Help Needed Spyware.possible_website_hijack

IggyPop · 06-17-2009, 11:31 PM

Hello Tech Support,

A couple weeks ago I discovered after running a few anti Spyware tools that 2 threats and 2 infections remain from pctools spyware doctor while the other tools were infection free, (spyware.possible_website_hijack) Host entry:(127.0.0.1 spywareinfo.com) & (127.0.0.1 www.spywareinfo.com) I ran both the full scan and the Intelii-Scan, I have done some research and have found that this is a common problem with SD, I tried removing the infection but it would not let me it just says "some threats have not been cleaned successfully",I get frequent hang ups upon shut down and boot ups, my web browser changing on its own, applications hanging when closed and the (error program not responding) pop ups upon shutting down or logging off. I have followed the New Instructions and as you can see below I have copied and pasted the DDS.txt file and have attached Attach.txt and ARK.txt zip.

Any Help would be ever so greatly appreciated

Thank you
IggyPop

Attach.zip

ark.zip

DDS (Ver_09-05-14.01) - NTFSx86
Run by Shawn at 22:46:52.54 on Tue 06/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2126 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
C:\windows\system32\svchost -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\windows\system32\rundll32.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
C:\Program Files\Reimage\Reimage PC Booster\ReimageBooster.exe
C:\Program Files\SlySoft\Game Jackal\32611.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\windows\System32\alg.exe
C:\Program Files\Reimage\Reimage PC Booster\REI_Booster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\SearchFilterHost.exe
C:\Documents and Settings\Shawn\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Norton Save and Restore 2.0] "c:\program files\norton save and restore\agent\VProTray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [PC Booster] c:\program files\inkline global\pc booster\PCBooster.exe
mRun: [nwiz] nwiz.exe /install
mRun: [Maplom] c:\program files\slysoft\game jackal\GameJackal.exe /silent
mRun: [Reimage PC Booster] "c:\program files\reimage\reimage pc booster\postrebootexecuter.exe" false na "c:\program files\reimage\reimage pc booster\ReimageBooster.exe" /tray
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\killer~1.lnk - c:\program files\bigfoot networks\killer driver\KillerTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212589685328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226727083515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shawn\applic~1\mozilla\firefox\profiles\x29ut26f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll

============= SERVICES / DRIVERS ===============

R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-11-14 133152]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-18 130936]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-2-1 134272]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-5-23 310320]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-2-1 971552]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-5-18 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-5-18 39200]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-5-23 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-5-23 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090610.006\IDSXpx86.sys [2009-6-12 276344]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-5-18 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 Killer Port Manager;Killer Port Manager;c:\program files\bigfoot networks\killer driver\PortManager.exe [2009-6-16 236544]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-5-23 115560]
R2 Norton Save and Restore;Norton Save and Restore;c:\program files\norton save and restore\agent\VProSvc.exe [2007-2-13 3425632]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-18 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-18 1095560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-25 101936]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [2008-11-18 43144]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090616.035\NAVENG.SYS [2009-6-16 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090616.035\NAVEX15.SYS [2009-6-16 876144]
R3 NetB834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\NetB834x.sys [2009-1-1 103072]
R3 NetbEdge;Killer NIC NDIS-Edge Service;c:\windows\system32\drivers\NetBEdge.sys [2009-1-1 22048]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-5-18 64392]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-4-4 136832]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-5-18 33056]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-11-14 26488]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-22 38496]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-10-17 35072]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-06-16 21:56 121,376 a------- c:\windows\system32\bfLLR.dll
2009-06-16 21:56 114,720 a------- c:\windows\system32\instLLR.exe
2009-06-16 20:17 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-16 19:59 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-16 19:02 124,188 a------- c:\windows\system32\reimage.rep
2009-06-16 18:58 207,759 a------- c:\windows\system32\reimageu.nat
2009-06-16 18:58 117,020 a------- c:\windows\system32\reimage.nat
2009-06-16 18:57 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 18:57 35,328 a------- c:\windows\system32\drivers\pcntpci5.sys
2009-06-16 18:57 20,608 a------- c:\windows\system32\drivers\usbuhci.sys
2009-06-16 18:57 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-06-16 18:57 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-06-16 18:57 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-06-16 18:57 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-06-16 18:57 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-16 18:36 9,728 a------- c:\windows\system32\Native.exe
2009-06-16 18:36 <DIR> --d----- C:\ReimageUndo
2009-06-16 01:22 1,318 a------- c:\windows\system32\Compress.res
2009-06-16 01:22 264 a------- c:\windows\reimage.ini
2009-06-16 01:22 <DIR> --d----- C:\rei
2009-06-16 01:22 <DIR> --d----- c:\program files\Reimage
2009-06-14 21:00 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-06-14 20:59 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-06-14 20:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-06-14 20:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-06-14 20:58 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-14 15:38 <DIR> --d----- c:\docume~1\shawn\applic~1\Blackberry Desktop
2009-06-12 19:50 256 a------- c:\documents and settings\shawn\pool.bin
2009-06-11 12:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-06-06 21:51 <DIR> --d----- c:\program files\Roxio
2009-06-06 21:51 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-06-06 20:37 256 a------- c:\windows\system32\pool.bin
2009-06-06 20:36 <DIR> --d----- c:\docume~1\shawn\applic~1\Research In Motion
2009-06-06 20:05 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2009-06-06 20:03 <DIR> --d----- c:\program files\common files\Research In Motion
2009-06-06 20:03 <DIR> --d----- c:\program files\Research In Motion
2009-06-06 19:37 <DIR> --dsh--- c:\windows\ftpcache
2009-05-30 23:36 <DIR> --d----- c:\documents and settings\shawn\dwhelper
2009-05-30 12:33 <DIR> --d----- c:\program files\Datel
2009-05-25 21:44 38,229 -------- c:\windows\system32\drivers\StMp3Rec.sys
2009-05-25 21:37 <DIR> --d----- c:\windows\Downloaded Installations
2009-05-25 04:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-05-23 22:55 128,104 a------- c:\windows\system32\drivers\WimFltr.sys
2009-05-23 22:55 14,072 a------- c:\windows\system32\drivers\vproeventmonitor.sys
2009-05-23 22:54 <DIR> --d----- c:\program files\Norton Save and Restore
2009-05-23 22:46 <DIR> --d----- c:\program files\inKline Global
2009-05-23 21:26 <DIR> --d--r-- c:\program files\Norton Support
2009-05-23 13:49 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-05-23 13:49 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-23 13:49 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-05-23 13:49 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-23 13:49 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-23 13:48 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-05-23 13:48 <DIR> --d----- c:\program files\Norton Internet Security
2009-05-23 13:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-05-23 13:45 <DIR> --d----- c:\program files\NortonInstaller
2009-05-23 13:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-05-22 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-05-22 22:25 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-05-19 05:05 1,380,403 a------- c:\windows\system32\avgsdk.dll
2009-05-18 13:04 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-05-18 13:04 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-05-18 13:04 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-05-18 13:04 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-05-18 13:02 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-05-18 13:00 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-05-18 13:00 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-18 12:59 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-05-18 12:59 <DIR> --d----- c:\program files\Spyware Doctor
2009-05-18 12:59 <DIR> --d----- c:\docume~1\shawn\applic~1\PC Tools

