need help asap problems with virus

Unknown · June 2009

Hi i recently have been having problems with my computer. My norton antivirus has notified me of a trojan and a bloodhound.PDF it say it blocks it but the notification comes up everytime i turn on the computer. a popup labeled url.urtbk keeps coming up too. i cant access gmail and the computer is sluggish. can anyone help thanks in advance here is my updated HJL
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:17 PM, on 6/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: agcore.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: precisead - {594bfff8-0c29-4e0d-42c2-89b5e6bcb8fa} - C:\Windows\system32\nsn5506.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: precisead browser enhancer - {FA4AD251-0120-C110-FC9F-F31CC113A74D} - C:\Windows\system32\iexjqmewqubntjcxl.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: egreetings Toolbar - {9df9b682-9c18-4a01-bac3-a265ca7cd866} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [qfyklspjim] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\iexjqmewqubntjcxl.dll"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\Windows\System32\dlcxutil32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.0\AGCoreService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 11950 bytes

Trogan · June 2009

Hi,

Please do the following...

1. Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT!!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

TonyPC · June 2009

here is my combofix log

ComboFix 09-06-23.01 - Tony 06/24/2009 20:51.1 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2103 [GMT -5:00]
Running from: c:\users\Tony\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-3731822803-1114772756-532019640-500
c:\program files\Mozilla Firefox\Components\9d9646b0-e5c9-9c15-7bd6-74e2f0ae816a.dll
c:\windows\system32\81392971-2ee2-5c59-99a5-ab5077dfddf9.exe
c:\windows\system32\bKdiKc1XL4Csfus.vbs
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500\desktop.ini
c:\$recycle.bin\S-1-5-21-3731822803-1114772756-532019640-500\desktop.ini
c:\users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\1394.tmp
c:\users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\7B96.tmp
c:\users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\88DE.tmp
c:\users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\8939fdff-4947-49a4-e2e4-babbbbc09c68
c:\users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\CE76.tmp
c:\users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\E751.tmp
c:\users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\F1FF.tmp
c:\users\Tony\AppData\Roaming\02000000293580f4620C.manifest
c:\users\Tony\AppData\Roaming\02000000293580f4620O.manifest
c:\users\Tony\AppData\Roaming\02000000293580f4620P.manifest
c:\users\Tony\AppData\Roaming\02000000293580f4620S.manifest
c:\users\Tony\AppData\Roaming\inst.exe
c:\windows\system32\dlcxutil32.dll
c:\windows\system32\iexjqmewqubntjcxl.dll
c:\windows\system32\rrcsqjwlybtexldmm.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-24 18:11 . 2009-05-13 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\NAVENG.SYS
2009-06-24 18:11 . 2009-05-13 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\NAVEX15.SYS
2009-06-24 18:11 . 2009-05-13 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\NAVENG32.DLL
2009-06-24 18:11 . 2009-05-13 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\NAVEX32A.DLL
2009-06-24 18:11 . 2009-05-13 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\ERASER.SYS
2009-06-24 18:11 . 2009-05-13 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\EECTRL.SYS
2009-06-24 18:11 . 2009-05-13 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\CCERASER.DLL
2009-06-24 18:11 . 2008-11-20 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090624.003\ECMSVR32.DLL
2009-06-22 19:20 . 2009-06-22 19:20

d

w- c:\program files\Trend Micro
2009-06-22 17:50 . 2009-05-13 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090622.002\NAVENG.SYS
2009-06-22 17:50 . 2009-05-13 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090622.002\NAVEX15.SYS
2009-06-22 17:50 . 2009-05-13 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090622.002\EECTRL.SYS
2009-06-22 17:50 . 2009-05-13 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090622.002\CCERASER.DLL
2009-06-22 17:50 . 2009-05-13 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090622.002\NAVENG32.DLL
2009-06-22 17:50 . 2009-05-13 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090622.002\NAVEX32A.DLL
2009-06-22 17:50 . 2009-05-13 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090622.002\ERASER.SYS
2009-06-22 17:50 . 2008-11-20 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090622.002\ECMSVR32.DLL
2009-06-22 02:07 . 2009-06-22 02:07

