google search redirect and pop up screens

[dold5000]

Hi i am running windows xp and a few days ago my computer got very slow all of a sudden and then any google search i make i always get the first page coming up with the same searches. crackle.com , reviewsmaster.com, comparisonwize.com, and other spam forums. Its driving me crazy because i cant use google for any more searches.

Hopefully someone can help. thank you

sorry i forgot to mention that i use firefox and even though IE is uninstalled it keeps on poping up with spam windows also.

here are the information from the dds scan


DDS (Version 1.0) - NTFSx86
Run by Abbas at 10:07:15.28 on Thu 12/04/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.125 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Abbas\Desktop\dds.com
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: 60434598509 - c:\windows\system32\dpnlobby32.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\dpnlobby32.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-11-16 99376]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081203.051\NAVENG.SYS [2008-12-4 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081203.051\NAVEX15.SYS [2008-12-4 876112]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETw5x32.sys [2008-11-16 3632384]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-11-16 1245064]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-20 33752]

=============== Created Last 30 ================

2008-12-03 17:24 373,760 a--sh--- c:\windows\system32\5A.tmp
2008-12-03 17:00 <DIR> --d----- c:\windows\pss
2008-12-02 09:02 0 a------- c:\windows\system32\2C9.tmp
2008-12-02 09:02 0 a------- c:\windows\system32\2C8.tmp
2008-12-01 12:26 4,516 a------- c:\windows\GnuHashes.ini
2008-12-01 12:19 1,675 a--sh--- c:\windows\system32\GroupPolicy000.dat
2008-12-01 12:19 <DIR> --dsh--- c:\windows\system32\GroupPolicyManifest
2008-12-01 12:19 373,248 a--sh--- c:\windows\system32\C4.tmp
2008-12-01 12:18 135,168 a------- c:\windows\system32\dpnlobby32.dll
2008-11-26 10:20 <DIR> --d----- c:\documents and settings\abbas\dwhelper
2008-11-25 13:38 <DIR> --d----- c:\windows\system32\N360_BACKUP
2008-11-25 12:58 <DIR> --d----- c:\windows\system32\scripting
2008-11-25 12:58 <DIR> --d----- c:\windows\l2schemas
2008-11-25 12:58 <DIR> --d----- c:\windows\system32\en
2008-11-25 12:58 <DIR> --d----- c:\windows\system32\bits
2008-11-24 21:11 <DIR> --d----- c:\program files\common files\Merge Modules
2008-11-24 20:46 <DIR> --d----- c:\program files\Microsoft Web Designer Tools
2008-11-24 20:34 <DIR> --d----- c:\program files\MagicISO
2008-11-24 20:11 <DIR> --d----- C:\6aea101b6609a2a9ce341e
2008-11-24 19:25 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2008-11-24 19:25 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2008-11-24 19:14 <DIR> --d----- c:\windows\system32\XPSViewer
2008-11-24 19:12 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-24 19:12 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-24 19:12 117,760 -------- c:\windows\system32\prntvpt.dll
2008-11-24 19:12 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2008-11-24 19:12 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-24 19:12 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2008-11-24 19:12 575,488 -------- c:\windows\system32\xpsshhdr.dll
2008-11-24 19:12 <DIR> --d----- C:\170cb0bfb74d5d670a9a1d5233ae7ea3
2008-11-24 19:08 <DIR> --d----- c:\program files\MSXML 6.0
2008-11-20 20:33 268,648 a------- c:\windows\system32\mucltui.dll
2008-11-20 20:33 208,744 a------- c:\windows\system32\muweb.dll
2008-11-20 20:33 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-11-17 09:29 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-11-16 23:24 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-16 23:24 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-11-16 23:24 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-11-16 23:24 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-16 23:24 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-11-16 23:24 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-11-16 23:24 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-11-16 23:24 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-11-16 23:24 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-11-16 23:10 221,184 a------- c:\windows\system32\wmpns.dll