==================== Find3M ====================

2009-06-16 19:02 285,184 a------- c:\windows\system32\gdi32.dll
2009-06-16 19:02 246,272 a------- c:\windows\system32\es.dll
2009-06-16 19:02 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-16 19:02 139,264 a------- c:\windows\system32\cscript.exe
2009-06-16 19:02 71,680 a------- c:\windows\system32\admparse.dll
2009-06-16 19:02 35,328 a------- c:\windows\system32\corpol.dll
2009-06-16 18:37 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-06-16 18:37 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-06-09 09:51 40,584 a------- c:\windows\system32\drivers\maplom.sys
2009-06-09 09:50 43,144 a------- c:\windows\system32\drivers\maploml.sys
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-17 13:45 2,206 a------- c:\windows\system32\tmp.reg
2009-05-01 13:54 231,176 a------- c:\windows\system32\PDBoot.exe
2009-04-30 01:36 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-03-01 23:58 24,192 a------- c:\documents and settings\shawn\usbsermptxp.sys
2009-03-01 23:58 22,768 a------- c:\documents and settings\shawn\usbsermpt.sys
2009-02-24 23:58 61,224 a------- c:\documents and settings\shawn\GoToAssistDownloadHelper.exe
2008-11-19 23:54 22,328 a------- c:\docume~1\shawn\applic~1\PnkBstrK.sys

============= FINISH: 22:48:25.01 ===============

IggyPop · 06-23-2009, 09:44 PM

**bump**

**chemist** · 06-23-2009, 10:34 PM

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

IggyPop · 06-24-2009, 10:19 PM

Hi Chemst,
Here is my Combofix report, I noticed it did not successfully install the recovery console?