d

w- c:\programdata\SlySoft
2009-06-22 02:03 . 2009-06-22 02:03

d

w- c:\program files\SlySoft
2009-06-22 01:17 . 2009-06-22 01:40

d

w- c:\users\Tony\AppData\Roaming\Any Video Converter
2009-06-21 21:08 . 2009-06-21 21:22 47360 ----a-w- c:\users\Tony\AppData\Roaming\pcouffin.sys
2009-06-21 21:08 . 2009-06-21 21:22

d

w- c:\users\Tony\AppData\Roaming\Vso
2009-06-21 21:08 . 2009-06-21 21:08 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-20 03:54 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\Scxpx86.dll
2009-06-20 03:54 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSvix86.sys
2009-06-20 03:54 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSCo.sys
2009-06-20 03:54 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSxpx86.dll
2009-06-20 03:54 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSI.dll
2009-06-20 03:54 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSviA64.sys
2009-06-20 03:54 . 2008-06-04 22:26 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDS9xx86.dll
2009-06-13 04:19 . 2009-06-13 04:19

d

w- c:\users\Tony\AppData\Roaming\DivX
2009-06-13 04:10 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 04:10 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-13 03:34 . 2009-06-13 03:56

d

w- C:\divx
2009-06-13 03:32 . 2009-06-13 03:32

d

w- c:\program files\Common Files\DivX Shared
2009-06-13 03:32 . 2009-06-13 15:41

d

w- c:\program files\DivX
2009-06-13 01:51 . 2009-06-13 01:51

d

w- c:\users\Tony\AppData\Roaming\Red Kawa
2009-06-12 23:48 . 2009-06-12 23:48

d

w- c:\program files\AviSynth 2.5
2009-06-12 23:48 . 2009-06-12 23:48

d

w- c:\program files\Red Kawa
2009-06-12 23:31 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\Scxpx86.dll
2009-06-12 23:31 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSvix86.sys
2009-06-12 23:31 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSCo.sys
2009-06-12 23:31 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSxpx86.dll
2009-06-12 23:31 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSI.dll
2009-06-12 23:31 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSviA64.sys
2009-06-12 23:31 . 2008-06-04 22:26 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDS9xx86.dll
2009-06-12 23:13 . 2009-06-12 23:13

d

w- c:\program files\DVD Decrypter
2009-06-06 15:04 . 2009-05-13 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp7d4b.tmp\NAVENG.SYS
2009-06-06 15:04 . 2009-05-13 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp7d4b.tmp\NAVEX15.SYS
2009-06-06 15:04 . 2009-05-13 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp7d4b.tmp\EECTRL.SYS
2009-06-06 15:04 . 2009-05-13 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp7d4b.tmp\CCERASER.DLL
2009-06-06 15:04 . 2009-05-13 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp7d4b.tmp\NAVENG32.DLL
2009-06-06 15:04 . 2009-05-13 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp7d4b.tmp\NAVEX32A.DLL
2009-06-06 15:04 . 2009-05-13 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp7d4b.tmp\ERASER.SYS
2009-06-06 15:04 . 2008-11-20 09:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp7d4b.tmp\ECMSVR32.DLL
2009-06-06 15:03 . 2009-06-05 23:10 1284 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp10af.tmp\cur.scr
2009-05-27 17:12 . 2009-05-27 17:12

d

w- c:\users\Tony\AppData\Local\Mozilla
2009-05-27 16:34 . 2009-05-27 16:34

d

w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 18:09 . 2008-10-15 22:58

d

w- c:\program files\Image-Line
2009-06-22 18:09 . 2008-10-15 23:01

d

w- c:\program files\VstPlugins
2009-06-22 03:22 . 2008-10-16 02:53

d

w- c:\users\Tony\AppData\Roaming\LimeWire
2009-06-21 23:26 . 2008-07-04 23:11

d

w- c:\program files\Roxio
2009-06-13 15:02 . 2008-07-04 23:12

d

w- c:\program files\Common Files\PX Storage Engine
2009-06-13 15:01 . 2009-04-04 02:28

