20 replies to this topic

[mik1210]

I can't seem to clean this one up. Every time we surf, sites that have viruses come up.

Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:20 PM, on 1/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200447452421
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7265 bytes


Thanks for any help.

[AdvancedSetup]

Please run and post back both logs. Thanks


Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile
The post back NEW MBAM and HJT logs in that order please.

[mik1210]

Thanks for the help. I ran updated mbam and it didn't find any malware. Below is the log. I restarted the computer anyway and reran hijackthis. Log is also below. Thanks

mbam log:

Malwarebytes' Anti-Malware 1.33
Database version: 1698
Windows 5.1.2600 Service Pack 2

1/26/2009 8:46:41 PM
mbam-log-2009-01-26 (20-46-41).txt

Scan type: Quick Scan
Objects scanned: 57637
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:59 PM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200447452421
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7401 bytes


Again thanks for the help.

mik

[AdvancedSetup]

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA
When we're done you can go back and install the latest version but for now please do not install any.

Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location and post it back when you reply

Then look for the following Java folders and if found delete them.
C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java


You also need to remove Adobe Acrobat Reader 8 and get version 9. Older versions were susceptible to attack from Malware.

Once those are removed run the following.

Please download the following scanning tool. GMER
[indent]

• Open the zip file and copy the file gmer.exe to your Desktop.
  
• Double click on gmer.exe and run it.
  
• It may take a minute to load and become available.
  
• Do not make any changes. As soon as it's done and the COPY button is available click on the COPY button.
  
• DO NOT Click on the SCAN button.
  
• This will place the scan in your clipboard. Paste that into notepad or into your next reply post please.
  
• Click OK and quit the GMER program.

[/indent]


Then a NEW HJT log

[AdvancedSetup]

Please post a status update on this.

[mik1210]

AdvancedSetup, on Jan 28 2009, 01:06 AM, said:

Please post a status update on this.

Thanks. Will perform the listed operations 01-28-09 and post progress.

[mik1210]

Here is JavaRa log tha I produced after uninstalling Java from my computer and running JavaRa.exe:

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jan 28 19:12:13 2009

Found and removed: Software\JavaSoft\Java2D\1.5.0_03

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

------------------------------------

Finished reporting.



I will now look for additional Java folders and delete. Then I will remove Adobe Acrobat 8. Then I will download and run GMER and will paste the scan here next.

Thanks

[mik1210]

Here is my gmer.exe log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-28 19:27:12
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.14 ----


And here is the repeat HJT done after running JavaRa and gmer.exe:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:11 PM, on 1/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200447452421
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 6543 bytes

Thanks for the help

[AdvancedSetup]

Okay those logs look okay. Please run the following one more time and then let me know how the computer is running
and if you're still seeing any signs of infection.


Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile
The post back NEW MBAM and HJT logs in that order please.

[mik1210]

Here is new mbam log:

Malwarebytes' Anti-Malware 1.33
Database version: 1707
Windows 5.1.2600 Service Pack 2

1/29/2009 7:51:45 PM
mbam-log-2009-01-29 (19-51-45).txt

Scan type: Quick Scan
Objects scanned: 57593
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is HJT log after restart:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:43 PM, on 1/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200447452421
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 6575 bytes


Thanks for the help

[mik1210]

I went to Google.com to check so see what comes up when I put in "Microsoft Corporation" in the browser. Moxiesearch.com, tds.seosun.net and spyware-remover.com came up as the web pages for Microsoft official home page.

I tried MSN.com and Yahoo.com with similar results. I also tried other common companies: Dell, Best Buy and Circuit City. The headline looks original but the website they want you to select is anything from rxgenericdrugs.com to myeweb.com.

Any suggestions?

Thanks

[AdvancedSetup]

Was that from IE or Firefox?

Please run the following tool which will help clean and remove remnants of stuff as well as show me some of the other items which may need looking at.

[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Yes to allow ComboFix to continue scanning for malware.
  
• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

[/indent]

[mik1210]

Hello:

I'm using IE. I will now perform the operations you listed and post logs when I'm finished.

I will be in and out this weekend. I apologize. I will post as soon as I can.

Thanks Again

Mik

[mik1210]

Ok...Ran Combofix and then another HJT log

Combofix log:

ComboFix 09-01-31.01 - Mikula Family 2009-01-31 16:39:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.512 [GMT -7:00]
Running from: c:\documents and settings\Mikula Family.DIMENSION-4600\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.