ComboFix 09-06-23.01 - Shawn 06/24/2009 19:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2361 [GMT -8:00]
Running from: c:\documents and settings\Shawn\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - windows: deleted 96 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\emMON.exe
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 03:20 . 2009-05-23 08:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\NAVENG.SYS
2009-06-25 03:20 . 2009-05-23 08:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\NAVEX15.SYS
2009-06-25 03:20 . 2009-05-23 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\EECTRL.SYS
2009-06-25 03:20 . 2009-05-23 08:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\ECMSVR32.DLL
2009-06-25 03:20 . 2009-05-23 08:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\CCERASER.DLL
2009-06-25 03:20 . 2009-05-23 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\NAVENG32.DLL
2009-06-25 03:20 . 2009-05-23 08:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\NAVEX32A.DLL
2009-06-25 03:20 . 2009-05-23 08:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090624.019\ERASER.SYS
2009-06-25 03:10 . 2009-03-12 08:42 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-24 02:15 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 02:15 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys
2009-06-24 02:15 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 02:15 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 02:15 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys
2009-06-22 06:19 . 2009-06-22 06:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-06-22 06:18 . 2009-06-22 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-06-22 06:17 . 2009-06-22 06:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-06-22 06:17 . 2009-06-22 06:17 -------- d-----w- c:\documents and settings\Shawn\Application Data\Roxio
2009-06-21 18:26 . 2009-06-21 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-06-21 18:24 . 2009-06-21 18:25 37004560 ----a-w- c:\documents and settings\Shawn\Application Data\Research In Motion\BlackBerry\BlackBerryMediaSyncDM.exe
2009-06-21 05:45 . 2009-06-21 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2009-06-21 05:39 . 2005-03-15 19:11 17920 ----a-w- c:\windows\system32\apintfnt.dll
2009-06-21 05:38 . 2008-11-25 02:04 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2009-06-21 05:31 . 2009-06-21 05:44 -------- d-----w- c:\program files\Sierra Wireless
2009-06-21 05:31 . 2009-06-21 05:44 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-06-21 05:12 . 2008-10-24 01:42 290816 ----a-w- c:\windows\vncutil.exe
2009-06-21 05:12 . 2008-06-24 22:46 104992 ----a-w- c:\windows\RtkAudioService.exe
2009-06-21 05:12 . 2009-06-21 05:12 -------- d-----w- C:\dell
2009-06-21 05:08 . 2009-06-21 05:10 -------- d-----w- c:\program files\HP_WebRelease
2009-06-21 05:07 . 2009-06-21 05:08 -------- d-----w- C:\NVidia
2009-06-21 04:44 . 2009-06-21 04:44 10134 ----a-r- c:\documents and settings\Shawn\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
2009-06-21 04:44 . 2007-10-09 16:09 32280 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2009-06-21 04:44 . 2007-10-09 16:09 32152 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2009-06-21 04:44 . 2007-12-03 17:58 69632 ----a-w- c:\windows\system32\KemXML.dll
2009-06-21 04:44 . 2007-12-03 17:58 163840 ----a-w- c:\windows\system32\kemutb.dll
2009-06-21 04:44 . 2007-12-03 17:58 110592 ----a-w- c:\windows\system32\KemWnd.dll
2009-06-21 04:44 . 2007-12-03 17:58 131072 ----a-w- c:\windows\system32\KemUtil.dll
2009-06-21 04:44 . 2009-06-21 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-06-21 04:43 . 2009-06-21 04:43 10134 ----a-r- c:\documents and settings\Shawn\Application Data\Microsoft\Installer\{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}\ARPPRODUCTICON.exe
2009-06-21 04:04 . 2009-06-21 04:05 -------- d-----w- c:\documents and settings\Shawn\Local Settings\Application Data\eSupport.com
2009-06-21 04:04 . 2009-06-21 04:04 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-06-21 01:39 . 2009-06-21 01:39 -------- d-----w- c:\program files\VS Revo Group
2009-06-20 09:16 . 2002-08-19 02:43 794624 ----a-w- c:\windows\system32\spr32d35.dll
2009-06-20 09:05 . 2009-06-20 09:24 -------- d-----w- c:\program files\Punch! Landscape, Deck and Patio Designer
2009-06-20 03:21 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-20 03:21 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-20 03:21 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-20 03:21 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-20 03:21 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-17 05:56 . 2008-05-14 20:33 121376 ----a-w- c:\windows\system32\bfLLR.dll
2009-06-17 05:56 . 2008-05-14 20:33 114720 ----a-w- c:\windows\system32\instLLR.exe
2009-06-17 04:17 . 2009-06-17 04:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-17 03:59 . 2009-06-17 03:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-17 02:57 . 2009-06-17 03:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-17 02:57 . 2009-06-17 03:02 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2009-06-17 02:57 . 2009-06-17 03:02 35328 ----a-w- c:\windows\system32\drivers\pcntpci5.sys
2009-06-17 02:57 . 2009-06-17 03:02 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2009-06-17 02:57 . 2009-06-17 03:02 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2009-06-17 02:57 . 2009-06-17 03:02 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2009-06-17 02:57 . 2009-06-17 03:02 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-06-17 02:36 . 2009-06-17 02:36 9728 ----a-w- c:\windows\system32\Native.exe
2009-06-17 02:36 . 2009-06-17 02:58 -------- d-----w- c:\program files\ReimageUndo
2009-06-16 09:22 . 2009-06-17 05:18 -------- d-----w- C:\rei
2009-06-16 09:22 . 2009-06-16 09:22 -------- d-----w- c:\program files\Reimage
2009-06-15 03:38 . 2009-06-15 03:38 152576 ----a-w- c:\documents and settings\Shawn\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-14 23:38 . 2009-06-14 23:39 -------- d-----w- c:\documents and settings\Shawn\Application Data\Blackberry Desktop
2009-06-13 03:50 . 2009-06-13 03:50 256 ----a-w- c:\documents and settings\Shawn\pool.bin
2009-06-11 20:33 . 2009-06-11 20:33 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-06-07 05:51 . 2009-06-07 05:52 -------- d-----w- c:\program files\Roxio
2009-06-07 05:51 . 2009-06-07 05:51 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-07 04:37 . 2009-06-22 08:08 256 ----a-w- c:\windows\system32\pool.bin
2009-06-07 04:36 . 2009-06-22 06:13 -------- d-----w- c:\documents and settings\Shawn\Application Data\Research In Motion
2009-06-07 04:13 . 2009-06-07 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-06-07 04:10 . 2009-06-22 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-06-07 04:10 . 2009-06-07 05:53 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-06-07 04:05 . 2007-01-18 18:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-06-07 04:03 . 2009-06-07 07:01 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-07 04:03 . 2009-06-21 18:26 -------- d-----w- c:\program files\Research In Motion
2009-06-07 03:37 . 2009-06-07 03:37 -------- d-sh--w- c:\windows\ftpcache
2009-05-31 09:06 . 2009-05-31 09:14 -------- d-----w- c:\documents and settings\Shawn\Application Data\vlc
2009-05-31 07:36 . 2009-06-02 02:24 -------- d-----w- c:\documents and settings\Shawn\dwhelper
2009-05-30 20:33 . 2009-05-30 20:33 -------- d-----w- c:\program files\Datel
2009-05-26 05:44 . 2004-12-19 04:32 38229 ------w- c:\windows\system32\drivers\StMp3Rec.sys
2009-05-26 05:37 . 2009-05-26 05:37 -------- d-----w- c:\windows\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 03:26 . 2008-11-15 22:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-25 03:26 . 2009-05-18 20:59 -------- d-----w- c:\program files\Spyware Doctor
2009-06-21 08:54 . 2008-11-15 00:03 -------- d-----w- c:\documents and settings\Shawn\Application Data\U3
2009-06-21 06:02 . 2009-02-22 21:40 1100352 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-21 04:50 . 2008-11-14 21:32 94608 ----a-w- c:\documents and settings\Shawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-21 04:44 . 2009-06-21 04:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-06-21 04:44 . 2008-11-18 06:15 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-21 01:52 . 2009-04-20 03:50 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-06-21 01:52 . 2008-11-14 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 08:45 . 2008-11-15 00:03 -------- d-----w- c:\documents and settings\Shawn\Application Data\MSN6
2009-06-20 03:56 . 2009-02-02 06:02 -------- d-----w- c:\program files\Acronis
2009-06-20 03:45 . 2009-02-02 06:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-06-20 03:30 . 2009-05-24 06:54 -------- d-----w- c:\program files\Norton Save and Restore
2009-06-20 03:30 . 2008-11-16 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-19 06:49 . 2008-11-18 09:38 -------- d-----w- c:\program files\StarWarsGalaxies
2009-06-19 02:15 . 2009-04-29 19:26 117760 ----a-w- c:\documents and settings\Shawn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-18 15:46 . 2008-11-24 08:04 -------- d-----w- c:\program files\SpeedFan
2009-06-17 05:32 . 2008-11-28 02:38 -------- d-----w- c:\program files\Azureus
2009-06-17 04:50 . 2008-11-15 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-17 03:02 . 2004-08-04 10:00 285184 ----a-w- c:\windows\system32\gdi32.dll
