Solve : Still Infected after following the first thread?

1.	Solve : Still Infected after following the first thread?
Answer» OK here we go. Delete Combo-Fix and download a new copy to your desktop. This time don't rename it. http://download.bleepingcomputer.com/sUBs/ComboFix.exe Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: SessionLauncher DCTDZCF GGXIX DDS:: BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background File:: c:\windows\Tasks\OGALogon.job c:\windows\system32\OGAEXEC.exe Folder:: c:\documents and settings\Administrator\Local Settings\Application Data\Symantec c:\documents and settings\Administrator\Application Data\AVG8 c:\documents and settings\Randy\Local Settings\Application Data\Symantec c:\documents and settings\All Users\Application Data\Norton c:\documents and settings\All Users\Application Data\NortonInstaller Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=- 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeThanks evilfantasy...Here is the new ComboFix log: ComboFix 09-10-11.01 - Randy 10/11/2009 18:48.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.393 [GMT -4:00] Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Randy\Desktop\CFScript.txt AV: avast! antivirus 4.8.1356 [VPS 091011-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\windows\system32\OGAEXEC.exe" "c:\windows\Tasks\OGALogon.job" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\AVG8 c:\documents and settings\Administrator\Local Settings\Application Data\Symantec c:\documents and settings\Administrator\Local Settings\Application Data\Symantec\CEDUrl.txt c:\documents and settings\All Users\Application Data\Norton c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\00000349\cltLMS1.dat c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\00000349\cltLMS2.dat c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\key.txt c:\documents and settings\All Users\Application Data\Norton\symdata.xml c:\documents and settings\All Users\Application Data\NortonInstaller c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h50m14s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h50m14s\Install.2.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h50m14s\Log.Lue c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h50m14s\NortonInstall-09-20-2009-17h50m14s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\BHCA-0x0770.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\Install.2.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\NortonInstall-09-20-2009-17h52m03s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\SymIMexe-0x0634.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\tuIH-0x0404.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h07m52s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h07m52s\Install.2.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h07m52s\Log.Lue c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h07m52s\NortonInstall-09-20-2009-21h07m52s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h09m31s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h09m31s\NortonInstall-09-20-2009-21h09m31s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h10m28s\NortonInstall-09-20-2009-21h10m28s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h14m36s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h14m36s\Install.2.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h14m36s\NortonInstall-09-20-2009-21h14m36s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\BHCA-0x09A8.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\Install.2.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\NortonInstall-09-20-2009-21h15m33s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\SymIMexe-0x05A8.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\tuIH-0x03A4.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h46m49s\BHCA-0x072C.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h46m49s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h46m49s\NortonInstall-09-21-2009-16h46m49s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h46m49s\OCSCtl-0x0228.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h46m49s\SymIMexe-0x0498.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h47m42s\NortonInstall-09-21-2009-16h47m42s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h28m54s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h28m54s\Install.2.mft c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h28m54s\Install.2.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h28m54s\Log.Lue c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h28m54s\NortonInstall-09-21-2009-17h28m54s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\BHCA-0x0254.