10 replies to this topic

[jwino]

I just completed running Malwarebytes for the 10th time in the last 3 days. Until tonight it found nothing to report but tonight it found and removed Search.hijack. I still either get redirected or internet explorer unable to open the web page. If I copy and paste the link sometimes it works but about 50% of the time I get spunoff to an ad site. Here is a log file from after removing search.hijack.
Thanks in advance for your help.
Jim

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:20 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Farstone\VirtualHardDrive\RdTask.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LargeSoftware Password Manager\lspass.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\CNN.com Desktop Alerter\CNNAlerter.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [RamDrive] C:\Program Files\Farstone\VirtualHardDrive\RdTask.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PasswordManager] C:\Program Files\LargeSoftware Password Manager\lspass.exe
O4 - HKCU\..\Run: [LargeSoftPasswordManager] C:\Program Files\LargeSoftware Password Manager\lspass.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000096.000001d8
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: CNNAlerter.lnk = C:\Program Files\CNN.com Desktop Alerter\CNNAlerter.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/...ckerControl.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1166995429421
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://scan.networkmagic.com/nmscan/downlo...-ship-WD.V1.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O18 - Protocol: bw+0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {CCAF475E-25DC-4C9F-8283-B03C08AEB705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 25767 bytes

[miekiemoes]

Hi,

Can you post the log from MalwareBytes?

[jwino]

Malwarebytes' Anti-Malware 1.37
Database version: 2290
Windows 5.1.2600 Service Pack 3

6/16/2009 5:33:28 PM
mbam-log-2009-06-16 (17-33-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 220088
Time elapsed: 37 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[miekiemoes]

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

[jwino]

Here is the Combofix log.
Thanks for your assistance.

ComboFix 09-06-16.05 - Administrator 06/17/2009 8:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2547 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Ctxfihlp.exe
c:\windows\system32\TDSSmafj.dat
D:\resycled
E:\resycled
c:\documents and settings\Administrator\Application Data\inst.exe
c:\documents and settings\Administrator\x.exe
C:\hpb9xcls.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\drivers\SKYNETjvqgxxed.sys
c:\windows\system32\MabryObj.dll
c:\windows\system32\SKYNETcfueliek.dat
c:\windows\system32\SKYNETiqnvkbbl.dat
c:\windows\system32\SKYNETnmfddaqy.dll
c:\windows\system32\SKYNETsvfalswp.dll
c:\windows\wiaservv.log
D:\Autorun.inf
d:\resycled\boot.com
E:\Desktop.ini
e:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETsilkwedb


((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-17 02:54 . 2009-06-12 23:06 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\NAVENG.SYS
2009-06-17 02:54 . 2009-06-12 23:06 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\NAVEX15.SYS
2009-06-17 02:54 . 2009-06-12 23:06 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\EECTRL.SYS
2009-06-17 02:54 . 2009-06-12 23:06 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\ECMSVR32.DLL
2009-06-17 02:54 . 2009-06-12 23:06 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\CCERASER.DLL
2009-06-17 02:54 . 2009-06-12 23:06 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\NAVENG32.DLL
2009-06-17 02:54 . 2009-06-12 23:06 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\NAVEX32A.DLL
2009-06-17 02:54 . 2009-06-12 23:06 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.035\ERASER.SYS
2009-06-14 23:31 . 2004-08-10 19:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-06-14 23:31 . 2004-08-10 19:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-06-14 23:31 . 2009-06-15 04:18 -------- d-----w- c:\program files\Remove-it
2009-06-12 11:09 . 2009-06-12 11:09 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-06-12 11:09 . 2009-06-12 11:09 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-06-12 11:09 . 2009-06-12 11:09 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-06-12 11:09 . 2009-06-13 12:55 -------- d-----w- c:\windows\system32\drivers\NIS
2009-06-12 11:09 . 2009-06-12 11:09 -------- d-----w- c:\program files\Norton Internet Security
2009-06-12 11:09 . 2009-06-12 11:09 -------- d-----w- c:\program files\Windows Sidebar
2009-06-12 11:07 . 2009-06-12 11:07 -------- d-----w- c:\program files\NortonInstaller
2009-06-12 10:50 . 2009-06-12 10:50 2908976 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\Norton_Removal_Tool_7011\Norton_Removal_Tool.exe
2009-06-12 02:33 . 2009-06-12 02:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-11 13:47 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 13:47 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-08 20:12 . 2009-06-08 20:12 -------- d-----w- c:\documents and settings\Administrator\MyConnection PC
2009-06-08 20:12 . 2009-06-08 20:12 -------- d-----w- c:\program files\MyConnection PC
2009-06-05 02:10 . 2009-06-05 02:10 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-06-05 02:09 . 2009-06-05 02:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-05 02:09 . 2009-06-05 02:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-05 02:02 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-04 01:10 . 2009-06-04 01:10 539520 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\KB20080828105226EN_6997\KB20080828105226EN.exe
2009-06-04 00:58 . 2009-06-04 00:58 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-03 23:59 . 2009-06-03 23:59 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-03 23:25 . 2009-06-12 02:27 -------- d-----w- c:\windows\ie8updates
2009-06-03 23:23 . 2009-06-05 02:02 -------- dc-h--w- c:\windows\ie8
2009-05-30 14:05 . 2009-05-30 14:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
2009-05-30 14:05 . 2009-05-30 14:05 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-05-21 03:37 . 2006-10-06 14:35 90112 ----a-w- c:\windows\system32\lfjbg13n.dll
2009-05-21 03:37 . 2006-10-06 14:35 73728 ----a-w- c:\windows\system32\lffax13n.dll
2009-05-21 03:37 . 2006-10-06 14:35 453120 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-05-21 03:37 . 2006-10-06 14:35 445440 ----a-w- c:\windows\system32\ltimg13n.dll
2009-05-21 03:37 . 2006-10-06 14:35 388608 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-05-21 03:37 . 2006-10-06 14:35 265216 ----a-w- c:\windows\system32\ltdis13n.dll
2009-05-21 03:37 . 2006-10-06 14:35 246272 ----a-w- c:\windows\system32\lfj2k13n.dll
2009-05-21 03:37 . 2006-10-06 14:35 206848 ----a-w- c:\windows\system32\ltefx13n.dll
2009-05-21 03:37 . 2006-10-06 14:35 1693696 ----a-w- c:\windows\system32\ltclr13n.dll
2009-05-21 03:37 . 2006-10-06 14:35 154112 ----a-w- c:\windows\system32\ltfil13n.dll
2009-05-21 03:37 . 2006-10-06 14:35 142848 ----a-w- c:\windows\system32\lftif13n.dll
2009-05-21 03:37 . 2009-05-21 03:37 -------- d-----w- c:\program files\MFInstall
2009-05-20 23:42 . 2009-05-20 23:42 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 03:40 . 2008-10-25 14:53 -------- d-----w- c:\program files\LargeSoftware Password Manager
2009-06-17 03:40 . 2006-12-26 15:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-06-16 01:20 . 2006-12-26 19:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-16 01:18 . 2007-06-02 00:51 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-06-16 01:18 . 2007-06-02 00:51 47360 ----a-w- c:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-06-16 01:18 . 2007-06-02 00:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vso
2009-06-16 01:17 . 2009-04-19 02:30 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-06-16 01:17 . 2007-03-03 15:46 -------- d-----w- c:\program files\ArcSoft
2009-06-16 01:17 . 2006-12-24 20:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 01:17 . 2009-04-19 02:31 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-06-16 00:29 . 2009-02-23 03:14 -------- d-----w- c:\program files\Trend Micro
2009-06-15 03:12 . 2008-11-27 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-13 04:01 . 2009-06-12 11:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-13 04:01 . 2009-06-12 11:09 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-13 04:01 . 2009-06-12 11:09 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-13 04:01 . 2009-06-12 11:09 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-13 04:01 . 2009-06-12 11:09 -------- d-----w- c:\program files\Symantec
2009-06-12 21:54 . 2009-06-12 21:54 -------- d-----w- c:\program files\Norton Support
2009-06-12 11:52 . 2006-12-24 20:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-12 11:09 . 2008-10-12 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-12 02:26 . 2008-11-27 23:59 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-12 01:04 . 2007-12-02 22:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-05 11:35 . 2006-12-24 20:38 138184 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 01:16 . 2008-11-27 23:21 -------- d-----w- c:\program files\Microsoft Works