d

w- c:\program files\Common Files\AVSMedia
2009-06-13 15:00 . 2008-07-14 15:47 58896 ----a-w- c:\users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-13 14:55 . 2009-04-04 02:28

d

w- c:\users\Tony\AppData\Roaming\AVS4YOU
2009-06-12 23:12 . 2008-07-14 17:20 7620 ----a-w- c:\users\Tony\AppData\Local\d3d9caps.dat
2009-06-11 18:07 . 2008-07-04 23:05

d

w- c:\programdata\Microsoft Help
2009-05-27 16:56 . 2008-09-16 02:22

d

w- c:\program files\Safari
2009-05-13 08:00 . 2006-11-02 11:18

d

w- c:\program files\Windows Mail
2009-05-13 08:00 . 2009-05-13 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2009-05-13 08:00 . 2009-05-13 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2009-05-13 08:00 . 2009-05-13 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\EECTRL.SYS
2009-05-13 08:00 . 2009-05-13 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2009-05-13 08:00 . 2009-05-13 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG32.DLL
2009-05-13 08:00 . 2009-05-13 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX32A.DLL
2009-05-13 08:00 . 2009-05-13 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.SYS
2009-05-05 19:34 . 2008-07-04 23:07

d

w- c:\program files\Google
2009-05-05 02:02 . 2008-07-04 23:13

d

w- c:\programdata\Symantec
2009-05-01 23:52 . 2009-05-01 23:52

d

w- c:\program files\EG Toolbar
2009-05-01 23:51 . 2009-05-01 23:51

d

w- c:\program files\AGI
2009-05-01 23:51 . 2009-05-01 23:51

d

w- c:\programdata\AGI
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-01 05:19 . 2009-05-01 05:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-24 16:05 . 2009-06-11 16:24 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 16:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 16:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-11 16:24 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 16:24 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 16:24 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 02:58 . 2009-04-16 02:58 69632 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 4.28.17.0\SetupAdmin.exe
2009-04-10 10:05 . 2009-04-10 10:05 710656 ----a-w- c:\windows\system32\nsn5506.dll
2009-04-01 04:07 . 2009-04-01 04:07 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-04 23:10 . 2008-07-04 23:10 76 --sh--r- c:\windows\CT4CET.bin
2008-07-05 01:42 . 2008-07-05 01:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{594bfff8-0c29-4e0d-42c2-89b5e6bcb8fa}]
2009-04-10 10:05 710656 ----a-w- c:\windows\System32\nsn5506.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-11 163840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-03-14 442433]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-04 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-26 699456]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]

c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-04 23:16 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D052325F-4BB1-4A73-B28F-13DC3A145922}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C869460F-FEFA-402B-B636-861D67D3B0DA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6BCD244E-894A-4374-8513-4A6F155D909D}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{434DDE75-FED3-4BF4-A382-20C30308872D}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{353FD763-77F0-452D-80EF-DF59C028CFCB}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{9CE949B5-2A1C-48A1-A612-AFB23C813F6D}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{268D940B-202D-4B59-BBD6-40FAE51840B8}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{380B0A3A-A567-47FD-884E-242B7D4CBAD0}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{BA620BA4-348C-4CD3-B334-555D2FA2DB55}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EC7325B7-AA98-4829-9141-011C1BEE929B}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3F5656FA-32F4-455D-8B20-5001184D1D6A}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{574D6260-0B7E-472E-9E8C-304D425C8574}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{7AE652D8-F277-4440-9C70-C33F4E74CCE1}"= UDP:c:\windows\System32\dlcxcoms.exe:Dell 926 Server
"{3D20F299-749E-4FFA-A023-F88DEF47DE30}"= TCP:c:\windows\System32\dlcxcoms.exe:Dell 926 Server
"{305858BC-E7B8-46B7-AA14-9E4C9EEA1375}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{29728F04-7094-4373-B2CC-DD084D2DE3BC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2938310D-9D46-4470-A0FD-62A619009E96}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{25B767AD-E06F-469C-AAE6-EE7714F62CCD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{6E0734E9-7033-4CC7-BF79-EECB188B09AB}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{3BE9ECDD-BB6F-43DC-AC73-A2740DE6D92E}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{3110B33F-E035-4057-B6D4-1A827CEF353A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1DBA3A72-92BD-41B5-94F2-A2BED231E701}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7883B24F-32D9-44D1-9021-FEA6E9AC6921}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89FEFDFC-137A-43BB-B836-1F873CB2727E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5E4587BF-B4B7-4CB4-A85C-5CE235A44EDA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4BB8BAB6-DC86-49EC-BA67-A135C2D301C3}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090618.001\IDSvix86.sys [6/19/2009 10:54 PM 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\AEstSrv.exe [7/4/2008 8:43 PM 73728]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\3.0\AGCoreService.exe [5/1/2009 6:51 PM 40960]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2/29/2008 4:37 AM 1053944]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 4:56 PM 161048]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [12/27/2007 11:49 PM 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/14/2008 10:51 AM 24652]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [7/4/2008 8:43 PM 548352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 8:59 PM 101936]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [7/4/2008 8:43 PM 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [7/4/2008 8:43 PM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [7/4/2008 8:43 PM 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [7/4/2008 8:43 PM 277624]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 11:31 AM 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [12/27/2007 11:41 PM 23888]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\System32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\System32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Tony.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-12-28 04:41]
.
- - - - ORPHANS REMOVED - - - -