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\Install.2.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\NortonInstall-09-21-2009-17h30m29s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\SymIMexe-0x0680.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\tuIH-0x00A0.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h57m26s\BHCA-0x0088.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h57m26s\Install.1.mft.7z c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h57m26s\NortonInstall-09-21-2009-18h57m26s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h57m26s\OCSCtl-0x0384.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h57m26s\SymIMexe-0x0398.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h58m24s\NortonInstall-09-21-2009-18h58m24s.log c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\Url.txt c:\documents and settings\Randy\Local Settings\Application Data\Symantec c:\documents and settings\Randy\Local Settings\Application Data\Symantec\CEDUrl.txt c:\program files\messenger\msmsgs.exe c:\windows\system32\OGAEXEC.exe c:\windows\Tasks\OGALogon.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DCTDZCF -------\Legacy_GGXIX -------\Legacy_SESSIONLAUNCHER -------\Service_DCTDZCF -------\Service_GGXIX -------\Service_SessionLauncher ((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 ))))))))))))))))))))))))))))))) . 2009-10-11 01:58 . 2009-10-11 01:58--------d-----w-c:\documents and settings\Randy\Application Data\Office Genuine Advantage 2009-10-11 01:15 . 2008-04-14 00:1156320----a-w-c:\windows\eventlog.dll 2009-09-27 13:00 . 2009-09-27 13:00--------d-----w-c:\program files\iPod 2009-09-26 21:53 . 2009-09-26 22:07--------d-----w-c:\program files\Trend Micro 2009-09-26 15:40 . 2009-09-15 10:5452368----a-w-c:\windows\system32\drivers\aswTdi.sys 2009-09-26 15:40 . 2009-09-15 10:5423152----a-w-c:\windows\system32\drivers\aswRdr.sys 2009-09-26 15:40 . 2009-09-15 10:5327408----a-w-c:\windows\system32\drivers\aavmker4.sys 2009-09-26 15:40 . 2009-09-15 10:5397480----a-w-c:\windows\system32\AvastSS.scr 2009-09-26 15:40 . 2009-09-15 10:5693424----a-w-c:\windows\system32\drivers\aswmon.sys 2009-09-26 15:40 . 2009-09-15 10:5694160----a-w-c:\windows\system32\drivers\aswmon2.sys 2009-09-26 15:40 . 2009-09-15 10:55114768----a-w-c:\windows\system32\drivers\aswSP.sys 2009-09-26 15:40 . 2009-09-15 10:5520560----a-w-c:\windows\system32\drivers\aswFsBlk.sys 2009-09-26 15:39 . 2009-09-15 10:591279968----a-w-c:\windows\system32\aswBoot.exe 2009-09-26 15:39 . 2009-09-26 15:39--------d-----w-c:\program files\Alwil Software 2009-09-25 22:19 . 2009-09-25 22:19--------d-----w-C:\VundoFix Backups 2009-09-24 20:47 . 2009-09-24 20:46411368----a-w-c:\windows\system32\deploytk.dll 2009-09-24 12:26 . 2009-09-24 12:26--------d-----w-c:\windows\system32\Service 2009-09-23 21:49 . 2009-09-23 21:49--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-09-23 21:49 . 2009-09-23 21:49--------d-----w-c:\documents and settings\Randy\Application Data\SUPERAntiSpyware.com 2009-09-23 21:38 . 2009-09-23 21:38--------d-----w-c:\program files\CCleaner 2009-09-22 03:03 . 2009-09-24 04:3370254592--sha-w-C:\NRTPage.sys 2009-09-21 20:59 . 2009-09-21 20:5991896----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-21 20:46 . 2009-09-21 20:46--------d-----w-c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations 2009-09-21 02:48 . 2009-09-25 22:07--------d-----w-c:\documents and settings\All Users\Application Data\PC Tools 2009-09-21 01:18 . 2009-09-21 01:18--------d-----w-c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B} 2009-09-20 21:54 . 2009-09-20 21:54--------d-----w-c:\documents and settings\Randy\Local Settings\Application Data\Downloaded Installations 2009-09-20 21:25 . 2009-09-20 21:25--------d-----w-c:\documents and settings\Randy\Application Data\Malwarebytes 2009-09-20 20:35 . 2009-09-25 22:07--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP 2009-09-20 20:25 . 2009-09-20 20:25--------d-----w-c:\documents and settings\Administrator\Application Data\AT&T 2009-09-20 20:22 . 2009-09-20 20:22--------d-----w-c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-09-20 20:22 . 2009-09-20 20:22--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-20 20:20 . 2009-09-20 20:20--------d-sh--w-c:\documents and settings\Administrator\PrivacIE 2009-09-20 04:12 . 2009-09-20 04:12--------d-sh--w-c:\documents and settings\Administrator\IETldCache 2009-09-19 23:02 . 