Recent Norton Scan revealed Trojan.Brisv.A!inf Virus

[maher871]

A recent Norton Virus scan revealed Trojan.Brisv.A!inf . I attempted Nortons manual virus removal tool for this Trojan to no avail. Now I come to my friends at tech support forum. I think I have all the info you need to get me started..

DDS (Ver_09-05-14.01) - NTFSx86
Run by David Maher at 18:17:35.36 on Sun 05/17/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.859 [GMT -4:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\AOL\1179933091\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\David Maher\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [HostManager] c:\program files\common files\aol\1179933091\ee\AOLSoftware.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\eventp~1.lnk - c:\program files\sierra\planner\Plnrnote.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: turbotax.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} - hxxp://www.priv.njmls.xmlsweb.com/XMLSearch/XMLCache.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199195764796
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143651149515
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15103/CTPID.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davidm~1\applic~1\mozilla\firefox\profiles\k2wkilr0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-12 28544]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2008-2-18 214888]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 devdpl;devdpl;c:\windows\system32\drivers\devdpl.sys [2006-8-20 7168]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 litdpl;litdpl;c:\windows\system32\drivers\litdpl.sys [2006-8-20 4736]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2008-1-21 7424]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-17 1245064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090517.004\NAVENG.SYS [2009-5-17 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090517.004\NAVEX15.SYS [2009-5-17 876144]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\starportlite.sys --> c:\windows\system32\drivers\StarPortLite.sys [?]
S2 gupdate1c9d1cc47bb2370;Google Update Service (gupdate1c9d1cc47bb2370);c:\program files\google\update\GoogleUpdate.exe [2009-5-10 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-7-7 29744]

=============== Created Last 30 ================

2009-05-13 21:00 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-05-13 21:00 <DIR> --d----- c:\windows\Logs
2009-05-13 21:00 <DIR> --d----- c:\program files\Sony Online Entertainment
2009-05-12 03:00 <DIR> --d----- c:\windows\system32\KB905474
2009-04-25 23:06 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-25 23:06 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-25 23:06 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-25 23:06 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-25 23:06 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-25 23:06 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-25 23:06 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-25 23:06 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-25 23:06 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-25 23:05 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-25 23:05 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-25 23:05 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 -------- c:\windows\system32\ieencode.dll
2009-02-19 13:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 13:03 207,240 a------- c:\windows\system32\SymRedir.dll
2006-04-22 17:43 557,056 -c------ c:\documents and settings\david maher\chatlnk.exe
2005-07-10 11:15 284 -------- c:\docume~1\davidm~1\applic~1\ViewerApp.dat
2008-08-08 17:40 32,768 ---sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080820080809\index.dat

============= FINISH: 18:17:58.24 ===============

[amateur]

Hello and welcome to TSF.

I see that you have LimeWire 4.18.8 installed. This practice can make you vulnerable to data and identity theft. Please read this sticky:

Perils of P2P File Sharing

I would strongly urge you to remove it via Add or Remove Programs in Control Panel as suggested in our
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help page.

Quote:

• p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link

=========================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three days this thread will be closed.

[maher871]