BHO-{FA4AD251-0120-C110-FC9F-F31CC113A74D} - c:\windows\system32\iexjqmewqubntjcxl.dll
HKCU-Run-Aim6 - (no file)
HKLM-Run-qfyklspjim - c:\windows\system32\iexjqmewqubntjcxl.dll

.

Supplementary Scan

.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\tdm88064.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 20:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(1488)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
.

Other Running Processes

.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\wlanext.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\dlcxcoms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-25 21:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 02:04

Pre-Run: 136,557,043,712 bytes free
Post-Run: 137,279,275,008 bytes free

319 --- E O F --- 2009-06-13 14:41

TonyPC · June 2009

seems like everything is now in working order no more popups and i can access all sites thanks again for the help

Trogan · June 2009

Hi,

That is good to hear, but we have a little work to do to make sure the computer is clean.

Please do the following...

1.

Go to VirusTotal
Copy and paste the following file path into the Search Box in the middle of the page:
- c:\windows\System32\nsn5506.dll
Now click on the Send File button
NOTE:
If you come to the "File has already been analysed:" page, select "Reanalyse file now" to get a fresh scan.

[*]Save a copy of the Anti-Virus results only. Post the results in your next reply.

2. Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

3. I need to see another log from HijackThis.

Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button.
Save the file to your desktop, with the default name of uninstall_list
Copy & Paste the entire contents of that file in your in your next post.

4. Please post the following...

VirusTotal report
Uninstall list
Malwarebytes log
New HijackThis log

TonyPC · June 2009

1) New update when i started my computer it didd not start and it advised me to have the computer start from an old restore point so i had to reinstall hijackthis and combofix. i ran combofix again just incase . Not sure if this affected anything just letting you know.
2) When i tried to use VirusTotal it said it could not find the file c:\windows\System32\nsn5506.dll
3) i ran everything else and produced those logs below

here is the malwarebytes log
Malwarebytes' Anti-Malware 1.38
Database version: 2341
Windows 6.0.6001 Service Pack 1

6/27/2009 10:00:00 AM
mbam-log-2009-06-27 (10-00-00).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 192534
Time elapsed: 47 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\Windows\System32\dlcxutil32.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.

Here is the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:17 PM, on 6/22/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: agcore.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: precisead - {594bfff8-0c29-4e0d-42c2-89b5e6bcb8fa} - C:\Windows\system32\nsn5506.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: precisead browser enhancer - {FA4AD251-0120-C110-FC9F-F31CC113A74D} - C:\Windows\system32\iexjqmewqubntjcxl.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: egreetings Toolbar - {9df9b682-9c18-4a01-bac3-a265ca7cd866} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [qfyklspjim] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\iexjqmewqubntjcxl.dll"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\Windows\System32\dlcxutil32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.0\AGCoreService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 11950 bytes