2009-05-31 04:50 . 2006-12-26 21:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-05-26 21:59 . 2008-10-19 00:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 21:00 . 2008-10-23 21:00 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 18:20 . 2008-10-19 00:12 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 18:19 . 2008-10-19 00:12 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 05:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-20 23:42 . 2006-12-26 19:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-05-20 23:41 . 2006-12-26 19:06 -------- d-----w- c:\program files\Internet Download Manager
2009-05-20 23:41 . 2008-12-14 23:54 2925416 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmupdt.exe
2009-05-17 00:09 . 2006-12-26 22:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-05-13 05:15 . 2004-05-26 19:30 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 20:12 . 2006-12-24 21:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-12 02:07 . 2009-05-12 02:07 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-05-12 02:07 . 2009-05-12 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-05-12 02:07 . 2006-12-25 19:24 -------- d-----w- c:\program files\Diskeeper Corporation
2009-05-07 15:32 . 2004-05-26 19:29 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 03:35 . 2007-09-21 01:48 -------- d-----w- c:\program files\Folder Lock
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-24 03:02 . 2009-04-24 03:02 -------- d-----w- c:\program files\Pure Networks
2009-04-24 03:01 . 2009-04-24 03:01 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-04-20 00:03 . 2009-04-20 00:03 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-20 00:03 . 2006-12-24 20:29 -------- d-----w- c:\program files\Java
2009-04-20 00:02 . 2009-04-20 00:02 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-19 04:05 . 2009-04-19 04:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\KodakCredentialStore
2009-04-19 04:02 . 2009-04-19 04:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skinux
2009-04-19 02:32 . 2007-03-04 23:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft
2009-04-19 02:32 . 2009-04-19 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-04-19 02:31 . 2009-04-19 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-04-19 02:30 . 2009-04-19 02:25 -------- d-----w- c:\program files\Kodak
2009-04-19 02:28 . 2009-04-19 02:27 -------- d-----w- c:\program files\Common Files\Kodak
2009-04-19 02:24 . 2009-04-19 02:24 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2009-04-19 02:24 . 2009-04-19 02:24 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2009-04-19 02:24 . 2009-04-19 02:24 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2009-04-19 02:24 . 2009-04-19 02:24 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2009-04-19 02:24 . 2009-04-19 02:24 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2009-04-19 02:23 . 2009-04-19 02:23 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_90e0b9d\EasyShrx.Dll
2009-04-19 02:23 . 2009-04-19 02:23 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.30.1.dll
2009-04-17 12:26 . 2004-05-26 19:30 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-05-26 19:30 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-26 15:35 . 2004-02-19 15:42 210352 ----a-w- c:\windows\system32\idmmbc.dll
2008-10-18 22:44 . 2008-10-18 22:44 15462 ----a-w- c:\program files\Common Files\ohic._sy
2008-10-18 22:44 . 2008-10-18 22:44 14287 ----a-w- c:\program files\Common Files\suri.sys
2008-10-18 22:44 . 2008-10-18 22:44 14286 ----a-w- c:\program files\Common Files\ryhesivuje.dl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@BackupScheduler"="c:\program files\Online Backup\OnlineBackup.exe" [2008-02-06 611768]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-19 2811312]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-29 36864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PasswordManager"="c:\program files\LargeSoftware Password Manager\lspass.exe" [2008-10-17 1544704]
"LargeSoftPasswordManager"="c:\program files\LargeSoftware Password Manager\lspass.exe" [2008-10-17 1544704]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-03-08 638816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RamDrive"="c:\program files\Farstone\VirtualHardDrive\RdTask.exe" [2007-03-02 135168]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-25 185896]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-05-26 414480]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" - c:\windows\system32\MIDIDEF.EXE [2007-04-09 28672]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
CNNAlerter.lnk - c:\program files\CNN.com Desktop Alerter\CNNAlerter.exe [2007-9-13 655360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-12-25 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-25 113664]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2006-12-25 221247]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-29 576104]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-7-29 196608]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [6/12/2009 11:01 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [6/12/2009 11:01 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [6/12/2009 11:01 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.sys [6/12/2009 6:11 AM 276344]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2008 7:12 PM 194832]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [6/12/2009 11:01 PM 115560]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [12/26/2006 11:14 AM 114944]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 5:38 AM 92008]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [12/24/2007 5:44 PM 598856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/11/2009 3:00 AM 101936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2008 7:12 PM 19096]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S3 EraserUtilDrv10710;EraserUtilDrv10710;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10710.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 11:51]