2009-09-19 23:02319----a-w-C:\drmHeader.bin 2009-09-14 11:29 . 2009-09-24 02:1175732---ha-w-c:\windows\system32\mlfcache.dat 2009-09-14 01:02 . 2009-09-14 01:02--------d-----w-c:\program files\iPhone Configuration Utility 2009-09-14 01:01 . 2009-09-14 01:01--------d-----w-c:\program files\Safari 2009-09-14 00:51 . 2009-09-14 00:53--------d-----w-c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-14 00:43 . 2009-09-14 00:44--------d-----w-c:\program files\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-11 18:07 . 2006-07-01 01:03--------d-----w-c:\program files\Common Files\Symantec Shared 2009-10-10 19:47 . 2006-07-01 01:05--------d-----w-c:\program files\MUSICMATCH 2009-09-27 13:01 . 2009-08-16 17:37--------d-----w-c:\program files\iTunes 2009-09-27 13:00 . 2009-08-16 17:31--------d-----w-c:\program files\Common Files\Apple 2009-09-27 12:56 . 2006-07-01 00:44--------d-----w-c:\program files\Java 2009-09-26 00:20 . 2006-07-05 22:06--------d-----w-c:\documents and settings\Randy\Application Data\ATI 2009-09-26 00:20 . 2006-07-01 00:57--------d-----w-c:\documents and settings\Administrator\Application Data\ATI 2009-09-24 12:52 . 2008-07-09 19:51--------d-----w-c:\documents and settings\Randy\Application Data\AT&T 2009-09-24 12:52 . 2008-07-09 19:50--------d-----w-c:\documents and settings\All Users\Application Data\AT&T 2009-09-24 12:52 . 2008-07-09 19:51--------d-----w-c:\program files\AT&T 2009-09-23 21:12 . 2006-07-01 01:00--------d-----w-c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-21 22:15 . 2006-07-08 14:0891896----a-w-c:\documents and settings\Randy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-21 21:21 . 2006-07-05 23:02--------d-----w-c:\documents and settings\All Users\Application Data\WildTangent 2009-09-21 21:21 . 2006-07-01 01:04--------d-----w-c:\program files\WildTangent 2009-09-15 01:21 . 2009-08-16 17:38--------d-----w-c:\documents and settings\Randy\Application Data\Apple Computer 2009-09-09 12:19 . 2009-01-24 17:39--------d-----w-c:\program files\Microsoft Silverlight 2009-08-28 23:42 . 2009-08-16 17:3240448----a-w-c:\windows\system32\drivers\usbaapl.sys 2009-08-28 23:42 . 2009-08-16 17:322065696----a-w-c:\windows\system32\usbaaplrc.dll 2009-08-17 12:04 . 2009-08-17 12:04--------d-----w-c:\program files\MSBuild 2009-08-17 12:04 . 2009-08-17 12:04--------d-----w-c:\program files\Reference Assemblies 2009-08-16 17:38 . 2009-08-16 17:37--------d-----w-c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-08-16 17:37 . 2009-08-16 17:35--------d-----w-c:\documents and settings\All Users\Application Data\Apple Computer 2009-08-16 17:36 . 2009-08-16 17:36--------d-----w-c:\program files\Bonjour 2009-08-16 17:32 . 2009-08-16 17:32--------d-----w-c:\program files\Apple Software Update 2009-08-16 17:31 . 2009-08-16 17:31--------d-----w-c:\documents and settings\All Users\Application Data\Apple 2009-08-14 13:40 . 2009-08-14 13:40--------d-----w-c:\documents and settings\All Users\Application Data\TomTom 2009-08-14 13:39 . 2009-08-14 13:39--------d-----w-c:\documents and settings\Randy\Application Data\TomTom 2009-08-14 13:39 . 2009-08-14 13:39--------d-----w-c:\program files\TomTom International B.V 2009-08-14 13:39 . 2009-08-14 13:39--------d-----w-c:\program files\TomTom HOME 2 2009-08-14 13:37 . 2009-08-14 13:37--------d-----w-c:\program files\TomTom DesktopSuite 2009-08-05 09:01 . 2004-08-11 22:00204800----a-w-c:\windows\system32\mswebdvd.dll 2009-08-03 19:07 . 2009-08-03 19:07403816----a-w-c:\windows\system32\OGACheckControl.dll 2009-08-03 19:07 . 2009-08-03 19:07322928----a-w-c:\windows\system32\OGAAddin.dll 2009-07-17 19:01 . 2004-08-11 22:0058880----a-w-c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-11 22:00286208----a-w-c:\windows\system32\wmpdxm.dll 2009-01-19 14:36 . 2009-01-19 14:361898----a-w-c:\program files\Daily Planner Plus 6.2.lnk 2006-09-10 16:36 . 2006-09-10 16:3656--sh--r-c:\windows\system32\177D90C9E0.sys 2007-11-25 17:37 . 2006-07-30 16:4788--sh--r-c:\windows\system32\77830626E5.sys 2009-04-13 16:33 . 2006-07-30 16:474496--sha-w-c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( [emailprotected]_18.27.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-11 22:55 . 2009-10-11 22:5516384 c:\windows\Temp\Perflib_Perfdata_c4c.dat + 2009-10-11 22:55 . 