2009-06-17 03:02 . 2004-08-04 10:00 246272 ----a-w- c:\windows\system32\es.dll
2009-06-17 03:02 . 2008-11-14 20:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-17 03:02 . 2004-08-04 10:00 92504 ----a-w- c:\windows\system32\cdm.dll
2009-06-17 03:02 . 2004-08-04 10:00 71680 ----a-w- c:\windows\system32\admparse.dll
2009-06-17 03:02 . 2004-08-04 10:00 35328 ----a-w- c:\windows\system32\corpol.dll
2009-06-17 03:02 . 2004-08-04 10:00 139264 ----a-w- c:\windows\system32\cscript.exe
2009-06-17 02:37 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-06-17 02:37 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-06-15 05:00 . 2009-06-15 05:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-06-15 04:59 . 2009-06-15 04:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-06-15 04:58 . 2009-06-15 04:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-06-15 04:58 . 2009-06-15 04:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-06-15 04:58 . 2009-06-15 04:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-15 03:51 . 2008-11-15 22:44 -------- d-----w- c:\program files\SpywareBlaster
2009-06-15 03:37 . 2009-02-07 19:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-13 07:35 . 2008-11-15 05:54 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-13 04:02 . 2008-11-15 19:46 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 17:51 . 2008-11-19 07:17 40584 ----a-w- c:\windows\system32\drivers\maplom.sys
2009-06-09 17:50 . 2008-11-19 07:17 43144 ----a-w- c:\windows\system32\drivers\maploml.sys
2009-06-07 04:10 . 2008-11-14 21:25 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-30 20:15 . 2008-11-28 12:02 -------- d-----w- c:\documents and settings\Shawn\Application Data\Azureus
2009-05-29 08:17 . 2008-11-19 06:56 -------- d-----w- c:\program files\Elaborate Bytes
2009-05-26 05:44 . 2009-04-09 03:36 -------- d-----w- c:\program files\iPod
2009-05-25 23:33 . 2009-05-25 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-25 23:32 . 2009-05-23 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-25 08:24 . 2008-05-27 07:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-24 22:26 . 2008-11-15 19:46 -------- d-----w- c:\program files\MSBuild
2009-05-24 07:11 . 2008-11-16 06:36 -------- d-----w- c:\documents and settings\Shawn\Application Data\Symantec
2009-05-24 06:46 . 2009-05-24 06:46 -------- d-----w- c:\program files\inKline Global
2009-05-24 06:25 . 2008-11-16 04:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-24 05:26 . 2009-05-24 05:26 -------- d-----r- c:\program files\Norton Support
2009-05-24 05:06 . 2008-11-16 04:03 -------- d-----w- c:\program files\Symantec
2009-05-24 05:06 . 2009-05-23 21:49 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-24 05:06 . 2009-05-23 21:49 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-24 05:06 . 2009-05-23 21:49 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-05-24 05:06 . 2009-05-23 21:49 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-23 22:35 . 2009-01-01 10:17 -------- d-----w- c:\program files\Bigfoot Networks
2009-05-23 22:20 . 2009-05-23 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-05-23 21:49 . 2009-05-23 21:49 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-05-23 21:49 . 2009-05-23 21:49 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-05-23 21:49 . 2009-05-23 21:49 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-05-23 21:48 . 2009-05-23 21:48 -------- d-----w- c:\program files\Norton Internet Security
2009-05-23 21:48 . 2009-05-23 21:48 -------- d-----w- c:\program files\Windows Sidebar
2009-05-23 21:47 . 2009-05-23 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-23 21:45 . 2009-05-23 21:45 -------- d-----w- c:\program files\NortonInstaller
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-18 21:04 . 2009-03-05 07:53 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-18 20:59 . 2009-05-18 20:59 -------- d-----w- c:\documents and settings\Shawn\Application Data\PC Tools
2009-05-17 10:16 . 2009-04-01 04:33 -------- d-----w- c:\documents and settings\Shawn\Application Data\uTorrent
2009-05-08 02:31 . 2009-05-08 02:31 -------- d-----w- c:\documents and settings\Shawn\Application Data\MSNInstaller
2009-05-02 04:47 . 2009-05-02 04:47 -------- d-----w- c:\program files\MSN Messenger
2009-05-01 21:54 . 2009-05-01 21:54 231176 ----a-w- c:\windows\system32\PDBoot.exe
2009-04-30 08:39 . 2008-11-15 05:33 -------- d-----w- c:\program files\Windows Live Toolbar
2009-04-30 08:28 . 2008-11-15 05:29 -------- d-----w- c:\program files\Windows Live
2009-04-30 07:33 . 2008-11-15 07:26 -------- d-----w- c:\program files\Dell Support Center
2009-04-29 05:20 . 2008-11-15 22:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-28 19:30 . 2009-02-22 08:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-04-06 23:32 . 2009-02-22 08:56 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 23:32 . 2009-02-22 08:56 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-03 19:18 . 2009-05-18 21:00 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-03-31 19:23 . 2009-05-18 21:04 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-03-31 19:23 . 2009-05-18 21:04 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-03-31 19:23 . 2009-05-18 21:04 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-03-31 19:23 . 2009-05-18 21:04 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-06-17 03:02 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ie7\wininet.dll
[7] 2007-08-14 03:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-08-20 05:38 659456 87E694D09893978F22024FEEEDF35342 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp2gdr\wininet.dll
[-] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp2qfe\wininet.dll
[-] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3gdr\wininet.dll
[-] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3qfe\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\wininet.dll
[-] 2009-06-17 03:03 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\system32\wininet.dll
[7] 2009-03-08 12:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"Reimage PC Booster"="c:\program files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" [2009-06-23 83240]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-28 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-10-09 100888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-13 17531392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-20 679936]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 20:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-25 07:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Registration Tool.lnk]
backup=c:\windows\pss\Run Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shawn^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
backup=c:\windows\pss\Neverwinter Nights Registration.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\StarWarsGalaxies\\SwgClient_r.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/18/2009 1:00 PM 130936]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2/1/2009 10:02 PM 134272]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [5/23/2009 9:06 PM 310320]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2/1/2009 10:02 PM 971552]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [5/18/2009 1:04 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [5/18/2009 1:04 PM 39200]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [5/23/2009 9:06 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [5/23/2009 9:05 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys [6/23/2009 6:15 PM 276344]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [5/18/2009 1:02 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 Killer Port Manager;Killer Port Manager;c:\program files\Bigfoot Networks\Killer Driver\PortManager.exe [6/16/2009 9:56 PM 236544]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [5/23/2009 9:05 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/25/2009 6:04 PM 101936]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [11/18/2008 11:17 PM 43144]
R3 NetB834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\NetB834x.sys [1/1/2009 2:18 AM 103072]
R3 NetbEdge;Killer NIC NDIS-Edge Service;c:\windows\system32\drivers\NetBEdge.sys [1/1/2009 2:18 AM 22048]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [4/4/2008 3:49 PM 136832]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [5/18/2009 1:04 PM 33056]
S0 Lbd;Lbd; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [11/14/2008 1:36 PM 26488]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/22/2008 9:50 PM 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/22/2009 12:56 AM 38496]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/17/2006 10:09 AM 35072]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [5/18/2009 12:59 PM 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/18/2009 12:59 PM 348752]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Comrade - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 19:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B42C9E5A-A4DC-1B20-3BF4-7995B2A877E2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abajgkehfnccennnoppcjoigjhgimhphdj"=hex:6b,61,65,6c,61,64,66,6e,6c,6b,6b,6f,
64,66,6f,6c,61,64,68,6a,61,64,00,00
"pakfdanklgfmddfmcpopmomicbpacppn"=hex:6a,61,61,6b,6c,65,64,70,6d,65,63,68,66,
66,6e,64,6d,6f,67,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(948)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\BfLLR.dll
.
Completion time: 2009-06-25 19:37
ComboFix-quarantined-files.txt 2009-06-25 03:37