2009-01-28 19:26 . 2009-01-28 19:26 250 --a------ c:\windows\gmer.ini
2009-01-23 11:22 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-23 11:22 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-21 14:07 . 2009-01-21 14:07 <DIR> d-------- c:\program files\iTunes
2009-01-21 14:07 . 2009-01-21 14:07 <DIR> d-------- c:\program files\iPod
2009-01-21 14:07 . 2009-01-21 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-21 14:05 . 2009-01-21 14:05 <DIR> d-------- c:\program files\Bonjour
2009-01-19 20:29 . 2009-01-19 20:29 <DIR> d-------- c:\program files\Trend Micro
2009-01-18 16:27 . 2009-01-18 16:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 16:27 . 2009-01-18 16:27 <DIR> d-------- c:\documents and settings\Mikula Family.DIMENSION-4600\Application Data\Malwarebytes
2009-01-18 16:27 . 2009-01-18 16:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-18 16:27 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 16:27 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 22:13 . 2009-01-17 22:13 <DIR> d-------- c:\program files\NortonInstaller
2009-01-17 22:13 . 2009-01-17 22:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-17 22:13 . 2009-01-17 22:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-17 22:10 . 2009-01-17 22:10 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files
2009-01-17 20:48 . 2009-01-18 16:22 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 20:48 . 2009-01-18 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 08:29 . 2009-01-10 08:30 <DIR> d-------- c:\program files\Apple Software Update
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-12-28 18:01 . 2008-12-28 18:01 <DIR> d-------- c:\program files\Knowledge Adventure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 23:34 --------- d-----w c:\program files\Symantec AntiVirus
2009-01-23 18:38 --------- d-----w c:\documents and settings\Mikula Family.DIMENSION-4600\Application Data\Apple Computer
2009-01-21 21:04 --------- d-----w c:\program files\QuickTime
2009-01-18 05:25 --------- d-----w c:\program files\Symantec
2008-12-28 23:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-27 19:11 726,008 ----a-w c:\documents and settings\Mikula Family.DIMENSION-4600\gotomypc_437.exe
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:15 247,326 ------w c:\windows\system32\strmdll.dll
.

------- Sigcheck -------

2008-04-13 17:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 03:00 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\svchost.exe
2004-08-04 03:00 14336 8f078ae4ed187aaabc0a305146de6716 c:\windows\system32\dllcache\svchost.exe

2008-04-13 17:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 03:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\ws2_32.dll
2004-08-04 03:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 c:\windows\system32\dllcache\ws2_32.dll

2008-04-13 17:12 507904 ed0ef0a136dec83df69f04118870003e c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 03:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\winlogon.exe
2004-08-04 03:00 502272 01c3346c241652f43aed8e2149881bfe c:\windows\system32\dllcache\winlogon.exe

2008-04-13 12:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 03:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\dllcache\ndis.sys
2004-08-04 03:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys

2008-04-13 11:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 03:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\dllcache\ip6fw.sys
2004-08-04 03:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\system32\drivers\ip6fw.sys

2008-04-13 17:12 108544 0e776ed5f7cc9f94299e70461b7b8185 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 03:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\services.exe
2004-08-04 03:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 c:\windows\system32\dllcache\services.exe

2008-04-13 17:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 03:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\lsass.exe
2004-08-04 03:00 13312 84885f9b82f4d55c6146ebf6065d75d2 c:\windows\system32\dllcache\lsass.exe

2008-04-13 17:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 03:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\ctfmon.exe
2004-08-04 03:00 15360 24232996a38c0b0cf151c2140ae29fc8 c:\windows\system32\dllcache\ctfmon.exe

2008-04-13 17:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 03:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe
2004-08-04 03:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\dllcache\userinit.exe

2008-04-13 17:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
2004-08-04 03:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll
2004-08-04 03:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\dllcache\termsrv.dll

2008-04-13 17:12 17408 50a166237a0fa771261275a405646cc0 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
2004-08-04 03:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\powrprof.dll
2004-08-04 03:00 17408 1b5f6923abb450692e9fe0672c897aed c:\windows\system32\dllcache\powrprof.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-15 122880]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"P17Helper"="SPIRun.dll" [2006-07-02 c:\windows\system32\SPIRun.dll]

c:\documents and settings\Mikula Family.DIMENSION-4600\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-04-13 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - e:\office\OSA9.EXE [1999-02-17 65588]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 2297856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"aux"= wdmaud.sys