2009-10-11 22:5516384 c:\windows\Temp\Perflib_Perfdata_25c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] 2008-01-03 21:4673728----a-w-c:\windows\system32\VirtualExpander\VEShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 68856] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112] "DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-15 185872] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-23 122368] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-24 149280] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] "MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-03-03 1355938] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-30 24576] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecuteREG_MULTI_SZ autocheck autochk /k:C * [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Roxio\\Video Convert 10\\VideoConvert10.exe"= "c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54925:UDP"= 54925:UDP:Brother Network Scanner R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/26/2009 11:40 AM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/26/2009 11:40 AM 20560] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/7/2009 10:31 AM 92008] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 4:53 PM 362992] S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 4:52 PM 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 4:52 PM 166384] S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 4:53 PM 72176] S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 4:52 PM 1083888] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.att.net/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch BAR = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: turbotax.com . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-11 18:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(884) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3104) c:\windows\system32\WININET.dll c:\windows\system32\VirtualExpander\VEShellExt.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\windows\system32\ati2evxx.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\rundll32.exe c:\docume~1\Randy\LOCALS~1\temp\clclean.0001 c:\program files\Brother\ControlCenter3\BrccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfimon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2009-10-11 19:00 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-11 23:00 ComboFix2.txt 2009-10-11 18:31 Pre-Run: 23,064,145,920 bytes free Post-Run: 23,044,698,112 bytes free 326--- E O F ---2009-09-22 02:17 Looking good. Lets clean up a little and run a quick scan to see what's left, if anything. Go ahead and delete any of the special tools and files we downloaded to your desktop. Everything but ComboFix. * Click START then RUN - Vista users PRESS the Windows Key and the R keys for the Run box. * Now type Combofix /u in the runbox * Make sure there's a space between Combofix and /u * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- If you already have Malwarebytes be sure to update it before running the scan! Download Malwarebytes' Anti-Malware (MBAM) Alternate MBAM download link * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to the following: * Update Malwarebytes' Anti-Malware * Launch Malwarebytes' Anti-Malware * Then click Finish * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Also let me know how the computer is running now. ,Well evilfantasy according to this scan looks like you hard work has paid off, but I'll let you tell me...Thank you so much for your dedication in helping folks like me...The MalwareBytes log: Malwarebytes' Anti-Malware 1.41 Database version: 2944 Windows 5.1.2600 Service Pack 3 10/11/2009 8:14:43 PM mbam-log-2009-10-11 (20-14-43).txt Scan type: Quick Scan Objects scanned: 112363 Time elapsed: 5 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Yes it looks good. How is the computer running now?It's running great...thanks so much for your help...I commend you for your tireless efforts...Thank you!!! Do you recommend any specific AV software...I had been running AT&T's until recently when this problem happened...Thanks again...Your welcome. Glad we got it. I've only helped remove that infection once before now and it shows in my instructions. Oh well, next time I know what to and not to do. Avast is one of the best there is. I always recommend it or Avira Antivir. You also might go ahead and run the Kaspersky scan again to see if everything is indeed gone. Malwarebytes and ComboFix aren't virus scanners, they're only antimalware scanners. Here are some other suggestions. Let me know if you have any questions. USE the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. GUIDE: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. I ran Kaspersky Online again and my pc came up clean...what a relief...Again thank you for your help evilfantasy...Sounds good. safe surfing...