2008-11-16 22:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-16 22:28 <DIR> --d----- c:\program files\CONEXANT
2008-11-16 22:04 <DIR> --d----- c:\program files\Norton 360
2008-11-16 22:01 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-16 22:01 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2008-11-16 22:01 10,671 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-16 22:01 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-11-16 22:00 <DIR> --d----- c:\program files\Symantec
2008-11-16 22:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-11-16 21:57 <DIR> --d----- c:\windows\network diagnostic
2008-11-16 21:57 33,792 ac------ c:\windows\system32\dllcache\custsat.dll
2008-11-16 21:50 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-16 21:47 <DIR> --d----- c:\docume~1\abbas\applic~1\LimeWire
2008-11-16 21:43 <DIR> --d----- c:\docume~1\abbas\applic~1\Symantec
2008-11-16 21:40 844,314 -c------ c:\windows\system32\dllcache\msdxm.ocx
2008-11-16 21:27 <DIR> --d----- c:\program files\Bonjour
2008-11-16 21:17 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-11-16 21:15 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-11-16 21:14 <DIR> --d----- c:\windows\system32\PreInstall
2008-11-16 21:14 <DIR> --d-h--- c:\windows\$hf_mig$
2008-11-16 21:11 <DIR> --d----- c:\program files\LimeWire
2008-11-16 21:11 <DIR> --d----- c:\program files\common files\Macrovision Shared
2008-11-16 21:05 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-11-16 21:03 <DIR> --d----- c:\docume~1\abbas\applic~1\Intel
2008-11-16 21:03 3,632,384 a------- c:\windows\system32\drivers\NETw5x32.sys
2008-11-16 21:03 2,756,608 a------- c:\windows\system32\NETw5r32.dll
2008-11-16 21:03 663,552 a------- c:\windows\system32\NETw5c32.dll
2008-11-16 21:02 <DIR> --d----- c:\program files\common files\Intel
2008-11-16 20:52 316,640 a------- c:\windows\WMSysPr9.prx
2008-11-16 20:50 <DIR> --d----- c:\windows\provisioning
2008-11-16 20:48 <DIR> --d----- c:\windows\ServicePackFiles
2008-11-16 20:41 19,528 a------- c:\windows\002104_.tmp
2008-11-16 20:40 26,488 a------- c:\windows\system32\spupdsvc.exe
2008-11-16 20:38 <DIR> --d----- c:\windows\EHome
2008-11-16 20:11 20,480 a----r-- c:\windows\system32\drivers\omci.sys
2008-11-16 19:56 172,032 a------- c:\windows\system32\igfxres.dll
2008-11-16 19:44 141,056 a------- c:\windows\system32\drivers\ks.sys
2008-11-16 19:44 60,160 a------- c:\windows\system32\drivers\drmk.sys
2008-11-16 19:44 49,408 a------- c:\windows\system32\drivers\stream.sys
2008-11-16 19:44 129,536 a------- c:\windows\system32\ksproxy.ax
2008-11-16 19:44 4,096 a------- c:\windows\system32\ksuser.dll
2008-11-16 19:44 1,222,840 a------- c:\windows\system32\drivers\sthda.sys
2008-11-16 19:42 270,336 a------- c:\windows\system32\stacapi.dll
2008-11-16 19:42 146,944 a------- c:\windows\system32\st325602.dll
2008-11-16 19:42 <DIR> --d----- c:\program files\SigmaTel
2008-11-16 19:42 16,128 a------- c:\windows\system32\drivers\APPDRV.SYS
2008-11-16 19:40 <DIR> --d----- c:\windows\Downloaded Installations
2008-11-16 19:40 45,568 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
2008-11-16 19:40 <DIR> --d----- c:\program files\Broadcom
2008-11-16 19:39 90,112 a------- c:\windows\system32\snymsico.dll
2008-11-16 19:39 43,520 a------- c:\windows\system32\drivers\rimsptsk.sys
2008-11-16 19:39 37,376 a------- c:\windows\system32\drivers\rixdptsk.sys
2008-11-16 19:39 32,256 a------- c:\windows\system32\drivers\rimmptsk.sys
2008-11-16 19:39 16,480 a------- c:\windows\system32\rixdicon.dll
2008-11-16 19:39 5 a------- c:\windows\system32\drivers\DELL_XPS_MM061 .MRK
2008-11-16 19:39 5 a------- c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK
2008-11-16 19:39 666 a------- c:\windows\speed.reg
2008-11-16 19:39 <DIR> --d----- c:\program files\Dell
2008-11-16 19:38 191,872 a------- c:\windows\system32\drivers\SynTP.sys
2008-11-16 19:38 114,688 a------- c:\windows\system32\SynCtrl.dll
2008-11-16 19:38 94,299 a------- c:\windows\system32\SynTPAPI.dll
2008-11-16 19:38 82,014 a------- c:\windows\system32\SynCOM.dll
2008-11-16 19:38 81,920 a------- c:\windows\system32\SynTPCo2.dll
2008-11-16 19:38 69,723 a------- c:\windows\system32\SynTPFcs.dll
2008-11-16 19:38 <DIR> --d----- c:\program files\Synaptics
2008-11-16 19:28 <DIR> --d----- c:\windows\system32\Backup
2008-11-16 19:28 <DIR> --d----- c:\windows\SQLHotfix
2008-11-16 19:27 466 a------- c:\windows\system32\mapisvc.inf
2008-11-16 19:27 33,340 -------- c:\windows\system32\dbmsqlgc.dll
2008-11-16 19:27 24,576 -------- c:\windows\system32\dbmsgnet.dll
2008-11-16 19:27 306,688 a------- c:\windows\IsUninst.exe
2008-11-16 19:25 <DIR> --d----- c:\program files\common files\Crystal Decisions
2008-11-16 19:24 <DIR> --d----- c:\program files\Microsoft SQL Server
2008-11-16 19:22 <DIR> --d----- c:\windows\system32\URTTemp
2008-11-16 19:19 376 a------- c:\windows\ODBC.INI
2008-11-16 19:19 28,040 a------- c:\windows\system32\mdimon.dll
2008-11-16 19:18 <DIR> --d----- c:\program files\common files\L&H
2008-11-16 19:18 <DIR> --d----- c:\program files\Microsoft ActiveSync
2008-11-16 19:17 <DIR> --d----- c:\windows\SHELLNEW
2008-11-16 19:01 446,464 a----r-- c:\windows\system32\hhactivex.dll
2008-11-16 19:01 176,128 a------- c:\windows\system32\RcdScan.dll
2008-11-16 19:01 645,616 a------- c:\windows\system32\MSCOMCT2.OCX
2008-11-16 19:01 328,480 a------- c:\windows\system32\ssa3d30.ocx
2008-11-16 19:01 171,967 a------- c:\windows\system32\Odbcjet.hlp
2008-11-16 19:01 7,348 a------- c:\windows\system32\Odbcjet.cnt
2008-11-16 19:01 89,360 a------- c:\windows\system32\VB5DB.DLL
2008-11-16 18:52 <DIR> --ds---- c:\windows\system32\Microsoft
2008-11-16 18:32 <DIR> --dsh--- c:\windows\Installer
2008-11-16 18:31 <DIR> --d----- c:\documents and settings\Abbas
2008-11-16 18:30 8,192 a------- c:\windows\REGLOCS.OLD
2008-11-16 18:28 1,158,818 ac------ c:\windows\system32\dllcache\korwbrkr.lex
2008-11-16 18:27 <DIR> --d----- c:\windows\system32\xircom
2008-11-16 18:27 <DIR> --d----- C:\DELL
2008-11-16 18:25 24,576 a------- c:\windows\system32\xpsp1hfm.exe
2008-11-16 18:23 <DIR> --dsh--- c:\documents and settings\all users\DRM
2008-11-16 18:23 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-11-16 18:23 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-11-16 18:23 <DIR> --ds---- c:\windows\Downloaded Program Files
2008-11-16 18:23 <DIR> --d--r-- c:\windows\Offline Web Pages
2008-11-16 18:23 749 a---hr-- c:\windows\WindowsShell.Manifest
2008-11-16 18:23 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-16 18:23 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2008-11-16 18:23 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2008-11-16 18:23 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2008-11-16 18:23 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2008-11-16 18:23 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2008-11-16 18:22 <DIR> --d----- c:\program files\common files\MSSoap
2008-11-16 18:20 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-11-16 18:20 <DIR> --d----- c:\program files\Online Services
2008-11-16 18:20 <DIR> --d----- c:\program files\Messenger
2008-11-16 18:20 <DIR> --d----- c:\program files\MSN Gaming Zone
2008-11-16 18:19 <DIR> --d----- c:\program files\Windows NT
2008-11-16 13:15 <DIR> --d----- c:\program files\common files\ODBC
2008-11-16 13:15 <DIR> --d----- c:\program files\common files\SpeechEngines
2008-11-16 13:15 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2008-11-25 13:04 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-16 21:46 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-16 18:21 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll

============= FINISH: 10:09:55.10 ===============

i have the other log but it says do not post unless specifically instructed

[sUBs]

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download & save ComboFix to your Desktop but don't run it yet
Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:

DDS::
Notify: 60434598509 - c:\WINDOWS\system32\dpnlobby32.dll
AppInit_DLLs: c:\WINDOWS\system32\dpnlobby32.dll

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt.

[dold5000]

thank you

this is the log that i got what do i do next?


____________________________________________________

ComboFix 08-12-06.06 - Abbas 2008-12-07 13:34:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.137 [GMT -5:00]
Running from: c:\documents and settings\Abbas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Abbas\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dpnlobby32.dll
.
---- Previous Run -------
.
c:\windows\system32\3.tmp
c:\windows\system32\dpnlobby32.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-05 12:27 . 2008-12-05 12:27 <DIR> d-------- c:\documents and settings\Abbas\Application Data\Intel
2008-12-05 00:45 . 2008-12-05 00:45 <DIR> d-------- c:\program files\Lavasoft
2008-12-05 00:45 . 2008-12-05 00:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-05 00:45 . 2008-12-05 00:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-04 10:17 . 2008-12-04 10:17 250 --a------ c:\windows\gmer.ini
2008-12-03 17:24 . 2008-12-03 17:24 373,760 --ahs---- c:\windows\system32\5A.tmp
2008-12-02 09:02 . 2008-12-02 09:02 0 --a------ c:\windows\system32\2C9.tmp
2008-12-02 09:02 . 2008-12-02 09:02 0 --a------ c:\windows\system32\2C8.tmp
2008-12-01 12:26 . 2008-12-01 12:26 4,516 --a------ c:\windows\GnuHashes.ini
2008-12-01 12:19 . 2008-12-01 12:19 <DIR> d--hs---- c:\windows\system32\GroupPolicyManifest
2008-12-01 12:19 . 2008-12-01 12:19 373,248 --ahs---- c:\windows\system32\C4.tmp
2008-12-01 12:19 . 2008-12-01 12:19 1,675 --ahs---- c:\windows\system32\GroupPolicy000.dat
2008-11-26 11:53 . 2008-11-26 11:53 <DIR> d-------- c:\windows\Sun
2008-11-25 13:38 . 2008-11-25 13:38 <DIR> d-------- c:\windows\system32\N360_BACKUP
2008-11-25 12:58 . 2008-11-25 12:58 <DIR> d-------- c:\windows\system32\scripting
2008-11-25 12:58 . 2008-11-25 12:58 <DIR> d-------- c:\windows\system32\en
2008-11-25 12:58 . 2008-11-25 12:58 <DIR> d-------- c:\windows\system32\bits
2008-11-25 12:58 . 2008-11-25 12:58 <DIR> d-------- c:\windows\l2schemas
2008-11-24 21:11 . 2008-11-24 21:12 <DIR> d-------- c:\program files\Common Files\Merge Modules
2008-11-24 20:46 . 2008-11-24 20:47 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2008-11-24 20:34 . 2008-11-24 20:34 <DIR> d-------- c:\program files\MagicISO
2008-11-24 20:11 . 2008-11-24 20:13 <DIR> d-------- C:\6aea101b6609a2a9ce341e
2008-11-24 19:25 . 2008-11-24 19:25 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2008-11-24 19:25 . 2008-11-24 19:25 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-24 19:18 . 2008-11-24 21:11 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2008-11-24 19:18 . 2008-11-25 11:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-24 19:17 . 2008-11-24 19:17 <DIR> d-------- c:\program files\Microsoft SDKs
2008-11-24 19:14 . 2008-11-24 20:13 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-24 19:14 . 2008-11-24 19:14 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-24 19:14 . 2008-11-24 19:14 <DIR> d-------- c:\program files\MSBuild
2008-11-24 19:12 . 2008-11-24 19:14 <DIR> d-------- C:\170cb0bfb74d5d670a9a1d5233ae7ea3
2008-11-24 19:12 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-24 19:12 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-24 19:12 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-24 19:12 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-24 19:12 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-24 19:12 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-24 19:12 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-24 19:08 . 2008-11-24 19:08 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-20 21:20 . 2008-11-20 21:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-20 21:00 . 2008-11-20 21:00 <DIR> d-------- c:\program files\NOS
