Hi there,
Thank you so much for getting back to me. Here is the log, below. Cheers!
Barbara
ComboFix 08-12-05.06 - Babs 2008-12-06 11:12:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1305 [GMT -8:00]
Running from: E:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\TinyProxy
c:\program files\tinyproxy\tinyproxy.exe
c:\windows\bolivar28.exe
c:\windows\fmark2.dat
c:\windows\system32\351631
c:\windows\system32\351631\351631.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DCOM_SERVER_PROCESS_LAUNCHER_(DCOMLAUNCH)_
-------\Service_DCOM Server Process Launcher (DcomLaunch)
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.
2008-12-04 11:02 . 2008-12-04 11:05 250 --a------ c:\windows\gmer.ini
2008-12-04 09:53 . 2008-12-04 09:53 <DIR> d-------- c:\windows\ERUNT
2008-12-04 09:45 . 2008-12-04 10:25 <DIR> d-------- C:\SDFix
2008-12-04 08:45 . 2008-12-05 10:19 1 ---h----- c:\windows\f49f4daa.dat
2008-12-02 14:36 . 2008-12-02 14:36 <DIR> d-------- c:\documents and settings\Babs\Application Data\Transcend
2008-11-25 00:16 . 2008-11-25 00:16 <DIR> d-------- c:\documents and settings\Not Babs\Application Data\vlc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 18:31 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-05 18:17 --------- d-----w c:\documents and settings\Not Babs\Application Data\AdobeUM
2008-12-02 21:39 10,725 ----a-w c:\windows\Fonts\mytypeoffont.zip
2008-12-02 21:29 --------- d-----w c:\program files\Macromedia
2008-11-06 07:17 --------- d-----w c:\documents and settings\Babs\Application Data\vlc
2008-11-06 07:15 --------- d-----w c:\program files\VideoLAN
2008-11-06 07:15 --------- d-----w c:\program files\Softonic_English
2008-11-06 07:15 --------- d-----w c:\program files\Conduit
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-12 04:42 11,107 ----a-w c:\windows\Fonts\poke.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2008-09-15 06:47 1784856 --a------ c:\program files\Softonic_English\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-09 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"JFSW2Launch"="c:\documents and settings\Babs\Application Data\Transcend\JFSW2\JFSW2Launch.exe" [2008-09-29 172032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-23 1392640]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2007-01-16 23168]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-09 1836544]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-08-21 24576]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-09-26 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-09-09 112688]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4757140d-d2fe-11dc-be73-001c238ca086}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{992cc9ac-1bed-11dd-be8f-001c238ca086}]
\Shell\AutoRun\command - E:\pa39xth.cmd
\Shell\explore\Command - E:\pa39xth.cmd
\Shell\open\Command - E:\pa39xth.cmd
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-06 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Babs.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 11:13]
.
- - - - ORPHANS REMOVED - - - -
BHO-{6A26574A-DD6D-4382-8C76-0DF06C478D3A} - c:\windows\system32\351631\351631.dll
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-06 11:17:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Completion time: 2008-12-06 11:19:40 - machine was rebooted [Babs]
ComboFix-quarantined-files.txt 2008-12-06 19:19:37
Pre-Run: 97,258,774,528 bytes free
Post-Run: 97,589,698,560 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
167 --- E O F --- 2008-11-14 15:33:05