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--------- 2003-04-06 22:07 114688 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hplampc]
-ra------ 2002-01-17 10:40 40448 c:\windows\system32\hplampc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--------- 2003-04-06 22:19 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-05 99376]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2008-01-21 9312]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-03-27 167808]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-POINTER - point32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 16:41:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\RtlGina2.dll
.
Completion time: 2009-01-31 16:43:32
ComboFix-quarantined-files.txt 2009-01-31 23:43:19

Pre-Run: 17,449,611,264 bytes free
Post-Run: 17,537,265,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

182 --- E O F --- 2009-01-22 19:28:59



And now my HJT log after Combofix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:41 PM, on 1/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200447452421
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 6149 bytes


Thanks!

[AdvancedSetup]

Please download Lop S&D

Double-click on Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt), typcially C:\lopR.txt

[mik1210]

Here is my Lop log:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09
USER : Mikula Family ( Administrator )
BOOT : Normal boot
Antivirus : Symantec AntiVirus Corporate Edition 10.1.5.5000 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:16 Go)
E:\ (Local Disk) - FAT32 - Total:232 Go (Free:195 Go)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 02/01/2009|12:52 )

--------------------\\ Listing folders in APPLIC~1

[01/15/2008|06:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[01/15/2008|06:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[01/21/2009|02:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[01/26/2008|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ACD Systems
[01/15/2008|07:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/26/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[01/26/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[01/15/2008|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative
[05/11/2008|02:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Disney Interactive
[01/22/2008|07:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Knowledge Adventure
[01/18/2009|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[11/02/2008|02:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[07/05/2008|05:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[01/17/2009|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Norton
[01/17/2009|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[01/21/2008|07:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> OLYMPUS
[01/21/2008|07:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[01/18/2009|04:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[01/15/2008|07:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[06/03/2008|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> The Learning Company
[01/15/2008|06:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[01/15/2008|05:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/15/2008|05:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[01/15/2008|07:42] C:\DOCUME~1\MIKULA~1\APPLIC~1\<DIR> Adobe
[01/15/2008|07:53] C:\DOCUME~1\MIKULA~1\APPLIC~1\<DIR> Microsoft

[01/26/2008|04:02] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> ACD Systems
[01/15/2008|08:46] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Adobe
[01/23/2009|11:38] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Apple Computer
[01/26/2008|11:29] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Arcsoft
[01/22/2008|07:20] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Help
[01/15/2008|07:56] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Identities
[06/11/2008|04:10] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> InstallShield
[01/21/2008|05:03] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Leadertech
[01/15/2008|08:46] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Macromedia
[01/18/2009|04:27] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Malwarebytes
[11/24/2008|08:50] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Microsoft
[09/11/2008|09:34] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Microsoft Web Folders
[07/04/2008|02:12] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Roxio
[01/29/2008|04:42] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Scholastic
[06/29/2008|09:45] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> School Zone Preferences
[09/10/2008|01:03] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Sun
[04/11/2008|11:31] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> U3
[06/15/2008|01:09] C:\DOCUME~1\MIKULA~1.DIM\APPLIC~1\<DIR> Wal-Mart Digital Photo Viewer