Answer»

OK here we go.

Delete Combo-Fix and download a new copy to your desktop. This time don't rename it. http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Driver::
SessionLauncher
DCTDZCF
GGXIX

DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

File::
c:\windows\Tasks\OGALogon.job
c:\windows\system32\OGAEXEC.exe

Folder::
c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
c:\documents and settings\Administrator\Application Data\AVG8
c:\documents and settings\Randy\Local Settings\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\NortonInstaller

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeThanks evilfantasy...Here is the new ComboFix log:

ComboFix 09-10-11.01 - Randy 10/11/2009 18:48.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.393 [GMT -4:00]
Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Randy\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091011-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\OGAEXEC.exe"
"c:\windows\Tasks\OGALogon.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\AVG8
c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
c:\documents and settings\Administrator\Local Settings\Application Data\Symantec\CEDUrl.txt
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\00000349\cltLMS1.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\00000349\cltLMS2.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\00000105\key.txt
c:\documents and settings\All Users\Application Data\Norton\symdata.xml
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h50m14s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h50m14s\Install.2.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h50m14s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h50m14s\NortonInstall-09-20-2009-17h50m14s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\BHCA-0x0770.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\Install.2.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\NortonInstall-09-20-2009-17h52m03s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\SymIMexe-0x0634.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-17h52m03s\tuIH-0x0404.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h07m52s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h07m52s\Install.2.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h07m52s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h07m52s\NortonInstall-09-20-2009-21h07m52s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h09m31s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h09m31s\NortonInstall-09-20-2009-21h09m31s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h10m28s\NortonInstall-09-20-2009-21h10m28s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h14m36s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h14m36s\Install.2.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h14m36s\NortonInstall-09-20-2009-21h14m36s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\BHCA-0x09A8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\Install.2.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\NortonInstall-09-20-2009-21h15m33s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\SymIMexe-0x05A8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-20-2009-21h15m33s\tuIH-0x03A4.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h46m49s\BHCA-0x072C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h46m49s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h46m49s\NortonInstall-09-21-2009-16h46m49s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h46m49s\OCSCtl-0x0228.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h46m49s\SymIMexe-0x0498.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-16h47m42s\NortonInstall-09-21-2009-16h47m42s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h28m54s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h28m54s\Install.2.mft
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h28m54s\Install.2.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h28m54s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h28m54s\NortonInstall-09-21-2009-17h28m54s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\BHCA-0x0254.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\Install.2.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\NortonInstall-09-21-2009-17h30m29s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\SymIMexe-0x0680.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-17h30m29s\tuIH-0x00A0.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h57m26s\BHCA-0x0088.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h57m26s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h57m26s\NortonInstall-09-21-2009-18h57m26s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h57m26s\OCSCtl-0x0384.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h57m26s\SymIMexe-0x0398.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\09-21-2009-18h58m24s\NortonInstall-09-21-2009-18h58m24s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\Url.txt
c:\documents and settings\Randy\Local Settings\Application Data\Symantec
c:\documents and settings\Randy\Local Settings\Application Data\Symantec\CEDUrl.txt
c:\program files\messenger\msmsgs.exe
c:\windows\system32\OGAEXEC.exe
c:\windows\Tasks\OGALogon.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DCTDZCF
-------\Legacy_GGXIX
-------\Legacy_SESSIONLAUNCHER
-------\Service_DCTDZCF
-------\Service_GGXIX
-------\Service_SessionLauncher

((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 )))))))))))))))))))))))))))))))
.