2008-11-20 21:00 . 2008-11-20 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-20 20:33 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-20 20:33 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-20 20:33 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-17 09:29 . 2008-11-17 09:29 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-17 09:28 . 2008-11-17 09:28 <DIR> d-------- c:\program files\Windows Live
2008-11-17 09:28 . 2008-11-17 09:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-17 09:22 . 2008-11-17 09:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-16 23:24 . 2008-10-03 12:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-16 23:24 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-16 23:24 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-16 23:24 . 2008-08-26 02:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-16 23:24 . 2008-08-26 02:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-16 23:24 . 2008-08-26 02:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-16 23:24 . 2008-08-26 02:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-16 23:24 . 2008-08-26 02:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-16 23:24 . 2008-08-25 03:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-16 23:10 . 2008-04-13 19:12 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-16 22:41 . 2008-11-16 22:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-16 22:28 . 2008-11-16 22:28 <DIR> d-------- c:\program files\CONEXANT
2008-11-16 22:05 . 2008-11-16 22:05 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-16 22:04 . 2008-11-17 09:17 <DIR> d-------- c:\program files\Norton 360
2008-11-16 22:01 . 2008-11-20 21:00 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-16 22:01 . 2008-11-20 21:00 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-16 22:01 . 2008-11-20 21:00 10,671 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-16 22:01 . 2008-11-20 21:00 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-16 22:00 . 2008-11-20 21:00 <DIR> d-------- c:\program files\Symantec
2008-11-16 22:00 . 2008-11-25 10:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2008-11-16 21:57 . 2007-08-13 18:54 33,792 --a--c--- c:\windows\system32\dllcache\custsat.dll
2008-11-16 21:50 . 2008-12-07 13:38 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-16 21:47 . 2008-11-16 21:46 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-16 21:47 . 2008-11-16 21:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-16 21:46 . 2008-11-16 21:46 <DIR> d-------- c:\program files\Java
2008-11-16 21:43 . 2008-11-27 20:21 <DIR> d-------- c:\documents and settings\Abbas\Application Data\Symantec
2008-11-16 21:40 . 2008-04-13 19:10 844,314 -----c--- c:\windows\system32\dllcache\msdxm.ocx
2008-11-16 21:27 . 2008-11-16 21:27 <DIR> d-------- c:\program files\Bonjour
2008-11-16 21:17 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-16 21:16 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-16 21:16 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-16 21:16 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-16 21:16 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-16 21:16 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-16 21:16 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-16 21:16 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-16 21:16 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-16 21:16 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-16 21:16 . 2008-05-01 09:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-16 21:16 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-16 21:15 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-16 21:14 . 2008-11-27 20:07 <DIR> d--h----- c:\windows\$hf_mig$