[01/15/2008|05:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/10/2009 08:30 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[02/01/2009 10:10 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 03:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/26/2008|10:55] C:\Program Files\<DIR> ACD Systems
[06/10/2008|03:38] C:\Program Files\<DIR> Activision Value
[01/10/2009|08:30] C:\Program Files\<DIR> Apple Software Update
[02/13/2008|05:39] C:\Program Files\<DIR> Atari
[06/15/2008|09:28] C:\Program Files\<DIR> Barbie™
[08/05/2008|08:51] C:\Program Files\<DIR> BigIdea
[01/21/2009|02:05] C:\Program Files\<DIR> Bonjour
[02/09/2008|07:59] C:\Program Files\<DIR> Broderbund Software
[01/31/2009|04:40] C:\Program Files\<DIR> Common Files
[08/01/2008|01:50] C:\Program Files\<DIR> Compact Wireless-G USB Adapter Wireless Network Monitor
[01/15/2008|05:52] C:\Program Files\<DIR> ComPlus Applications
[01/15/2008|06:10] C:\Program Files\<DIR> CONEXANT
[09/21/2008|11:11] C:\Program Files\<DIR> Coupons
[01/15/2008|08:37] C:\Program Files\<DIR> Creative
[06/09/2008|05:43] C:\Program Files\<DIR> directx
[07/27/2008|12:04] C:\Program Files\<DIR> Disney Interactive
[08/03/2008|08:53] C:\Program Files\<DIR> Dreamcatcher
[01/21/2008|05:00] C:\Program Files\<DIR> EPSON
[08/06/2008|06:59] C:\Program Files\<DIR> Fun House
[06/23/2008|03:58] C:\Program Files\<DIR> Hasbro Interactive
[01/21/2008|05:08] C:\Program Files\<DIR> HP Photosmart 11
[02/13/2008|05:14] C:\Program Files\<DIR> Infogrames Interactive
[12/28/2008|04:42] C:\Program Files\<DIR> InstallShield Installation Information
[01/15/2008|06:24] C:\Program Files\<DIR> Intel
[12/10/2008|09:46] C:\Program Files\<DIR> Internet Explorer
[01/21/2009|02:07] C:\Program Files\<DIR> iPod
[01/21/2009|02:07] C:\Program Files\<DIR> iTunes
[08/08/2008|05:58] C:\Program Files\<DIR> JumpStart
[12/28/2008|06:01] C:\Program Files\<DIR> Knowledge Adventure
[11/02/2008|09:21] C:\Program Files\<DIR> LEGO Media
[01/18/2009|04:27] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/13/2008|07:55] C:\Program Files\<DIR> Messenger
[01/15/2008|07:16] C:\Program Files\<DIR> Microsoft ActiveSync
[09/11/2008|09:34] C:\Program Files\<DIR> microsoft frontpage
[06/10/2008|02:44] C:\Program Files\<DIR> Microsoft Games
[01/15/2008|06:34] C:\Program Files\<DIR> Microsoft Hardware
[01/15/2008|07:15] C:\Program Files\<DIR> Microsoft Office
[01/15/2008|07:15] C:\Program Files\<DIR> Microsoft Visual Studio
[01/15/2008|07:15] C:\Program Files\<DIR> Microsoft Works
[01/15/2008|07:16] C:\Program Files\<DIR> Microsoft.NET
[01/15/2008|05:53] C:\Program Files\<DIR> Movie Maker
[01/15/2008|05:51] C:\Program Files\<DIR> MSN
[01/15/2008|05:51] C:\Program Files\<DIR> MSN Gaming Zone
[06/11/2008|09:20] C:\Program Files\<DIR> MSXML 4.0
[01/21/2008|05:24] C:\Program Files\<DIR> NETGEAR
[01/15/2008|05:53] C:\Program Files\<DIR> NetMeeting
[01/17/2009|10:13] C:\Program Files\<DIR> NortonInstaller
[01/21/2008|07:36] C:\Program Files\<DIR> OLYMPUS
[01/15/2008|05:51] C:\Program Files\<DIR> Online Services
[01/15/2008|06:57] C:\Program Files\<DIR> Outlook Express
[01/26/2008|11:29] C:\Program Files\<DIR> palmOne
[11/02/2008|01:01] C:\Program Files\<DIR> Phantom EFX
[10/15/2008|07:10] C:\Program Files\<DIR> PopCap Games
[01/21/2009|02:04] C:\Program Files\<DIR> QuickTime
[02/29/2008|07:53] C:\Program Files\<DIR> Scholastic
[01/18/2009|04:22] C:\Program Files\<DIR> Spybot - Search & Destroy
[01/17/2009|10:25] C:\Program Files\<DIR> Symantec
[02/01/2009|10:10] C:\Program Files\<DIR> Symantec AntiVirus
[11/02/2008|03:20] C:\Program Files\<DIR> SystemRequirementsLab
[06/29/2008|09:44] C:\Program Files\<DIR> sz8034_6
[08/02/2008|10:39] C:\Program Files\<DIR> The Learning Company
[07/23/2008|10:16] C:\Program Files\<DIR> THQ
[01/19/2009|08:29] C:\Program Files\<DIR> Trend Micro
[01/15/2008|05:59] C:\Program Files\<DIR> Uninstall Information
[06/09/2008|05:39] C:\Program Files\<DIR> Viva Media
[01/15/2008|06:54] C:\Program Files\<DIR> Windows Media Player
[01/15/2008|05:51] C:\Program Files\<DIR> Windows NT
[01/15/2008|05:54] C:\Program Files\<DIR> WindowsUpdate
[06/24/2008|04:51] C:\Program Files\<DIR> WON
[01/15/2008|05:56] C:\Program Files\<DIR> xerox
[02/06/2008|04:01] C:\Program Files\<DIR> Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/26/2008|10:55] C:\Program Files\Common Files\<DIR> ACD Systems
[01/15/2008|08:17] C:\Program Files\Common Files\<DIR> Adobe
[01/26/2008|10:38] C:\Program Files\Common Files\<DIR> Apple
[06/15/2008|09:28] C:\Program Files\Common Files\<DIR> Barbie
[01/15/2008|07:15] C:\Program Files\Common Files\<DIR> DESIGNER
[01/21/2008|05:23] C:\Program Files\Common Files\<DIR> InstallShield
[01/22/2008|07:00] C:\Program Files\Common Files\<DIR> Knowledge Adventure
[01/15/2008|07:16] C:\Program Files\Common Files\<DIR> L&H
[09/11/2008|09:36] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/15/2008|05:53] C:\Program Files\Common Files\<DIR> MSSoap
[01/15/2008|11:47] C:\Program Files\Common Files\<DIR> ODBC
[01/15/2008|05:53] C:\Program Files\Common Files\<DIR> Services
[01/15/2008|11:47] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/15/2008|07:21] C:\Program Files\Common Files\<DIR> Symantec Shared
[09/11/2008|09:36] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 41 Processes )