ComboFix 09-05-20.A1 - David Maher 05/21/2009 17:10.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.832 [GMT -4:00]
Running from: c:\documents and settings\David Maher\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 21:10 . 2009-05-21 21:10 6736 ----a-w c:\windows\system32\drivers\PROCEXP90.SYS
2009-05-14 01:03 . 2009-05-14 01:03 -------- d-----w c:\documents and settings\David Maher\Local Settings\Application Data\SCE
2009-05-14 01:00 . 2009-05-14 01:00 -------- d-----w c:\windows\LastGood
2009-05-14 01:00 . 2006-09-28 20:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll
2009-05-14 01:00 . 2009-05-14 01:00 -------- d-----w c:\windows\Logs
2009-05-14 01:00 . 2009-05-17 18:39 -------- d-----w c:\program files\Sony Online Entertainment
2009-05-12 07:00 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-05-12 07:00 . 2009-05-12 07:00 -------- d-----w c:\windows\system32\KB905474
2009-05-12 07:00 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-11 00:06 . 2009-05-11 00:06 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-11 00:05 . 2009-05-21 11:16 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-04 02:34 . 2009-05-04 02:34 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2009-04-26 03:06 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-26 03:06 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-26 03:06 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-26 03:06 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-26 03:06 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-26 03:06 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-26 03:06 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-26 03:06 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-26 03:06 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-26 03:05 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-26 03:05 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 17:12 . 2005-05-22 15:33 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-11 00:06 . 2005-07-08 02:47 -------- d-----w c:\program files\Google
2009-05-04 02:23 . 2005-05-17 18:26 -------- d-----w c:\program files\Common Files\AOL
2009-04-11 15:44 . 2005-05-15 10:36 120296 ------w c:\documents and settings\David Maher\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 15:43 . 2009-04-11 15:42 -------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-04-11 15:40 . 2005-05-10 23:19 -------- d-----w c:\program files\Common Files\Intuit
2009-04-11 15:37 . 2008-02-10 18:57 -------- d-----w c:\program files\TurboTax
2009-04-10 01:42 . 2008-08-09 19:41 -------- d-----w c:\program files\Norton Internet Security
2009-03-30 19:07 . 2008-08-03 01:29 -------- d-----w c:\program files\AOL 9.1
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-19 00:04 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-11-09 18:14 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-04-01 02:47 . 2008-08-09 21:01 324976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-09 05:40 . 2008-09-09 05:40 122880 ------w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 333120]
"HostManager"="c:\program files\Common Files\AOL\1179933091\ee\AOLSoftware.exe" [2008-06-24 41824]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-09 29744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-09 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1179933091\\ee\\aolsoftware.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2/12/2009 6:18 PM 28544]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
R2 devdpl;devdpl;c:\windows\SYSTEM32\DRIVERS\devdpl.sys [8/20/2006 7:34 PM 7168]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 litdpl;litdpl;c:\windows\SYSTEM32\DRIVERS\litdpl.sys [8/20/2006 7:34 PM 4736]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 9:47 PM 149352]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
R2 portD;CMS PortIO Service;c:\windows\SYSTEM32\DRIVERS\portd2k.sys [1/21/2008 5:04 PM 7424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 7:37 PM 101936]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S2 gupdate1c9d1cc47bb2370;Google Update Service (gupdate1c9d1cc47bb2370);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 8:06 PM 133104]
S3 COH_Mon;COH_Mon;c:\windows\SYSTEM32\DRIVERS\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/7/2005 10:47 PM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*NewlyCreated* - COMHOST
*NewlyCreated* - GUPDATE1C9D1CC47BB2370
*NewlyCreated* - GUSVC
*Deregistered* - aujasnkj
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-05-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 00:05]

2009-05-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 00:05]

2009-05-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - David Maher.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]

2009-05-21 c:\windows\Tasks\User_Feed_Synchronization-{456E0847-F463-456D-897D-1B441F8E9A90}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]

2009-05-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} - hxxp://www.priv.njmls.xmlsweb.com/XMLSearch/XMLCache.CAB
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
FF - ProfilePath - c:\documents and settings\David Maher\Application Data\Mozilla\Firefox\Profiles\k2wkilr0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 17:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(21144)
c:\progra~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\Common Files\Symantec Shared\NPC\2.0\NPCEXT.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-21 17:33
ComboFix-quarantined-files.txt 2009-05-21 21:31
ComboFix2.txt 2009-02-21 15:13
ComboFix3.txt 2009-02-11 23:19
ComboFix4.txt 2008-07-08 21:24

Pre-Run: 17,092,595,712 bytes free
Post-Run: 17,616,633,856 bytes free

214 --- E O F --- 2009-05-13 07:04

[amateur]

Hi,

I don't see anything out of the ordinary here. What seems to be the problem?

Quote:

A recent Norton Virus scan revealed Trojan.Brisv.A!inf

Where does Norton report this file to be located?

As a side note, Java(TM) 6 Update 11 is a slightly older version. It can be updated from the Java control panel

Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

[maher871]

C:\Documents and Settings\David Maher\My Documents\My Music\n.e.r.d - backseatlove.mp3

[amateur]

Hi,

Can't you just delete the file?

Let's check if there are any others hiding.

Perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

[maher871]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, May 22, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 21, 2009 22:55:47
Records in database: 2211696
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 133924
Threat name: 5
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 03:15:48


File name / Threat name / Threats count
C:\Documents and Settings\David Maher\My Documents\Incomplete\Preview-T-3545427-star struckk.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Documents and Settings\David Maher\My Documents\Incomplete\Preview-T-4188670-gummiebear(Club RMX).mp3 Infected: Trojan-Downloader.WMA.GetCodec.v 1
C:\Documents and Settings\David Maher\My Documents\Incomplete\T-3870556-do da stanky leg radio version CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\David Maher\My Documents\My Music\bad touch HIT TOP50.mp3 Infected: Trojan-Downloader.WMA.GetCodec.v 1
C:\Documents and Settings\David Maher\My Documents\My Music\gummiebear(Club RMX).mp3 Infected: Trojan-Downloader.WMA.GetCodec.v 1
C:\Documents and Settings\David Maher\My Documents\My Music\iTunes\bad touch HIT TOP50.mp3 Infected: Trojan-Downloader.WMA.GetCodec.v 1
C:\Documents and Settings\David Maher\My Documents\My Music\iTunes\sean paul lil jonthe get crazy HIT TOP50.mp3 Infected: Trojan-Downloader.WMA.GetCodec.v 1
C:\Documents and Settings\David Maher\My Documents\My Music\iTunes\they get crazy CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\David Maher\My Documents\My Music\sean paul lil jonthe get crazy HIT TOP50.mp3 Infected: Trojan-Downloader.WMA.GetCodec.v 1
C:\Documents and Settings\David Maher\My Documents\My Music\star struckk HIT TOP50.mp3 Infected: Trojan-Downloader.WMA.GetCodec.v 1
C:\Documents and Settings\David Maher\My Documents\My Music\they get crazy CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\raidmg.dll.vir Infected: Trojan-Spy.Win32.Agent.guu 1
C:\WINDOWS\CouponPrinter.ocx Infected: not-a-virus:AdWare.Win32.BHO.gkp 1

The selected area was scanned.

[amateur]

Hi,

Infected files are mostly mp3s you downloaded, probably LimeWire. We'll delete them, but first I'd like you to run this tool:

Disable your resident protections (Antivirus...) like you did before. Re-enable them after you're done.

Please download ToolBar S&D
Double-click ToolBar S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which was created: (%SystemDrive%\TB.txt)

[maher871]

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A06
USER : David Maher ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 15.5.0.23 (Not Activated)
Firewall : Norton Internet Security 15.5.0.23 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:16 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:1818 Mo (Free:0 Go)
G:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( Sun 05/24/2009| 9:19 )

-----------\\ Searching for Files - Folders ...

C:\DOCUME~1\DAVIDM~1\Cookies\david_maher@webcrawler[1].txt
C:\DOCUME~1\DAVIDM~1\Cookies\david_maher@www.webcrawler[2].txt

-----------\\ Extensions

(David Maher) - {3DD07E5D-2ADF-42ea-972E-2998FA5CE45A} => verizon
(David Maher) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(David Maher) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.yahoo.com"


--------------------\\ Searching for other infections


No other infections found !


1 - "C:\ToolBar SD\TB_1.txt" - Sun 05/24/2009| 9:22 - Option : [1]

-----------\\ Scan completed at 9:22:49.87

[amateur]

Hi,

• Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work)
• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop
• Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Code:

File::
C:\Documents and Settings\David Maher\My Documents\My Music\n.e.r.d - backseatlove.mp3
C:\Documents and Settings\David Maher\My Documents\Incomplete\Preview-T-3545427-star struckk.mp3
C:\Documents and Settings\David Maher\My Documents\Incomplete\Preview-T-4188670-gummiebear(Club RMX).mp3
C:\Documents and Settings\David Maher\My Documents\Incomplete\T-3870556-do da stanky leg radio version CD quality.mp3
C:\Documents and Settings\David Maher\My Documents\My Music\bad touch HIT TOP50.mp3
C:\Documents and Settings\David Maher\My Documents\My Music\gummiebear(Club RMX).mp3
C:\Documents and Settings\David Maher\My Documents\My Music\iTunes\bad touch HIT TOP50.mp3
C:\Documents and Settings\David Maher\My Documents\My Music\iTunes\sean paul lil jonthe get crazy HIT TOP50.mp3
C:\Documents and Settings\David Maher\My Documents\My Music\iTunes\they get crazy CD quality.mp3
C:\Documents and Settings\David Maher\My Documents\My Music\sean paul lil jonthe get crazy HIT TOP50.mp3
C:\Documents and Settings\David Maher\My Documents\My Music\star struckk HIT TOP50.mp3
C:\Documents and Settings\David Maher\My Documents\My Music\they get crazy CD quality.mp3
C:\WINDOWS\CouponPrinter.ocx


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply and let me know how things are now.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[maher871]

ComboFix 09-05-23.04 - David Maher 05/24/2009 11:47.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.492 [GMT -4:00]
Running from: c:\documents and settings\David Maher\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David Maher\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
c:\documents and settings\David Maher\My Documents\Incomplete\Preview-T-3545427-star struckk.mp3
c:\documents and settings\David Maher\My Documents\Incomplete\Preview-T-4188670-gummiebear(Club RMX).mp3
c:\documents and settings\David Maher\My Documents\Incomplete\T-3870556-do da stanky leg radio version CD quality.mp3
c:\documents and settings\David Maher\My Documents\My Music\bad touch HIT TOP50.mp3
c:\documents and settings\David Maher\My Documents\My Music\gummiebear(Club RMX).mp3
c:\documents and settings\David Maher\My Documents\My Music\iTunes\bad touch HIT TOP50.mp3
c:\documents and settings\David Maher\My Documents\My Music\iTunes\sean paul lil jonthe get crazy HIT TOP50.mp3
c:\documents and settings\David Maher\My Documents\My Music\iTunes\they get crazy CD quality.mp3
c:\documents and settings\David Maher\My Documents\My Music\n.e.r.d - backseatlove.mp3
c:\documents and settings\David Maher\My Documents\My Music\sean paul lil jonthe get crazy HIT TOP50.mp3
c:\documents and settings\David Maher\My Documents\My Music\star struckk HIT TOP50.mp3
c:\documents and settings\David Maher\My Documents\My Music\they get crazy CD quality.mp3
c:\windows\CouponPrinter.ocx
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David Maher\My Documents\Incomplete\Preview-T-3545427-star struckk.mp3
c:\documents and settings\David Maher\My Documents\Incomplete\Preview-T-4188670-gummiebear(Club RMX).mp3
c:\documents and settings\David Maher\My Documents\Incomplete\T-3870556-do da stanky leg radio version CD quality.mp3
c:\documents and settings\David Maher\My Documents\My Music\bad touch HIT TOP50.mp3
c:\documents and settings\David Maher\My Documents\My Music\gummiebear(Club RMX).mp3
c:\documents and settings\David Maher\My Documents\My Music\iTunes\bad touch HIT TOP50.mp3
c:\documents and settings\David Maher\My Documents\My Music\iTunes\sean paul lil jonthe get crazy HIT TOP50.mp3
c:\documents and settings\David Maher\My Documents\My Music\iTunes\they get crazy CD quality.mp3
c:\documents and settings\David Maher\My Documents\My Music\sean paul lil jonthe get crazy HIT TOP50.mp3
c:\documents and settings\David Maher\My Documents\My Music\star struckk HIT TOP50.mp3
c:\documents and settings\David Maher\My Documents\My Music\they get crazy CD quality.mp3
c:\windows\CouponPrinter.ocx

.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 13:18 . 2009-05-24 13:22 -------- d-----w C:\ToolBar SD
2009-05-21 22:11 . 2009-05-21 22:11 -------- d-----w c:\documents and settings\David Maher\Application Data\Windows Search
2009-05-21 21:25 . 2009-05-19 16:13 324464 ----a-w c:\documents and settings\All Users\Application Data\Symantec\NortonProtectionMemo.exe
2009-05-21 21:10 . 2009-05-21 21:10 6736 ----a-w c:\windows\system32\drivers\PROCEXP90.SYS
2009-05-20 03:40 . 2009-05-20 03:40 390664 ----a-w c:\documents and settings\David Maher\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-14 01:03 . 2009-05-14 01:03 -------- d-----w c:\documents and settings\David Maher\Local Settings\Application Data\SCE
2009-05-14 01:00 . 2009-05-14 01:00 -------- d-----w c:\windows\LastGood
2009-05-14 01:00 . 2006-09-28 20:05 2414360 ----a-w c:\windows\system32\d3dx9_31.dll
2009-05-14 01:00 . 2009-05-14 01:00 -------- d-----w c:\windows\Logs
2009-05-14 01:00 . 2009-05-17 18:39 -------- d-----w c:\program files\Sony Online Entertainment
2009-05-12 07:00 . 2009-05-12 07:00 -------- d-----w c:\windows\system32\KB905474
2009-05-12 07:00 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-05-12 07:00 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe
2009-05-11 00:06 . 2009-05-11 00:06 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-11 00:05 . 2009-05-11 00:05 9465328 ----a-w c:\documents and settings\All Users\Application Data\Google Updater\cache\packdata_ci_chrome_1.0.154.53_en_setup.exe
2009-05-11 00:05 . 2009-05-11 00:05 10928112 ----a-w c:\documents and settings\All Users\Application Data\Google Updater\cache\packdata_ci_earth_5.0.11733.9347_en_setup.exe
2009-05-11 00:05 . 2009-05-24 14:19 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-04 02:34 . 2009-05-04 02:34 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2009-05-04 02:23 . 2009-05-04 02:23 54568 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\DaclDll.dll
2009-05-04 02:23 . 2009-05-04 02:23 607392 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\wbsetup.exe
2009-05-04 02:23 . 2009-05-04 02:23 90128 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\noneCodesignFilesBundle.exe
2009-05-04 02:23 . 2009-05-04 02:23 32552 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\iacchk.dll
2009-05-04 02:23 . 2009-05-04 02:23 296952 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\iacinst.exe
2009-05-04 02:23 . 2009-05-04 02:23 62760 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\tsverchk.dll
2009-05-04 02:23 . 2009-05-04 02:23 51296 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\AcsXprFx.exe
2009-05-04 02:23 . 2009-05-04 02:23 83808 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\ProgUpd.dll
2009-05-04 02:23 . 2009-05-04 02:23 849680 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\muinst.exe
2009-05-04 02:23 . 2009-05-04 02:23 36704 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\postproc.exe
2009-05-04 02:23 . 2009-05-04 02:23 138968 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\iaclang.exe
2009-05-04 02:23 . 2009-05-04 02:23 11560 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\tbinst.dll
2009-05-04 02:22 . 2009-05-04 02:22 3297408 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\ocpinst.exe
2009-05-04 02:22 . 2009-05-04 02:22 162008 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\alsetup.exe
2009-05-04 02:22 . 2009-05-04 02:22 172840 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\setup.exe
2009-05-04 02:22 . 2009-05-04 02:22 15144 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\ocpchk.dll
2009-05-04 02:22 . 2009-05-04 02:22 96096 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\instph.dll
2009-05-04 02:22 . 2009-05-04 02:22 686928 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\SinfInst.exe
2009-05-04 02:22 . 2009-05-04 02:22 74536 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\instSup.dll
2009-05-04 02:22 . 2009-05-04 02:22 95792 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\AOLFirewallMgr.dll
2009-05-04 02:22 . 2009-05-04 02:22 246624 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\gui.dll
2009-05-04 02:22 . 2009-05-04 02:22 383128 ----a-w c:\documents and settings\All Users\Application Data\AOL Downloads\IACSuite\3.6.6.1\tbsetup.exe
2009-04-26 03:06 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-26 03:06 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-26 03:06 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-26 03:06 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-26 03:06 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-26 03:06 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-26 03:06 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-26 03:06 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-26 03:06 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-26 03:05 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-26 03:05 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 15:40 . 2005-05-22 15:33 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-21 21:25 . 2005-05-22 15:33 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-13 07:04 . 2009-03-17 19:54 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-11 00:06 . 2005-07-08 02:47 -------- d-----w c:\program files\Google
2009-05-04 02:23 . 2005-05-17 18:26 -------- d-----w c:\program files\Common Files\AOL
2009-05-04 02:23 . 2005-05-17 18:27 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-04 02:22 . 2005-05-17 18:26 -------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-04-11 15:44 . 2005-05-15 10:36 120296 ------w c:\documents and settings\David Maher\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 15:43 . 2009-04-11 15:42 -------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-04-11 15:40 . 2005-05-10 23:19 -------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-04-11 15:40 . 2005-05-10 23:19 -------- d-----w c:\program files\Common Files\Intuit
2009-04-11 15:37 . 2008-02-10 18:57 -------- d-----w c:\program files\TurboTax
2009-04-10 01:42 . 2008-08-09 19:41 -------- d-----w c:\program files\Norton Internet Security
2009-04-05 13:25 . 2007-08-17 22:13 -------- d-----w c:\documents and settings\David Maher\Application Data\Intuit
2009-04-01 02:46 . 2008-02-07 04:04 9584 ----a-w c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-30 19:07 . 2008-08-03 01:29 -------- d-----w c:\program files\AOL 9.1
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-19 00:04 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-11-09 18:14 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-04-01 02:47 . 2008-08-09 21:01 324976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-09 05:40 . 2008-09-09 05:40 122880 ------w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 333120]
"HostManager"="c:\program files\Common Files\AOL\1179933091\ee\AOLSoftware.exe" [2008-06-24 41824]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-09 29744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-09 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1179933091\\ee\\aolsoftware.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2/12/2009 6:18 PM 28544]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
R2 devdpl;devdpl;c:\windows\SYSTEM32\DRIVERS\devdpl.sys [8/20/2006 7:34 PM 7168]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 litdpl;litdpl;c:\windows\SYSTEM32\DRIVERS\litdpl.sys [8/20/2006 7:34 PM 4736]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 9:47 PM 149352]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
R2 portD;CMS PortIO Service;c:\windows\SYSTEM32\DRIVERS\portd2k.sys [1/21/2008 5:04 PM 7424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 7:37 PM 101936]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys --> c:\windows\system32\DRIVERS\StarPortLite.sys [?]
S2 gupdate1c9d1cc47bb2370;Google Update Service (gupdate1c9d1cc47bb2370);c:\program files\Google\Update\GoogleUpdate.exe [5/10/2009 8:06 PM 133104]
S3 COH_Mon;COH_Mon;c:\windows\SYSTEM32\DRIVERS\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/7/2005 10:47 PM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*NewlyCreated* - COMHOST
*NewlyCreated* - GUPDATE1C9D1CC47BB2370
*NewlyCreated* - GUSVC
*Deregistered* - aujasnkj
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 00:05]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 00:05]

2009-05-22 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - David Maher.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 14:05]

2009-05-24 c:\windows\Tasks\User_Feed_Synchronization-{456E0847-F463-456D-897D-1B441F8E9A90}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]

2009-05-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} - hxxp://www.priv.njmls.xmlsweb.com/XMLSearch/XMLCache.CAB
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
FF - ProfilePath - c:\documents and settings\David Maher\Application Data\Mozilla\Firefox\Profiles\k2wkilr0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 11:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-24 12:07
ComboFix-quarantined-files.txt 2009-05-24 16:05
ComboFix2.txt 2009-05-21 21:33
ComboFix3.txt 2009-02-21 15:13
ComboFix4.txt 2009-02-11 23:19
ComboFix5.txt 2009-05-24 15:44

Pre-Run: 17,405,865,984 bytes free
Post-Run: 17,508,569,088 bytes free

264 --- E O F --- 2009-05-13 07:04

[amateur]

How is the system running now?

[amateur]

Hi,

If you're interested in completing the cleaning process, please continue with the following procedure and let me know. Otherwise, this thread will be archived.

If all is well and you have no further malware issues:

• Click Start then Run
• Now type Combofix /u in the runbox and click OK. Notice the space between the Combofix and the /

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

It’s vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please respond to this thread one more time so we can mark this thread as resolved.

Surf Safely and Think Prevention!

If you wish to support and contribute to the ongoing development of ComboFix, donations via PayPal will be accepted.