And here is the Uninstall List

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Advanced Audio FX Engine
AIM 6
AOL Install
AppCore
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
AuthenTec Fingerprint System
AviSynth 2.5
Banctec Service Agreement
Bonjour
Browser Address Error Redirector
Catalyst Control Center - Branding
ccCommon
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Component Framework
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Video Chat (remove only)
Dell Webcam Central
Dell Wireless WLAN Card Utility
DigitalPersona Personal 3.0.1
DivX Codec
DivX Web Player
DVD Decrypter (Remove Only)
EarthLink Setup Files
EDocs
eGreetings.com Toolbar
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
HijackThis 2.0.2
HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
IL Download Manager
Integrated Webcam Driver (1.00.08.0216)
Intel(R) Matrix Storage Manager
iPod for Windows 2006-01-10
ITECIR Driver
iTunes
Java(TM) 6 Update 5
Live! Cam Avatar Creator
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
MediaDirect
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
MobileMe Control Panel
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
NetZeroInstallers
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
SPBBC 32bit
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Videora iPod Converter 4.07
Viewpoint Media Player
Windows Live Mail
Windows Live Photo Gallery
Windows Live Writer

Trogan · June 2009

Could you post the new ComboFix log since you ran it again. It should be named ComboFix2.txt.

TonyPC · June 2009

Trogan wrote:

Could you post the new ComboFix log since you ran it again. It should be named ComboFix2.txt.

ComboFix 09-06-26.02 - Tony 06/27/2009 8:12.1 - NTFSx86
MicrosoftÂ® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2091 [GMT -5:00]
Running from: c:\users\Tony\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Tony\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-26 18:41 . 2098-01-01 05:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVEX32A.DLL
2009-06-26 18:41 . 2098-01-01 05:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVENG.SYS
2009-06-26 18:41 . 2098-01-01 05:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVEX15.SYS
2009-06-26 18:41 . 2098-01-01 05:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\EECTRL.SYS
2009-06-26 18:41 . 2098-01-01 05:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\ECMSVR32.DLL
2009-06-26 18:41 . 2098-01-01 05:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\CCERASER.DLL
2009-06-26 18:41 . 2098-01-01 05:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\NAVENG32.DLL
2009-06-26 18:41 . 2098-01-01 05:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090626.016\ERASER.SYS
2009-06-26 15:38 . 2098-01-01 05:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.039\NAVENG.SYS
2009-06-26 15:38 . 2098-01-01 05:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.039\NAVEX15.SYS
2009-06-26 15:38 . 2098-01-01 05:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.039\EECTRL.SYS
2009-06-26 15:38 . 2098-01-01 05:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.039\ECMSVR32.DLL
2009-06-26 15:38 . 2098-01-01 05:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.039\CCERASER.DLL
2009-06-26 15:38 . 2098-01-01 05:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.039\NAVENG32.DLL
2009-06-26 15:38 . 2098-01-01 05:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.039\NAVEX32A.DLL
2009-06-26 15:38 . 2098-01-01 05:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090625.039\ERASER.SYS
2009-06-25 18:11 . 2098-01-01 05:00 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2009-06-25 18:11 . 2098-01-01 05:00 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2009-06-25 18:11 . 2098-01-01 05:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\EECTRL.SYS
2009-06-25 18:11 . 2098-01-01 05:00 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-06-25 18:11 . 2098-01-01 05:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2009-06-25 18:11 . 2098-01-01 05:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG32.DLL
2009-06-25 18:11 . 2098-01-01 05:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX32A.DLL
2009-06-25 18:11 . 2098-01-01 05:00 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.SYS
2009-06-25 17:31 . 2009-06-25 17:32

d

w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-25 17:31 . 2009-06-25 17:32

d

w- c:\program files\iTunes(361)
2009-06-25 17:29 . 2009-06-25 17:30

d

w- c:\program files\QuickTime(384)
2009-06-22 19:20 . 2009-06-22 19:20

d

w- c:\program files\Trend Micro
2009-06-22 02:07 . 2009-06-22 02:07

d

w- c:\programdata\SlySoft
2009-06-22 01:17 . 2009-06-22 01:40

d

w- c:\users\Tony\AppData\Roaming\Any Video Converter
2009-06-21 21:08 . 2009-06-21 21:22 47360 ----a-w- c:\users\Tony\AppData\Roaming\pcouffin.sys
2009-06-21 21:08 . 2009-06-21 21:22