2009-10-11 01:58 . 2009-10-11 01:58--------d-----w-c:\documents and settings\Randy\Application Data\Office Genuine Advantage
2009-10-11 01:15 . 2008-04-14 00:1156320----a-w-c:\windows\eventlog.dll
2009-09-27 13:00 . 2009-09-27 13:00--------d-----w-c:\program files\iPod
2009-09-26 21:53 . 2009-09-26 22:07--------d-----w-c:\program files\Trend Micro
2009-09-26 15:40 . 2009-09-15 10:5452368----a-w-c:\windows\system32\drivers\aswTdi.sys
2009-09-26 15:40 . 2009-09-15 10:5423152----a-w-c:\windows\system32\drivers\aswRdr.sys
2009-09-26 15:40 . 2009-09-15 10:5327408----a-w-c:\windows\system32\drivers\aavmker4.sys
2009-09-26 15:40 . 2009-09-15 10:5397480----a-w-c:\windows\system32\AvastSS.scr
2009-09-26 15:40 . 2009-09-15 10:5693424----a-w-c:\windows\system32\drivers\aswmon.sys
2009-09-26 15:40 . 2009-09-15 10:5694160----a-w-c:\windows\system32\drivers\aswmon2.sys
2009-09-26 15:40 . 2009-09-15 10:55114768----a-w-c:\windows\system32\drivers\aswSP.sys
2009-09-26 15:40 . 2009-09-15 10:5520560----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2009-09-26 15:39 . 2009-09-15 10:591279968----a-w-c:\windows\system32\aswBoot.exe
2009-09-26 15:39 . 2009-09-26 15:39--------d-----w-c:\program files\Alwil Software
2009-09-25 22:19 . 2009-09-25 22:19--------d-----w-C:\VundoFix Backups
2009-09-24 20:47 . 2009-09-24 20:46411368----a-w-c:\windows\system32\deploytk.dll
2009-09-24 12:26 . 2009-09-24 12:26--------d-----w-c:\windows\system32\Service
2009-09-23 21:49 . 2009-09-23 21:49--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-23 21:49 . 2009-09-23 21:49--------d-----w-c:\documents and settings\Randy\Application Data\SUPERAntiSpyware.com
2009-09-23 21:38 . 2009-09-23 21:38--------d-----w-c:\program files\CCleaner
2009-09-22 03:03 . 2009-09-24 04:3370254592--sha-w-C:\NRTPage.sys
2009-09-21 20:59 . 2009-09-21 20:5991896----a-w-c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-21 20:46 . 2009-09-21 20:46--------d-----w-c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-09-21 02:48 . 2009-09-25 22:07--------d-----w-c:\documents and settings\All Users\Application Data\PC Tools
2009-09-21 01:18 . 2009-09-21 01:18--------d-----w-c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-20 21:54 . 2009-09-20 21:54--------d-----w-c:\documents and settings\Randy\Local Settings\Application Data\Downloaded Installations
2009-09-20 21:25 . 2009-09-20 21:25--------d-----w-c:\documents and settings\Randy\Application Data\Malwarebytes
2009-09-20 20:35 . 2009-09-25 22:07--------d---a-w-c:\documents and settings\All Users\Application Data\TEMP
2009-09-20 20:25 . 2009-09-20 20:25--------d-----w-c:\documents and settings\Administrator\Application Data\AT&T
2009-09-20 20:22 . 2009-09-20 20:22--------d-----w-c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-20 20:22 . 2009-09-20 20:22--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-20 20:20 . 2009-09-20 20:20--------d-sh--w-c:\documents and settings\Administrator\PrivacIE
2009-09-20 04:12 . 2009-09-20 04:12--------d-sh--w-c:\documents and settings\Administrator\IETldCache
2009-09-19 23:02 . 2009-09-19 23:02319----a-w-C:\drmHeader.bin
2009-09-14 11:29 . 2009-09-24 02:1175732---ha-w-c:\windows\system32\mlfcache.dat
2009-09-14 01:02 . 2009-09-14 01:02--------d-----w-c:\program files\iPhone Configuration Utility
2009-09-14 01:01 . 2009-09-14 01:01--------d-----w-c:\program files\Safari
2009-09-14 00:51 . 2009-09-14 00:53--------d-----w-c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 00:43 . 2009-09-14 00:44--------d-----w-c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 18:07 . 2006-07-01 01:03--------d-----w-c:\program files\Common Files\Symantec Shared
2009-10-10 19:47 . 2006-07-01 01:05--------d-----w-c:\program files\MUSICMATCH
2009-09-27 13:01 . 2009-08-16 17:37--------d-----w-c:\program files\iTunes
2009-09-27 13:00 . 2009-08-16 17:31--------d-----w-c:\program files\Common Files\Apple
2009-09-27 12:56 . 2006-07-01 00:44--------d-----w-c:\program files\Java