2009-06-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrator.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-19 18:20]

2009-06-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for Administrator.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-19 18:20]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-TDSSxdeb.sys
MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
uInternet Settings,ProxyOverride = <local>
IE: &eBay Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF
IE: Convert to existing PDF
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\idmmbc.dll
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 08:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2261653455-2056594075-340905747-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,29,77,bd,f1,55,0c,43,bf,6f,2b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,29,77,bd,f1,55,0c,43,bf,6f,2b,\

[HKEY_USERS\S-1-5-21-2261653455-2056594075-340905747-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):84,df,25,16,ce,63,cf,79,19,80,5c,6f,12,fb,c4,ca,6f,c0,6f,b0,bc,
d2,8b,ed,8e,f2,f3,45,f2,e0,15,33,b4,93,78,4e,19,a3,aa,9c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e97eaf42-4f07-45ac-bdcd-64e1dcf5d02b}]
@Denied: (Full) (Everyone)
"Model"=dword:00000080
"Therad"=dword:00000015
"MData"=hex(0):50,1f,7d,ae,58,bc,ca,e7,19,5e,1d,d2,ae,89,67,ba,ea,5e,07,d5,aa,
92,68,80,3b,8a,0a,32,11,89,01,b5,44,1c,19,52,bd,06,dc,55,7d,dd,a0,f4,6a,86,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\idmmbc.dll
.
Completion time: 2009-06-17 8:44
ComboFix-quarantined-files.txt 2009-06-17 13:44

Pre-Run: 95,720,566,784 bytes free
Post-Run: 95,758,872,576 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

340 --- E O F --- 2009-06-15 03:12

[miekiemoes]

Hi,

The malware you were dealing with locked some components of malwarebytes, which explains why it didn't find anything anymore.
Malwarebytes DOES detect what you were dealing with though, but since the malware was already loaded and you didn't have malwarebytes running as realtime protection, it explains why it got through and stayed "hidden".

Anyway, navigato to and delete the following files:

c:\program files\Common Files\ohic._sy
c:\program files\Common Files\suri.sys
c:\program files\Common Files\ryhesivuje.dl

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

[jwino]

The malware you had me remove has stopped the hacking to ad sites, thanks. I am however still have a problem I did not have prior to aquiring the virus. Many times after a google search, when I click on a search link I receive the "Internet Explorer Cannot Display the Web Page" message. I can copy and paste the link and go directly to the sites so the links are valid. I'm not sure if something in internet settings has changed or I still have some sort of malware.

"but since the malware was already loaded and you didn't have malwarebytes running as realtime protection"

I'm not sure what you meant by the above statement. I have the paid version and the protection module is enabled. I cannot locate any other reference to "running in realtime protection".

Thanks again

[miekiemoes]

Maybe the malware (the rootkit) was already present before you had Malwarebytes realtime enabled? Because I know Malwarebytes blocks the install of this rootkit.

Quote

Many times after a google search, when I click on a search link I receive the "Internet Explorer Cannot Display the Web Page" message

As a matter of fact, this is not really malware related. This appears to be a common issue I have seen so far with IE8 when people have Norton Internet Security installed.
However, to make sure everything is really gone (it should); just run Combofix again and post the log in your next reply together with a new MalwareBytes log.

[jwino]

Hello, I have attached the scans you requested and I sincerely appreciate your help. If IE 8 is the problem I will revert back to IE 7 and see if that solves the problem. The first MWB scan found 2 problems but I think they were associated with Microsoft Defender that I had disabled. I allowed MWB to complete and fix the problems found with scan # 1 and then I ran a second scan and have attached it also. My license for Norton will soon expire; do you have any suggestions for anti virus/security suites other than Norton? How’s the smoking cessation going? I was a 2+ pack user and quit cold turkey 19 years ago, best move ever.

Thanks again,

Jim

Attached Files

•  log.txt   24.95K   18 downloads
•  mbam_log_2009_06_19__09_35_54_.txt   1.13K   21 downloads
•  mbam_log_2009_06_19__22_20_38_.txt   853bytes   17 downloads

[miekiemoes]

Hi,

Everything looks OK here. The two entries Malwarebytes found may be ignored in your case since Norton sets these entries badk again.
I rather think it's mainly your Norton being the cause for your issue and not IE. The combination of both may cause the issues.
I would suggest to try Firefox or Opera as a browser and see if that temporary resolves your problem until your Norton license ends. Degrading from IE8 to IE7 isn't a good idea since IE8 is more secure.

Quote

My license for Norton will soon expire; do you have any suggestions for anti virus/security suites other than Norton?

I personally use Avira Premium Security Suite. So, since I use it, I also recommend it (otherwise I wont use it )
It's fast, no resource hog, no too much bells and whistles and great in detection. There's also a free version Avira Personal which is without Firewall and Adware detection and Avira Premium which is the Antivirus with extra features, but without Firewall as well. The one I have contains a firewall.µ
You can see the differences between the products here below: http://www.free-av.com/en/products/1/avira..._antivirus.html

Quote

How’s the smoking cessation going? I was a 2+ pack user and quit cold turkey 19 years ago, best move ever.

Great. It's now more than 6 months since I quit smoking and it's indeed my best move ever as well

[miekiemoes]

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.