2008-11-16 21:12 . 2008-11-16 21:12 0 --a------ c:\windows\nsreg.dat
2008-11-16 21:11 . 2008-11-16 21:12 <DIR> d-------- c:\program files\LimeWire
2008-11-16 21:11 . 2008-11-16 21:11 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-16 21:06 . 2008-11-20 21:14 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-16 21:03 . 2008-11-16 21:03 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intel
2008-11-16 21:03 . 2008-11-16 21:03 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Intel
2008-11-16 21:03 . 2008-11-16 21:03 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Intel
2008-11-16 21:03 . 2008-08-28 23:34 3,632,384 --a------ c:\windows\system32\drivers\NETw5x32.sys
2008-11-16 21:03 . 2008-06-20 10:33 2,756,608 --a------ c:\windows\system32\NETw5r32.dll
2008-11-16 21:03 . 2008-06-20 10:32 663,552 --a------ c:\windows\system32\NETw5c32.dll
2008-11-16 21:02 . 2008-11-16 21:02 <DIR> d-------- c:\program files\Common Files\Intel
2008-11-16 21:02 . 2008-11-16 21:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intel
2008-11-16 20:52 . 2008-11-25 13:30 316,640 --a------ c:\windows\WMSysPr9.prx
2008-11-16 20:50 . 2008-11-16 20:50 <DIR> d-------- c:\windows\provisioning
2008-11-16 20:48 . 2008-11-25 12:59 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-16 20:41 . 2004-07-17 11:40 19,528 --a------ c:\windows\002104_.tmp
2008-11-16 20:40 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2008-11-16 20:38 . 2008-11-25 12:36 <DIR> d-------- c:\windows\EHome
2008-11-16 20:11 . 2008-08-21 06:38 20,480 -ra------ c:\windows\system32\drivers\omci.sys
2008-11-16 19:56 . 2007-03-30 19:58 172,032 --a------ c:\windows\system32\igfxres.dll
2008-11-16 19:44 . 2007-05-10 10:24 1,222,840 --a------ c:\windows\system32\drivers\sthda.sys
2008-11-16 19:44 . 2008-04-13 14:16 141,056 --a------ c:\windows\system32\drivers\ks.sys
2008-11-16 19:44 . 2008-04-13 19:12 129,536 --a------ c:\windows\system32\ksproxy.ax
2008-11-16 19:44 . 2008-04-13 13:45 60,160 --a------ c:\windows\system32\drivers\drmk.sys
2008-11-16 19:44 . 2008-04-13 13:45 49,408 --a------ c:\windows\system32\drivers\stream.sys
2008-11-16 19:44 . 2008-04-13 19:11 4,096 --a------ c:\windows\system32\ksuser.dll
2008-11-16 19:43 . 2008-11-16 19:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Dell
2008-11-16 19:42 . 2008-11-16 19:42 <DIR> d-------- c:\program files\SigmaTel
2008-11-16 19:42 . 2007-05-10 10:23 270,336 --a------ c:\windows\system32\stacapi.dll
2008-11-16 19:42 . 2007-08-21 09:58 146,944 --a------ c:\windows\system32\st325602.dll
2008-11-16 19:42 . 2005-08-12 17:50 16,128 --a------ c:\windows\system32\drivers\APPDRV.SYS
2008-11-16 19:40 . 2008-11-16 19:40 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-16 19:40 . 2008-11-16 19:40 <DIR> d-------- c:\program files\Broadcom
2008-11-16 19:40 . 2006-11-21 04:25 45,568 -ra------ c:\windows\system32\drivers\bcm4sbxp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 23:27 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-10-17 15:52 51048 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-03-30 20:00 162584 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-03-30 20:00 138008 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-03-30 19:59 138008 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-05-10 10:22 405504 c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-16 21:46 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 12:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"comHost"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:xbox
"10284:UDP"= 10284:UDP:xbox
"10283:UDP"= 10283:UDP:xbox
"10282:UDP"= 10282:UDP:xbox
"10281:UDP"= 10281:UDP:xbox
"10280:UDP"= 10280:UDP:xbox