d

w- c:\users\Tony\AppData\Roaming\Vso
2009-06-21 21:08 . 2009-06-21 21:08 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-20 03:54 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\Scxpx86.dll
2009-06-20 03:54 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSvix86.sys
2009-06-20 03:54 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSCo.sys
2009-06-20 03:54 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSxpx86.dll
2009-06-20 03:54 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\SymIDSI.dll
2009-06-20 03:54 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDSviA64.sys
2009-06-20 03:54 . 2008-06-04 22:26 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090618.001\IDS9xx86.dll
2009-06-18 02:41 . 2009-06-25 18:08

d

w- c:\program files\LimeWire
2009-06-13 04:19 . 2009-06-13 04:19

d

w- c:\users\Tony\AppData\Roaming\DivX
2009-06-13 04:10 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 04:10 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-13 03:34 . 2009-06-13 03:56

d

w- C:\divx
2009-06-13 03:32 . 2009-06-13 03:32

d

w- c:\program files\Common Files\DivX Shared
2009-06-13 03:32 . 2009-06-13 15:41

d

w- c:\program files\DivX
2009-06-13 01:51 . 2009-06-13 01:51

d

w- c:\users\Tony\AppData\Roaming\Red Kawa
2009-06-12 23:48 . 2009-06-12 23:48

d

w- c:\program files\AviSynth 2.5
2009-06-12 23:48 . 2009-06-12 23:48

d

w- c:\program files\Red Kawa
2009-06-12 23:31 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\Scxpx86.dll
2009-06-12 23:31 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSvix86.sys
2009-06-12 23:31 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSCo.sys
2009-06-12 23:31 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSxpx86.dll
2009-06-12 23:31 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\SymIDSI.dll
2009-06-12 23:31 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDSviA64.sys
2009-06-12 23:31 . 2008-06-04 22:26 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090610.001\IDS9xx86.dll
2009-06-12 23:13 . 2009-06-12 23:13

d

w- c:\program files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 13:06 . 2008-10-15 22:58

d

w- c:\program files\Image-Line
2009-06-27 13:05 . 2008-10-15 23:01

d

w- c:\program files\VstPlugins
2009-06-25 21:03 . 2008-07-04 23:11

d

w- c:\program files\Roxio
2009-06-25 21:03 . 2008-07-04 23:05

d

w- c:\programdata\Microsoft Help
2009-06-25 21:03 . 2008-07-04 23:07

d

w- c:\program files\Microsoft Works
2009-06-25 21:03 . 2008-07-04 23:16

d

w- c:\program files\EarthLink Setup
2009-06-25 21:03 . 2008-07-04 23:13

d

w- c:\program files\Common Files\SureThing Shared
2009-06-25 21:03 . 2008-07-04 23:02

d

w- c:\program files\Fingerprint Sensor
2009-06-25 21:03 . 2008-08-11 18:08

d

w- c:\program files\Common Files\Apple
2009-06-25 20:07 . 2008-09-16 02:22

d

w- c:\program files\Safari
2009-06-25 20:05 . 2009-04-01 04:23

d

w- c:\program files\QuickTime
2009-06-25 18:34 . 2009-04-01 04:25

d

w- c:\program files\iTunes
2009-06-25 17:31 . 2008-07-14 17:32

d

w- c:\program files\iPod
2009-06-22 03:22 . 2008-10-16 02:53

d

w- c:\users\Tony\AppData\Roaming\LimeWire
2009-06-13 15:02 . 2008-07-04 23:12

d

w- c:\program files\Common Files\PX Storage Engine
2009-06-13 15:01 . 2009-04-04 02:28

d

w- c:\program files\Common Files\AVSMedia
2009-06-13 15:00 . 2008-07-14 15:47 58896 ----a-w- c:\users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-13 14:55 . 2009-04-04 02:28