2009-09-26 00:20 . 2006-07-05 22:06--------d-----w-c:\documents and settings\Randy\Application Data\ATI
2009-09-26 00:20 . 2006-07-01 00:57--------d-----w-c:\documents and settings\Administrator\Application Data\ATI
2009-09-24 12:52 . 2008-07-09 19:51--------d-----w-c:\documents and settings\Randy\Application Data\AT&T
2009-09-24 12:52 . 2008-07-09 19:50--------d-----w-c:\documents and settings\All Users\Application Data\AT&T
2009-09-24 12:52 . 2008-07-09 19:51--------d-----w-c:\program files\AT&T
2009-09-23 21:12 . 2006-07-01 01:00--------d-----w-c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-21 22:15 . 2006-07-08 14:0891896----a-w-c:\documents and settings\Randy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-21 21:21 . 2006-07-05 23:02--------d-----w-c:\documents and settings\All Users\Application Data\WildTangent
2009-09-21 21:21 . 2006-07-01 01:04--------d-----w-c:\program files\WildTangent
2009-09-15 01:21 . 2009-08-16 17:38--------d-----w-c:\documents and settings\Randy\Application Data\Apple Computer
2009-09-09 12:19 . 2009-01-24 17:39--------d-----w-c:\program files\Microsoft Silverlight
2009-08-28 23:42 . 2009-08-16 17:3240448----a-w-c:\windows\system32\drivers\usbaapl.sys
2009-08-28 23:42 . 2009-08-16 17:322065696----a-w-c:\windows\system32\usbaaplrc.dll
2009-08-17 12:04 . 2009-08-17 12:04--------d-----w-c:\program files\MSBuild
2009-08-17 12:04 . 2009-08-17 12:04--------d-----w-c:\program files\Reference Assemblies
2009-08-16 17:38 . 2009-08-16 17:37--------d-----w-c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-16 17:37 . 2009-08-16 17:35--------d-----w-c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-16 17:36 . 2009-08-16 17:36--------d-----w-c:\program files\Bonjour
2009-08-16 17:32 . 2009-08-16 17:32--------d-----w-c:\program files\Apple Software Update
2009-08-16 17:31 . 2009-08-16 17:31--------d-----w-c:\documents and settings\All Users\Application Data\Apple
2009-08-14 13:40 . 2009-08-14 13:40--------d-----w-c:\documents and settings\All Users\Application Data\TomTom
2009-08-14 13:39 . 2009-08-14 13:39--------d-----w-c:\documents and settings\Randy\Application Data\TomTom
2009-08-14 13:39 . 2009-08-14 13:39--------d-----w-c:\program files\TomTom International B.V
2009-08-14 13:39 . 2009-08-14 13:39--------d-----w-c:\program files\TomTom HOME 2
2009-08-14 13:37 . 2009-08-14 13:37--------d-----w-c:\program files\TomTom DesktopSuite
2009-08-05 09:01 . 2004-08-11 22:00204800----a-w-c:\windows\system32\mswebdvd.dll
2009-08-03 19:07 . 2009-08-03 19:07403816----a-w-c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07322928----a-w-c:\windows\system32\OGAAddin.dll
2009-07-17 19:01 . 2004-08-11 22:0058880----a-w-c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-11 22:00286208----a-w-c:\windows\system32\wmpdxm.dll
2009-01-19 14:36 . 2009-01-19 14:361898----a-w-c:\program files\Daily Planner Plus 6.2.lnk
2006-09-10 16:36 . 2006-09-10 16:3656--sh--r-c:\windows\system32\177D90C9E0.sys
2007-11-25 17:37 . 2006-07-30 16:4788--sh--r-c:\windows\system32\77830626E5.sys
2009-04-13 16:33 . 2006-07-30 16:474496--sha-w-c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [emailprotected]_18.27.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-11 22:55 . 2009-10-11 22:5516384 c:\windows\Temp\Perflib_Perfdata_c4c.dat
+ 2009-10-11 22:55 . 2009-10-11 22:5516384 c:\windows\Temp\Perflib_Perfdata_25c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2008-01-03 21:4673728----a-w-c:\windows\system32\VirtualExpander\VEShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-07 247144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-15 185872]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-23 122368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-24 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2006-03-03 1355938]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-30 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk /k:C *