iexplore.exe ~ [PID:1536]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\MIKULA~1.DIM\Cookies\mikula_family@adopt.euroclick[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 12:54:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:3][D:0]-> C:\DOCUME~1\MIKULA~1.DIM\LOCALS~1\Temp
[F:163][D:0]-> C:\DOCUME~1\MIKULA~1.DIM\Cookies
[F:2601][D:4]-> C:\DOCUME~1\MIKULA~1.DIM\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 02/01/2009|12:55 - Option : [1]

--------------------\\ Scan completed at 12:55:14


I tried to do some surfing and my problem seems to be fixed. All sites pull up correctly. Computer is working great.

Is it ok to download the latest Adobe Acrobat now? Also, is it ok to keep the tools you've had me download?

Thank you so much for all the help

[AdvancedSetup]

No most of those tools are updated frequently and are typically useless or dangerous if not used properly.

Please run the following to clean up those tools properly.

1. Click on START - RUN and type in or copy/paste %windir%\gmer_uninstall.cmd and click OK

2. [indent]To uninstall ComboFix.exe

• Click START then RUN
  
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
• [indent][/indent]
  
• When shown the disclaimer, Select "2"

Remove this folder C:\QooBox\LastRun if the uninstall instructions don't work.[/indent]

3. Run this tool.
[indent]Please Download OTMoveIt3 by Old Timer and save it to your Desktop.

• Double-click OTMoveIt3.exe to run it.
  
• While connected to the Internet, Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
  
• It should ask if you want to clean up, select Yes and allow the system to clean up these items.
  NOW please reboot your computer to finish the cleanup process

[/indent]


When that is done please run the following one more time and if all comes back clean then we'll finish up and update the Adobe and Java and go over a few things.


Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile
The post back NEW MBAM and HJT logs in that order please.

[mik1210]

I ran all removal tools as instructed. Here is my lastest MBAM log:

Malwarebytes' Anti-Malware 1.33
Database version: 1718
Windows 5.1.2600 Service Pack 2

2/2/2009 7:33:21 PM
mbam-log-2009-02-02 (19-33-21).txt

Scan type: Quick Scan
Objects scanned: 57583
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I then rebooted and here is my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:58 PM, on 2/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200447452421
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 6583 bytes


Thanks

Mik

[AdvancedSetup]

Hi Mik,

Unless there is some other issue, the logs look clean now.
Let me know if your still experiencing any Malware related issues on the system.

[mik1210]

Surfed quite a bit today. No problems at all. All sites are pulling up as expected.

Mik