Elise - First of all, thank you very much for helping me with this problem. I downloaded and ran ComboFix. The following is the ComboFix.txt file. Also, I have a question. Since ComboFix ran successfully, can I re-enable the AntiVirus and AntiSpyware program? Perhaps I am being paranoid. But, I am anxious about having them turned off. Thanks again, Isao ____________________________ ComboFix 10-08-03.04 - Offline 08/04/2010 19:01:55.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1691 [GMT -7:00] Running from: c:\documents and settings\Offline\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk c:\windows\system32\klgd.bmp c:\windows\winhelp.ini . ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))) . 2010-08-04 23:37 . 2010-08-04 23:37 -------- d-----w- c:\documents and settings\Offline\TOSHIBA 2010-08-02 22:45 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-08-02 21:28 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-08-02 20:50 . 2010-08-02 20:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E} 2010-08-02 20:50 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe 2010-08-02 20:50 . 2010-08-02 20:50 -------- d-----w- c:\program files\Lavasoft 2010-08-01 21:40 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys 2010-08-01 21:40 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys 2010-08-01 21:40 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys 2010-08-01 21:40 . 2009-10-15 03:50 328752 ----a-r- c:\windows\system32\drivers\symds.sys 2010-08-01 21:39 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys 2010-08-01 21:39 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys 2010-08-01 20:52 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-08-01 20:52 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2010-08-01 20:52 . 2010-08-01 20:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-08-01 20:52 . 2010-08-01 20:52 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-08-01 20:50 . 2010-08-02 03:36 -------- d-----w- c:\windows\system32\drivers\N360 2010-08-01 20:50 . 2010-08-01 20:50 -------- d-----w- c:\program files\Norton Security Suite 2010-08-01 20:50 . 2010-08-01 20:50 -------- d-----w- c:\program files\Windows Sidebar 2010-08-01 20:49 . 2010-08-01 20:49 -------- d-----w- c:\program files\NortonInstaller 2010-08-01 20:49 . 2010-08-01 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-08-01 20:48 . 2010-08-01 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-07-29 23:08 . 2010-08-02 21:28 -------- dc----w- c:\windows\system32\DRVSTORE 2010-07-29 23:07 . 2010-07-29 23:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-07-29 22:37 . 2010-07-29 22:37 -------- d-----w- c:\documents and settings\wshijo\Local Settings\Application Data\Sunbelt Software 2010-07-29 22:33 . 2010-08-02 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-07-29 21:43 . 2010-07-29 21:43 -------- d-----w- c:\documents and settings\wshijo\Local Settings\Application Data\Apple Computer 2010-07-27 23:47 . 2010-07-27 23:47 -------- d-----w- c:\documents and settings\wshijo.KDALTP001\Application Data\Malwarebytes 2010-07-27 23:32 . 2010-07-27 23:32 -------- d-sh--w- c:\documents and settings\wshijo.KDALTP001\IETldCache 2010-07-26 18:18 . 2010-07-30 18:21 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-16 05:16 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-04 23:19 . 2008-05-17 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-08-01 21:05 . 2004-05-05 05:19 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-08-01 20:52 . 2004-05-05 05:19 -------- d-----w- c:\program files\Symantec 2010-08-01 20:52 . 2010-08-01 20:52 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-08-01 20:52 . 2010-08-01 20:52 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-08-01 20:40 . 2010-05-17 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-08-01 20:39 . 2010-05-17 20:37 -------- d-----w- c:\program files\McAfee 2010-06-14 14:31 . 2004-05-01 07:40 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-10 22:13 . 2010-06-10 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-13 15:48 . 2010-04-24 03:44 0 ----a-w- c:\windows\Sviwidogodobuv.bin 2010-05-12 20:53 . 2010-04-24 03:44 120 ----a-w- c:\windows\Ozuzig.dat 2010-05-10 15:24 . 2004-05-01 16:10 78765 ----a-w- c:\windows\system32\nvModes.dat 2009-01-08 18:32 . 2009-01-08 18:32 52402132 ----a-w- c:\program files\TraffixW Back-up Before Installing Ver 8_0.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2004-10-26 921600] "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-08-21 151552] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-16 417792] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-26 4632576] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Iomega ImIconXP"="c:\program files\Iomega\REV System Software\imiconxp.exe" [2004-10-14 57344] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Explorer.lnk - c:\windows\explorer.exe [2003-5-11 1033728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave1"=c_625384.nls "aux1"=c_625384.nls "wave2"=c_625384.nls "mixer1"=c_625384.nls "midi2"=c_625384.nls "mixer2"=c_625384.nls "midi1"=c_625384.nls "aux2"=c_625384.nls [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AIM95\\aim.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= R0 imdrvfsf;Iomega File System Filter Driver;c:\windows\system32\drivers\imdrvfsf.sys [7/13/2004 11:22 AM 16006] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/2/2010 2:28 PM 64288] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [8/1/2010 2:40 PM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [8/1/2010 2:40 PM 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/9/2010 9:44 PM 691248] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [8/1/2010 2:39 PM 501888] R1 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [2/24/2008 9:07 PM 49592] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [8/1/2010 2:39 PM 116784] R2 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [5/25/2004 2:07 PM 38176] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/25/2010 10:23 PM 304464] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [8/1/2010 2:39 PM 126392] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 10:49 PM 24652] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/1/2010 1:53 PM 102448] R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2/6/2003 7:23 PM 59328] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100803.001\IDSXpx86.sys [8/4/2010 4:14 PM 331640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/25/2010 10:23 PM 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 10:44 AM 135664] S3 DK2USB;DK2usb Driver;c:\windows\system32\drivers\DK2USB.sys [2/24/2008 9:07 PM 18232] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 1:55 AM 1352832] --- Other Services/Drivers In Memory --- *Deregistered* - revfs [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-24 01:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-08-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55] 2010-08-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-17 04:02] 2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 17:44] 2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 17:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ixquick.com/ uInternet Connection Wizard,ShellNext = hxxp://www.dot.ca.gov/hq/traffops/saferesr/trafdata/index.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - Notify-WgaLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-04 19:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2010-08-04 19:22:26 ComboFix-quarantined-files.txt 2010-08-05 02:22 Pre-Run: 15,016,906,752 bytes free Post-Run: 15,145,472,000 bytes free - - End Of File - - 10183C409C322982E9A3D495CC6272F9