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Roxio\\Video Convert 10\\VideoConvert10.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/26/2009 11:40 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/26/2009 11:40 AM 20560]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/7/2009 10:31 AM 92008]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 4:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 4:52 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 4:52 PM 166384]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 4:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 4:52 PM 1083888]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch BAR = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 18:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3104)
c:\windows\system32\WININET.dll
c:\windows\system32\VirtualExpander\VEShellExt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\docume~1\Randy\LOCALS~1\temp\clclean.0001
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-11 19:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-11 23:00
ComboFix2.txt 2009-10-11 18:31

Pre-Run: 23,064,145,920 bytes free
Post-Run: 23,044,698,112 bytes free

326--- E O F ---2009-09-22 02:17
Looking good. Lets clean up a little and run a quick scan to see what's left, if anything.

Go ahead and delete any of the special tools and files we downloaded to your desktop. Everything but ComboFix.

* Click START then RUN - Vista users PRESS the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:

* Update Malwarebytes' Anti-Malware
* Launch Malwarebytes' Anti-Malware

* Then click Finish
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Also let me know how the computer is running now.

,Well evilfantasy according to this scan looks like you hard work has paid off, but I'll let you tell me...Thank you so much for your dedication in helping folks like me...The MalwareBytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2944
Windows 5.1.2600 Service Pack 3

10/11/2009 8:14:43 PM
mbam-log-2009-10-11 (20-14-43).txt

Scan type: Quick Scan
Objects scanned: 112363
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Yes it looks good.

How is the computer running now?It's running great...thanks so much for your help...I commend you for your tireless efforts...Thank you!!! Do you recommend any specific AV software...I had been running AT&T's until recently when this problem happened...Thanks again...Your welcome. Glad we got it. I've only helped remove that infection once before now and it shows in my instructions. Oh well, next time I know what to and not to do.

Avast is one of the best there is. I always recommend it or Avira Antivir.

You also might go ahead and run the Kaspersky scan again to see if everything is indeed gone. Malwarebytes and ComboFix aren't virus scanners, they're only antimalware scanners.

Here are some other suggestions. Let me know if you have any questions.

USE the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. GUIDE: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

I ran Kaspersky Online again and my pc came up clean...what a relief...Again thank you for your help evilfantasy...Sounds good.

safe surfing...

Solve : Still Infected after following the first thread?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment