH_Mon.cat
2009-03-22 18:11 . 2008-07-30 17:28 706 --a------ c:\windows\system32\drivers\COH_Mon.inf
2009-03-22 15:17 . 2009-03-22 18:14 <DIR> d-------- c:\program files\Norton Internet Security
2009-03-22 15:16 . 2009-03-25 00:48 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-22 15:16 . 2009-03-25 00:48 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-03-22 15:16 . 2009-03-25 00:48 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-22 15:16 . 2009-03-25 00:48 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-03-22 15:14 . 2009-03-25 00:48 <DIR> d-------- c:\program files\Symantec
2009-03-22 15:13 . 2009-03-29 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-03-22 15:12 . 2009-03-29 17:07 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-03-17 14:02 . 2009-03-17 14:02 <DIR> d-------- c:\program files\Common Files\GeoVid
2009-03-17 14:02 . 2009-03-17 14:02 <DIR> d-------- c:\documents and settings\Landon\Application Data\SkypeCap
2009-03-17 14:02 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax
2009-03-17 14:02 . 2005-06-07 15:11 60,416 --a------ c:\windows\system32\dsetup.dll
2009-03-14 17:36 . 2004-08-04 01:56 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-14 17:36 . 2004-08-04 01:56 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-03-14 17:36 . 2004-08-03 23:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-14 17:36 . 2004-08-03 23:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-03-13 01:00 . 2009-03-13 01:00 <DIR> dr------- c:\program files\Skype
2009-03-13 01:00 . 2009-03-27 22:45 <DIR> d-------- c:\documents and settings\Landon\Application Data\Skype
2009-03-13 01:00 . 2009-03-13 01:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2009-03-03 15:56 . 2009-03-03 16:39 <DIR> d-------- c:\program files\Yahoo SiteBuilder
2009-03-03 15:56 . 2009-03-24 01:28 <DIR> d-------- c:\program files\Java
2009-03-03 15:56 . 2009-03-24 01:28 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-03 15:54 . 2009-03-03 15:54 <DIR> d-------- c:\program files\Common Files\Java
2009-03-01 11:12 . 2009-03-01 11:12 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio
2009-03-01 11:12 . 2009-03-01 11:12 <DIR> d-------- c:\documents and settings\Landon\Application Data\Roxio
2009-02-25 03:41 . 2009-02-25 03:41 <DIR> d-------- c:\program files\MSXML 6.0
2009-02-25 03:31 . 2009-02-25 03:31 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-24 17:05 . 2009-03-13 13:10 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-24 16:54 . 2008-06-13 06:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-24 16:43 . 2008-08-14 03:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-24 16:43 . 2008-08-14 02:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-24 16:43 . 2008-08-14 02:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-24 16:43 . 2008-08-14 02:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-24 16:43 . 2009-02-09 03:19 1,846,272 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-24 16:42 . 2008-12-12 10:33 3,060,224 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-02-24 16:34 . 2008-10-24 04:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-24 16:34 . 2008-12-11 04:57 333,184 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-24 16:34 . 2008-05-01 07:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-02-24 16:33 . 2008-04-11 11:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-24 16:31 . 2008-09-04 09:42 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-02-24 16:31 . 2008-10-15 09:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-24 16:31 . 2008-10-03 03:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2009-02-24 16:20 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-24 16:20 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-24 16:20 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-23 17:20 . 2009-02-23 17:20 <DIR> d-------- c:\documents and settings\Landon\Application Data\SorensonMedia
2009-02-23 16:46 . 2009-02-23 16:46 <DIR> d-------- c:\program files\Sorenson Media
2009-02-23 16:35 . 2009-02-23 16:35 <DIR> d-------- c:\temp\Sorenson
2009-02-08 21:51 . 2009-02-08 21:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-04 23:23 . 2009-02-23 16:35 <DIR> d-------- C:\Temp
2009-02-04 23:22 . 2009-03-29 17:12 <DIR> d-------- c:\program files\lg_fwupdate
2009-02-04 23:22 . 2009-02-04 23:22 <DIR> d-------- c:\program files\Common Files\LightScribe
2009-02-04 23:22 . 1998-06-23 23:00 115,016 --a------ c:\windows\system32\MSINET.OCX
2009-02-04 23:22 . 1998-07-21 23:00 102,912 --a------ c:\windows\system32\Vb6stkit.dll
2009-02-04 23:22 . 1998-07-21 23:00 102,160 --a------ c:\windows\system32\VB6KO.DLL
2009-02-04 23:22 . 2006-02-17 13:19 16,384 --a------ c:\windows\system32\lgfwunis.exe
2009-02-04 23:22 . 2009-03-29 16:51 259 --a------ c:\windows\lgfwup.ini
2009-02-04 23:21 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-02-04 23:21 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-02-04 23:21 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-02-04 23:21 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-02-04 23:21 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-02-04 23:21 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-02-04 23:21 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-02-04 23:20 . 2009-02-04 23:20 <DIR> d-------- c:\program files\CyberLink DVD Solution
2009-02-04 23:20 . 2009-02-04 23:20 <DIR> d-------- c:\program files\Common Files\Ahead
2009-02-04 23:20 . 2009-02-04 23:21 <DIR> d-------- c:\program files\Ahead
2009-02-04 23:20 . 2004-10-01 14:00 40,960 --a------ c:\program files\Uninstall_CDS.exe
2009-02-04 21:01 . 2009-02-04 21:01 <DIR> d-------- c:\documents and settings\Landon\Application Data\Sony
2009-02-04 20:54 . 2009-02-04 20:54 <DIR> d-------- c:\program files\Sony
2009-02-04 20:54 . 2009-02-04 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2009-02-04 20:45 . 2009-02-04 20:45 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-04 20:44 . 2009-02-04 20:44 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-04 20:44 . 2006-06-29 12:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-04 20:36 . 2009-02-04 20:36 <DIR> d-------- c:\documents and settings\Landon\Application Data\Sony Setup
2009-02-04 20:35 . 2009-02-04 20:35 <DIR> d-------- c:\program files\Sony Setup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 21:05 --------- d-----w c:\program files\Common Files\Adobe
2009-03-21 20:14 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-27 09:27 --------- d-----w c:\documents and settings\Landon\Application Data\Move Networks
2009-02-23 23:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-05 03:49 --------- d-----w c:\program files\MSBuild
2009-02-05 00:11 --------- d-----w c:\documents and settings\Landon\Application Data\Apple Computer
2009-01-07 03:05 4,934 ----a-w c:\windows\bcm43.tmp
2008-12-05 07:12 144,896 ----a-w c:\windows\system32\schannel.dll
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:35 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 68856]
"Google Update"="c:\documents and settings\Landon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2006-11-01 1392640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-02-20 245760]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 116328]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-06-25 771440]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"= diomidi.dll
"wave1"= Digi32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Landon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Landon\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 12:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
--a------ 2002-10-14 14:09 57344 c:\program files\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 09:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-16 07:56 236016 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
--a------ 2008-10-15 11:02 17664 c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2009-01-13 10:35 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-12-09 03:12 234856 c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Landon\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"c:\\Documents and Settings\\Landon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Landon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFi~1.sys [2009-01-08 20992]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-22 101936]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2009-01-07 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2009-01-07 7424]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-01-08 74240]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-09 33752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed5a4748-de29-11dd-8919-001c238df8c6}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1844237615-839522115-1003.job
- c:\documents and settings\Landon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-27 03:04]

2009-03-22 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Landon.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-06-26 01:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 17:19:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-03-29 17:21:29
ComboFix-quarantined-files.txt 2009-03-30 00:21:25

Pre-Run: 34,812,776,448 bytes free
Post-Run: 34,938,048,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /bootlog

268 --- E O F --- 2009-03-29 11:11:18



HTH LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:19 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Landon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Landon\Desktop\HTH\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Landon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10492 bytes

[dan12]

Let's Run Kaspersky Online Scan
Please go to Kaspersky website to perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to your desktop by changing the Files of type to Text file (.txt) before clicking on the Save button.
• Now close the window.

post the report

[ajnewcombe]

Any suggestions appreciated - the ask.com appearing when i least expect it is driving me crazy!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:58, on 30/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://edit.europe.yahoo.com/config/mail?.intl=uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [workflow] D:\installs\workflow.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11703 bytes

[lando2000]

I don't know who this ajnewcombe is, but here is MY Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 31, 2009 02:13:56
Records in database: 1988286
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 68171
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:27:47


File name / Threat name / Threats count
C:\Documents and Settings\Landon\Desktop\Musica\i wanna hold your hand across.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

The selected area was scanned.

[dan12]

My apology for the Intrusion into your thread.

Can you find this file and delete please
C:\Documents and Settings\Landon\Desktop\Musica\i wanna hold your hand across.mp3<< This file


Start > Run, type appwiz.cpl and click OK.

Uninstall the following:

AskBarDis
MySearch

Now close Control Panel.


Let me know how things are please.

[lando2000]

I've deleted the .mp3 file, but the other two I couldn't find in the program list...any ideas?

[dan12]

Ok, how are things with the pc before we clean up.?
Don't worry about those two items, that dam log the other person posted threw me

[lando2000]

So far it seems to be working fine. I tried a couple of google searches, and there were no re-directs. The computer IS running sluggish right now, but I think it's the Norton Antivirus that slows it down. Is there anything else you wanted to try?

Thanks for all your help!

Landon

[dan12]

Some usefull reading here for you

I will look in on you later as have to go out and then we can clean-up
Norton is big on system resources I've had a few cases where I advised to remove it and there was significant results.

[ajnewcombe]

i've managed to remove the suggested files, but now i still get attempted redirects with the following message:
HTTP Status 404 - /toolbarv/askRedirect

type Status report

message /toolbarv/askRedirect

description The requested resource (/toolbarv/askRedirect) is not available.
Apache Tomcat/6.0.13

so just as irritating.... what else can i do? the online Kaspersky doesn't seem to run on my machine

[dan12]

lando2000, apology for the interruption in your thread, I have had words

[ajnewcombe]

apologies if i've stumbled in to a private conversation, i thought this site was to share problems and get help?

[dan12]

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

You can remove
RootRepeal

Can you use msconfig as you did for the boot log and uncheck BOOTLOG.

Let me know when carried out.

[lando2000]

Is BOOTLOG in the "BOOT.INI" tab? If so, it was greyed out, and already unchecked. Other procedures complete.

What's next?


(BTW), I will be leaving the country for a week, so if I do not respond, this is why. If this means that my string will be deleted, I would like to take this time now to thank you for all your help.