d

w- c:\users\Tony\AppData\Roaming\AVS4YOU
2009-06-12 23:12 . 2008-07-14 17:20 7620 ----a-w- c:\users\Tony\AppData\Local\d3d9caps.dat
2009-05-27 16:34 . 2009-05-27 16:34

d

w- c:\program files\Microsoft Silverlight
2009-05-13 08:00 . 2006-11-02 11:18

d

w- c:\program files\Windows Mail
2009-05-05 19:34 . 2008-07-04 23:07

d

w- c:\program files\Google
2009-05-05 02:02 . 2008-07-04 23:13

d

w- c:\programdata\Symantec
2009-05-01 23:52 . 2009-05-01 23:52

d

w- c:\program files\EG Toolbar
2009-05-01 23:51 . 2009-05-01 23:51

d

w- c:\program files\AGI
2009-05-01 23:51 . 2009-05-01 23:51

d

w- c:\programdata\AGI
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-01 05:19 . 2009-05-01 05:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-24 16:05 . 2009-06-11 16:24 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 16:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 16:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-11 16:24 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 16:24 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 16:24 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 02:58 . 2009-04-16 02:58 69632 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 4.28.17.0\SetupAdmin.exe
2009-04-01 04:07 . 2009-04-01 04:07 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-04 23:10 . 2008-07-04 23:10 76 --sha-r- c:\windows\CT4CET.bin
2008-07-05 01:42 . 2008-07-05 01:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-04 68856]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-11 163840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-03-14 442433]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-04 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-26 699456]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-04 23:16 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D052325F-4BB1-4A73-B28F-13DC3A145922}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C869460F-FEFA-402B-B636-861D67D3B0DA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6BCD244E-894A-4374-8513-4A6F155D909D}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{434DDE75-FED3-4BF4-A382-20C30308872D}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:Dell Video Chat
"{353FD763-77F0-452D-80EF-DF59C028CFCB}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{9CE949B5-2A1C-48A1-A612-AFB23C813F6D}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{268D940B-202D-4B59-BBD6-40FAE51840B8}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{380B0A3A-A567-47FD-884E-242B7D4CBAD0}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{BA620BA4-348C-4CD3-B334-555D2FA2DB55}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EC7325B7-AA98-4829-9141-011C1BEE929B}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3F5656FA-32F4-455D-8B20-5001184D1D6A}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{574D6260-0B7E-472E-9E8C-304D425C8574}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{7AE652D8-F277-4440-9C70-C33F4E74CCE1}"= UDP:c:\windows\System32\dlcxcoms.exe:Dell 926 Server
"{3D20F299-749E-4FFA-A023-F88DEF47DE30}"= TCP:c:\windows\System32\dlcxcoms.exe:Dell 926 Server
"{305858BC-E7B8-46B7-AA14-9E4C9EEA1375}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{29728F04-7094-4373-B2CC-DD084D2DE3BC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6E0734E9-7033-4CC7-BF79-EECB188B09AB}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{3BE9ECDD-BB6F-43DC-AC73-A2740DE6D92E}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{3110B33F-E035-4057-B6D4-1A827CEF353A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1DBA3A72-92BD-41B5-94F2-A2BED231E701}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7883B24F-32D9-44D1-9021-FEA6E9AC6921}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89FEFDFC-137A-43BB-B836-1F873CB2727E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5E4587BF-B4B7-4CB4-A85C-5CE235A44EDA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4BB8BAB6-DC86-49EC-BA67-A135C2D301C3}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2938310D-9D46-4470-A0FD-62A619009E96}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{25B767AD-E06F-469C-AAE6-EE7714F62CCD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090618.001\IDSvix86.sys [6/19/2009 10:54 PM 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\AEstSrv.exe [7/4/2008 8:43 PM 73728]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\3.0\AGCoreService.exe [5/1/2009 6:51 PM 40960]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2/29/2008 4:37 AM 1053944]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 4:56 PM 161048]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [12/27/2007 11:49 PM 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/14/2008 10:51 AM 24652]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [7/4/2008 8:43 PM 548352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2009 1:11 PM 101936]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [7/4/2008 8:43 PM 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [7/4/2008 8:43 PM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [7/4/2008 8:43 PM 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [7/4/2008 8:43 PM 277624]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 11:31 AM 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [12/27/2007 11:41 PM 23888]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\System32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\System32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Tony.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-12-28 04:41]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\tdm88064.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 08:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2009-06-27 8:19
ComboFix-quarantined-files.txt 2009-06-27 13:19
ComboFix2.txt 2009-06-25 02:04

Pre-Run: 139,040,022,528 bytes free
Post-Run: 139,255,463,936 bytes free

266 --- E O F --- 2009-06-13 14:41

Trogan · July 2009

Hi,

Please do the following...

1. Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

Java(TM) 6 Update 5

Then, download and install Java SE Runtime Environment (JRE) 6 Update 14.

2. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: agcore.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)

O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: precisead - {594bfff8-0c29-4e0d-42c2-89b5e6bcb8fa} - C:\Windows\system32\nsn5506.dll
O2 - BHO: precisead browser enhancer - {FA4AD251-0120-C110-FC9F-F31CC113A74D} - C:\Windows\system32\iexjqmewqubntjcxl.dll

O3 - Toolbar: egreetings Toolbar - {9df9b682-9c18-4a01-bac3-a265ca7cd866} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [qfyklspjim] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\iexjqmewqubntjcxl.dll"

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

3. Run HijackThis and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:

C:\Windows\system32\iexjqmewqubntjcxl.dll

When you are asked "Do you want to restart your computer now?", click OK.

Your PC MUST reboot to delete the file!

4. Please post a new HijackThis log.

TonyPC · July 2009

HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:39 AM, on 7/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Sonic INSTALLit! Setup.lnk = C:\Users\Tony\AppData\Local\Temp\VIES0FDC\Setup.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.0\AGCoreService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 10292 bytes

Trogan · July 2009

Hi,

Please update Malwarebytes and run a full scan. Post the Malwarebytes report back here.

TonyPC · July 2009

Trogan wrote:

Hi,

Please update Malwarebytes and run a full scan. Post the Malwarebytes report back here.

Malwarebytes' Anti-Malware 1.38
Database version: 2341
Windows 6.0.6001 Service Pack 1

7/9/2009 9:32:16 PM
mbam-log-2009-07-09 (21-32-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 193722
Time elapsed: 1 hour(s), 1 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

TonyPC · July 2009

hey everything has been running very well no problems and no detections on my norton scans

Trogan · July 2009

Hi,

That's good to hear. We just need to do a little cleanup and then I'll post some tips on staying clean.

1. Click Start > Run > type combofix /u > press OK. This will uninstall ComboFix.

You can keep or uninstall HijackThis; it is your choice. If you keep HijackThis, ensure it does not get used in the wrong manner, as it is a powerful tool and not to be used lightly.

I strongly recommend keeping Malwarebytes' and running regular scans with it. Make sure to update it first.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
(Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy <<< A must have program
- It includes host protection and registry protection
- A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware <<< A new and effective program
a-squared Free <<< A good "realtime" or "on demand" scanner
SUPERAntiSpyware <<< A good "realtime" or "on demand" scanner

Prevention

These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Windows Updates (a must!)
It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    - Change the Download signed ActiveX controls to Prompt
    - Change the Download unsigned ActiveX controls to Disable
    - Change the Initialise and script ActiveX controls not marked as safe to Disable
    - Change the Installation of desktop items to Prompt
    - Change the Launching programs and files in an IFRAME to Prompt
    - Change the Navigate sub-frames across different domains to Prompt
    - When all these settings have been made, click on the OK button.
    - If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
- FireFox
  - With many addons available that make customization easy this is a very popular choice
  - NoScript and AdBlockPlus addons are essential
- Opera
  - Another popular alternative
- Netscape
  - Another popular alternative
  - Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read these articles: So How Did I Get Infected In The First Place and Malware Prevention: Prevent Re-infection

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing!

TonyPC · July 2009

hi thank you again for all of the help. the computer is running great and all uninstalls went fine. thanks again.

need help asap problems with virus

Comments