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-18 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-16 99376]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-12 23888]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-11-20 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{458058c8-b43a-11dd-ae26-8895434315ca}]
\Shell\AutoRun\command - E:\setupSNK.exe

*Newly Created Service* - COMHOST
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca
mStart Page = hxxp://www.google.ca
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\Abbas\Application Data\Mozilla\Firefox\Profiles\bphokyq0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.ca
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 13:39:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\WLDAP32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKEEPER.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-12-07 13:44:48 - machine was rebooted [Abbas]
ComboFix-quarantined-files.txt 2008-12-07 18:44:43

Pre-Run: 38,822,068,224 bytes free
Post-Run: 38,812,135,424 bytes free

279 --- E O F --- 2008-11-28 02:11:46

[dold5000]

some of the problems have gone away did that fix it?

[sUBs]

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
C:\windows\system32\5A.tmp
C:\windows\system32\2C9.tmp
C:\windows\system32\2C8.tmp
C:\windows\002104_.tmp
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says


-------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

[dold5000]

Well i opened up a notepad i pasted that in it then i called it fix.bat. I got the same file you are talking about but when i double clicked it it opened up a window and it just said "Deleted Successfully !!" nothing else. Am i doing something wrong?

[dold5000]

sorry by the way i just read the second half and the scan is running as we speak

[dold5000]

scan report
Here are the results from the scan report please let me know what to do next, by the way thank you very much for helping me.


KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 7, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 07, 2008 21:23:18
Records in database: 1442867
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area Critical Areas
C:\Documents and Settings\Abbas\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics
Files scanned 57035
Threat name 1
Infected objects 4
Suspicious objects 0
Duration of the scan 01:45:01

File name Threat name Threats count
C:\WINDOWS\system32\GroupPolicyManifest\2.crack.zip Infected: Trojan-Downloader.Win32.Agent.aseo 1
C:\WINDOWS\system32\GroupPolicyManifest\3.video.zip Infected: Trojan-Downloader.Win32.Agent.aseo 1
C:\WINDOWS\system32\GroupPolicyManifest\4.setup.zip Infected: Trojan-Downloader.Win32.Agent.aseo 1
C:\WINDOWS\system32\GroupPolicyManifest\5.unpack.zip Infected: Trojan-Downloader.Win32.Agent.aseo 1
The selected area was scanned.

[sUBs]

Quote:

Am i doing something wrong?

On the contrary, you're doing great

Kaspersky found some leftovers for you to delete again


Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\WINDOWS\system32\GroupPolicyManifest\2.crack.zip"
"C:\WINDOWS\system32\GroupPolicyManifest\3.video.zip"
"C:\WINDOWS\system32\GroupPolicyManifest\4.setup.zip"
"C:\WINDOWS\system32\GroupPolicyManifest\5.unpack.zip"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says

[dold5000]

it said the same thing again "deleted successfully !!"

[sUBs]

Quote:

it said the same thing again "deleted successfully !!"

Which only means you did great again

Your system is now clean. Kindly follow these simple steps in order to keep your computer clean and secure:

1. Uninstall ComboFix ... do not skip this step
   This process will perform some post cleanup measures.
   Do this by going to to Start > Run & typing in ComboFix /u
   
   
   
2. ANTIVIRUS SOFTWARE
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
3. Microsoft Windows Update ? http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
4. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

[dold5000]

Thank you very much i havent noticed those pop ups since we did it. This is a great site!