Pre-Run: 58,814,095,360 bytes free
Post-Run: 58,885,259,264 bytes free

378

**chemist** · 06-24-2009, 11:15 PM

Hello IggyPop.

Quote:

I noticed it did not successfully install the recovery console?

Are you sure you were connected? Try again. Agree to the prompts to install it.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Registry Mechanic
Uniblue RegistryBooster

We do not recommend the use of registry cleaners. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling them via Add or Remove Programs in your Control Panel.

------------------------------------------------------

Please download the Norton Removal Tool and Save it to your Desktop.

Close all programs and double-click the Norton_Removal_Tool.exe then click Run
Follow the on-screen instructions.
Restart the computer if asked.
Then delete Norton_Removal_Tool.exe from your desktop.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

To open Notepad, go Start > Run and type Notepad then click 'OK'.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:

SecCenter::
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FCopy::
c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll | c:\windows\system32\wininet.dll

Folder::
c:\documents and settings\Shawn\Application Data\Azureus
c:\program files\Azureus

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------

IggyPop · 06-25-2009, 11:27 AM

Hi Chemist,
It seems I have gotten myself in a bit of a bind now, after I had followed your first instructions to download and carefully run Combofix I had tried to mannualy Install the recovery console before I posted the Combofix report and still did not succeed and now for some reason my PC is going into a boot loop and is showing a partial blue screen error indicating my HDD is corrupt and that I need to run CHKDSK /F to scan for errors, unfortunately I had not written down the exact error message to put into this reply as I will start up my PC again and try to catch the error while it flashes for a mere split second and get to you ASAP.

Thank you in advance
IggyPop

IggyPop · 06-25-2009, 10:11 PM

Hi Chemist,

I had a chance to catch the error report and it appears to be a total blue screen of death 0_o , I tried to boot off my XP Disk and it would load files but then just before loading into windows setup I would get the Blue screen.

A Problem has been detected and windows has been shut down to prevent damage to your computer.
If this is the first time you've seen this error screen, restart your computer, If this screen appears again , follow these steps:
Check for viruses on your computer, Remove any newly installed hardrives or harddrive controllers, Check your hardrive to make sure it is properly configured and terminated, Run CHKDSK /F to check for harddrive corruption and then restart your computer.

Technical Information:
Stop: 0X0000007B (0XF78D2524, 0XC0000034, 0X00000000, 0X00000000)

Thank you in advance
IggyPop

**chemist** · 06-26-2009, 01:19 PM

Hello IggyPop.

Quote:

I tried to boot off my XP Disk and it would load files but then just before loading into windows setup I would get the Blue screen.

Might not be a whole lot I can do for you here.

Please follow the instructions here for performing a repair installation of Windows:

http://www.microsoft.com/windowsxp/u...ps/doug92.mspx

------------------------------------------------------

IggyPop · 06-26-2009, 04:01 PM

Hi Chemist,
I was able to get my PC image restored so what I will do now is go back to the beginning and start over by following your step by step instructions and then give you an update on my progress

Thanks
IggyPop

**chemist** · 06-26-2009, 04:43 PM

Do NOT run ComboFix. Run dds and gmer again and post/attach the logs here for review before doing anything else.

IggyPop · 06-26-2009, 10:55 PM

Hello Chemist,

Here are the dds and gmer logs you requested for

IggyPop

DDS (Ver_09-05-14.01) - NTFSx86
Run by Shawn at 20:02:07.15 on Fri 06/26/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2373 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Documents and Settings\Shawn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PC Booster] c:\program files\inkline global\pc booster\PCBooster.exe
mRun: [nwiz] nwiz.exe /install
mRun: [Maplom] c:\program files\slysoft\game jackal\GameJackal.exe /silent
mRun: [Reimage PC Booster] "c:\program files\reimage\reimage pc booster\postrebootexecuter.exe" false na "c:\program files\reimage\reimage pc booster\ReimageBooster.exe" /tray
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\killer~1.lnk - c:\program files\bigfoot networks\killer driver\KillerTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212589685328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226727083515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shawn\applic~1\mozilla\firefox\profiles\x29ut26f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll

============= SERVICES / DRIVERS ===============

R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-11-14 133152]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-18 130936]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-2-1 134272]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-5-23 310320]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-2-1 971552]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-5-18 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-5-18 39200]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-5-23 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-5-23 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090623.001\IDSXpx86.sys [2009-6-26 276344]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-5-18 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 Killer Port Manager;Killer Port Manager;c:\program files\bigfoot networks\killer driver\PortManager.exe [2009-6-16 236544]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-5-23 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-25 101936]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [2008-11-18 41920]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090626.041\NAVENG.SYS [2009-6-26 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090626.041\NAVEX15.SYS [2009-6-26 876144]
R3 NetB834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\NetB834x.sys [2009-1-1 103072]
R3 NetbEdge;Killer NIC NDIS-Edge Service;c:\windows\system32\drivers\NetBEdge.sys [2009-1-1 22048]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-4-4 136832]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-11-14 26488]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-22 38496]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-10-17 35072]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-5-18 64392]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-18 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-18 1095560]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-5-18 33056]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2009-06-16 21:56 121,376 a------- c:\windows\system32\bfLLR.dll
2009-06-16 21:56 114,720 a------- c:\windows\system32\instLLR.exe
2009-06-16 20:17 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-16 19:59 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-16 19:02 124,188 a------- c:\windows\system32\reimage.rep
2009-06-16 18:58 207,759 a------- c:\windows\system32\reimageu.nat
2009-06-16 18:58 117,020 a------- c:\windows\system32\reimage.nat
2009-06-16 18:57 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 18:57 35,328 a------- c:\windows\system32\drivers\pcntpci5.sys
2009-06-16 18:57 20,608 a------- c:\windows\system32\drivers\usbuhci.sys
2009-06-16 18:57 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-06-16 18:57 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-06-16 18:57 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-06-16 18:57 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-06-16 18:57 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-16 18:36 9,728 a------- c:\windows\system32\Native.exe
2009-06-16 18:36 <DIR> --d----- C:\ReimageUndo
2009-06-16 01:22 1,318 a------- c:\windows\system32\Compress.res
2009-06-16 01:22 264 a------- c:\windows\reimage.ini
2009-06-16 01:22 <DIR> --d----- C:\rei
2009-06-16 01:22 <DIR> --d----- c:\program files\Reimage
2009-06-14 21:00 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-06-14 20:59 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-06-14 20:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-06-14 20:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-06-14 20:58 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-14 15:38 <DIR> --d----- c:\docume~1\shawn\applic~1\Blackberry Desktop
2009-06-12 19:50 256 a------- c:\documents and settings\shawn\pool.bin
2009-06-11 12:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-06-06 21:51 <DIR> --d----- c:\program files\Roxio
2009-06-06 21:51 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-06-06 20:37 256 a------- c:\windows\system32\pool.bin
2009-06-06 20:36 <DIR> --d----- c:\docume~1\shawn\applic~1\Research In Motion
2009-06-06 20:05 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2009-06-06 20:03 <DIR> --d----- c:\program files\common files\Research In Motion
2009-06-06 20:03 <DIR> --d----- c:\program files\Research In Motion
2009-06-06 19:37 <DIR> --dsh--- c:\windows\ftpcache
2009-05-30 23:36 <DIR> --d----- c:\documents and settings\shawn\dwhelper
2009-05-30 12:33 <DIR> --d----- c:\program files\Datel

==================== Find3M ====================

2009-06-23 13:43 39,360 a------- c:\windows\system32\drivers\maplom.sys
2009-06-23 13:42 41,920 a------- c:\windows\system32\drivers\maploml.sys
2009-06-19 19:45 971,552 a------- c:\windows\system32\drivers\tdrpm174.sys
2009-06-16 19:02 285,184 a------- c:\windows\system32\gdi32.dll
2009-06-16 19:02 246,272 a------- c:\windows\system32\es.dll
2009-06-16 19:02 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-16 19:02 139,264 a------- c:\windows\system32\cscript.exe
2009-06-16 19:02 71,680 a------- c:\windows\system32\admparse.dll
2009-06-16 19:02 35,328 a------- c:\windows\system32\corpol.dll
2009-06-16 18:37 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-06-16 18:37 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-05-25 04:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2009-05-23 21:06 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-23 21:06 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-05-23 21:06 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-23 21:06 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-19 05:05 1,380,403 a------- c:\windows\system32\avgsdk.dll
2009-05-17 13:45 2,206 a------- c:\windows\system32\tmp.reg
2009-05-01 13:54 231,176 a------- c:\windows\system32\PDBoot.exe
2009-04-30 01:36 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-03-01 23:58 24,192 a------- c:\documents and settings\shawn\usbsermptxp.sys
2009-03-01 23:58 22,768 a------- c:\documents and settings\shawn\usbsermpt.sys
2009-02-24 23:58 61,224 a------- c:\documents and settings\shawn\GoToAssistDownloadHelper.exe
2008-11-19 23:54 22,328 a------- c:\docume~1\shawn\applic~1\PnkBstrK.sys

============= FINISH: 20:03:03.31 ===============

**chemist** · 06-27-2009, 12:50 AM

Hello again, IggyPop.

Please download the Norton Removal Tool and Save it to your Desktop.

Close all programs and double-click the Norton_Removal_Tool.exe then click Run
Follow the on-screen instructions.
Restart the computer if asked.
Then delete Norton_Removal_Tool.exe from your desktop.

------------------------------------------------------

Delete ComboFix from your desktop if it still exists.

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

http://www.microsoft.com/downloads/d...displaylang=en

Do not be concerned that this file is for SP2 and you have SP3. It will work just fine on your system.

Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here

Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:

Please continue as follows:

Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
Please click Yes to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt, in your next reply.

------------------------------------------------------

IggyPop · 06-27-2009, 12:59 PM

Hello Chemist,

After following the instructions very carefully the Recovery console still does not want to install,When I drag the dl file sp2 from microsoft website I get and error after clicking yes to the user aggreement the error reads "Boot Partition cannot be Enumerated correctly" , so basically it wants to bypass the Recovery console setup and go straight to scanning my PC for malware and this is even after running the Norton Removal tool.

Thanks
IggyPop

**chemist** · 06-27-2009, 01:52 PM

Hello again, IggyPop. Please run this tool--it will only take a moment.

Download BootCheck.exe to your desktop.

Double click BootCheck.exe to run the check
When complete, a Notepad window will open with some text in it
Save the Notepad file to your desktop as BootCheck.txt
Copy the contents of BootCheck.txt and post it in your next reply

IggyPop · 06-27-2009, 02:46 PM

Hi Chemist,
Here is the Boot log

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !

Contents of boot.ini:

IggyPop

**chemist** · 06-27-2009, 05:56 PM

Hello again, IggyPop.

Open Notepad and copy/paste the following text in the quotebox below into Notepad.

Quote:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Save it as boot.ini and save it directly to your C:\ drive

Do not reboot the machine yet!

Run BootCheck.exe again and post the log it produces.

Again--do not reboot until I give you the OK.

------------------------------------------------------

IggyPop · 06-27-2009, 07:44 PM

Hello Chemist,

Here is the Boot log again, hope this helps.

IggyPop

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !

Contents of C:\boot.ini:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

**chemist** · 06-27-2009, 07:55 PM

Hello again, IggyPop. Now try dragging and dropping the Microsoft file onto ComboFix. Let me know.

------------------------------------------------------

IggyPop · 06-27-2009, 09:01 PM

Hi Chemist,
Good news, everything was a success so far and here is the Combofix log

IggyPop

ComboFix 09-06-26.02 - Shawn 06/27/2009 18:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2517 [GMT -8:00]
Running from: c:\documents and settings\Shawn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Shawn\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-27 18:31 . 2009-06-27 18:31 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-17 05:56 . 2008-05-14 20:33 121376 ----a-w- c:\windows\system32\bfLLR.dll
2009-06-17 05:56 . 2008-05-14 20:33 114720 ----a-w- c:\windows\system32\instLLR.exe
2009-06-17 04:17 . 2009-06-17 04:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-17 03:59 . 2009-06-17 03:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-17 02:57 . 2009-06-17 03:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-17 02:57 . 2009-06-17 03:02 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2009-06-17 02:57 . 2009-06-17 03:02 35328 ----a-w- c:\windows\system32\drivers\pcntpci5.sys
2009-06-17 02:57 . 2009-06-17 03:02 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2009-06-17 02:57 . 2009-06-17 03:02 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2009-06-17 02:57 . 2009-06-17 03:02 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2009-06-17 02:57 . 2009-06-17 03:02 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2009-06-17 02:36 . 2009-06-17 02:36 9728 ----a-w- c:\windows\system32\Native.exe
2009-06-17 02:36 . 2009-06-17 02:58 -------- d-----w- C:\ReimageUndo
2009-06-16 09:22 . 2009-06-17 05:18 -------- d-----w- C:\rei
2009-06-16 09:22 . 2009-06-16 09:22 -------- d-----w- c:\program files\Reimage
2009-06-15 03:38 . 2009-06-15 03:38 152576 ----a-w- c:\documents and settings\Shawn\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-14 23:38 . 2009-06-14 23:39 -------- d-----w- c:\documents and settings\Shawn\Application Data\Blackberry Desktop
2009-06-13 03:50 . 2009-06-13 03:50 256 ----a-w- c:\documents and settings\Shawn\pool.bin
2009-06-11 20:33 . 2009-06-11 20:33 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-06-07 05:51 . 2009-06-07 05:52 -------- d-----w- c:\program files\Roxio
2009-06-07 05:51 . 2009-06-07 05:51 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-07 04:37 . 2009-06-14 23:56 256 ----a-w- c:\windows\system32\pool.bin
2009-06-07 04:36 . 2009-06-07 04:36 -------- d-----w- c:\documents and settings\Shawn\Application Data\Research In Motion
2009-06-07 04:13 . 2009-06-07 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-06-07 04:10 . 2009-06-07 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-06-07 04:10 . 2009-06-07 05:53 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-06-07 04:05 . 2007-01-18 18:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-06-07 04:03 . 2009-06-07 07:01 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-07 04:03 . 2009-06-07 04:03 -------- d-----w- c:\program files\Research In Motion
2009-06-07 03:37 . 2009-06-07 03:37 -------- d-sh--w- c:\windows\ftpcache
2009-05-31 09:06 . 2009-05-31 09:14 -------- d-----w- c:\documents and settings\Shawn\Application Data\vlc
2009-05-31 07:36 . 2009-06-02 02:24 -------- d-----w- c:\documents and settings\Shawn\dwhelper
2009-05-30 20:33 . 2009-05-30 20:33 -------- d-----w- c:\program files\Datel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 18:11 . 2009-05-23 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-27 18:10 . 2008-11-16 04:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 18:10 . 2008-11-16 04:03 -------- d-----w- c:\program files\Symantec
2009-06-27 18:10 . 2009-05-23 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-27 08:46 . 2008-11-15 00:03 -------- d-----w- c:\documents and settings\Shawn\Application Data\MSN6
2009-06-27 02:45 . 2008-11-15 22:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-27 02:45 . 2009-05-18 20:59 -------- d-----w- c:\program files\Spyware Doctor
2009-06-23 21:43 . 2008-11-19 07:17 39360 ----a-w- c:\windows\system32\drivers\maplom.sys
2009-06-23 21:42 . 2008-11-19 07:17 41920 ----a-w- c:\windows\system32\drivers\maploml.sys
2009-06-20 03:56 . 2009-02-02 06:02 -------- d-----w- c:\program files\Acronis
2009-06-20 03:45 . 2009-02-02 06:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-06-20 03:30 . 2009-05-24 06:54 -------- d-----w- c:\program files\Norton Save and Restore
2009-06-20 03:30 . 2008-11-16 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-19 06:49 . 2008-11-18 09:38 -------- d-----w- c:\program files\StarWarsGalaxies
2009-06-19 02:15 . 2009-04-29 19:26 117760 ----a-w- c:\documents and settings\Shawn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-18 15:46 . 2008-11-24 08:04 -------- d-----w- c:\program files\SpeedFan
2009-06-17 05:32 . 2008-11-28 02:38 -------- d-----w- c:\program files\Azureus
2009-06-17 04:50 . 2008-11-15 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-17 04:27 . 2009-02-22 21:40 905768 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-17 04:03 . 2008-11-14 21:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 03:02 . 2004-08-04 10:00 285184 ----a-w- c:\windows\system32\gdi32.dll
2009-06-17 03:02 . 2004-08-04 10:00 246272 ----a-w- c:\windows\system32\es.dll
2009-06-17 03:02 . 2008-11-14 20:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-17 03:02 . 2004-08-04 10:00 92504 ----a-w- c:\windows\system32\cdm.dll
2009-06-17 03:02 . 2004-08-04 10:00 71680 ----a-w- c:\windows\system32\admparse.dll
2009-06-17 03:02 . 2004-08-04 10:00 35328 ----a-w- c:\windows\system32\corpol.dll
2009-06-17 03:02 . 2004-08-04 10:00 139264 ----a-w- c:\windows\system32\cscript.exe
2009-06-17 02:37 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-06-17 02:37 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-06-15 05:00 . 2009-06-15 05:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2009-06-15 04:59 . 2009-06-15 04:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-06-15 04:58 . 2009-06-15 04:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-06-15 04:58 . 2009-06-15 04:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-06-15 04:58 . 2009-06-15 04:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-15 03:51 . 2008-11-15 22:44 -------- d-----w- c:\program files\SpywareBlaster
2009-06-15 03:37 . 2009-02-07 19:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-13 07:35 . 2008-11-15 05:54 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-13 04:02 . 2008-11-15 19:46 -------- d-----w- c:\program files\Microsoft Works
2009-06-07 06:10 . 2008-11-14 21:32 96536 ----a-w- c:\documents and settings\Shawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 04:10 . 2008-11-14 21:25 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-30 20:15 . 2008-11-28 12:02 -------- d-----w- c:\documents and settings\Shawn\Application Data\Azureus
2009-05-29 08:17 . 2008-11-19 06:56 -------- d-----w- c:\program files\Elaborate Bytes
2009-05-26 05:44 . 2009-04-09 03:36 -------- d-----w- c:\program files\iPod
2009-05-25 23:33 . 2009-05-25 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-25 23:32 . 2009-05-23 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-25 08:24 . 2008-05-27 07:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-24 22:26 . 2008-11-15 19:46 -------- d-----w- c:\program files\MSBuild
2009-05-24 07:11 . 2008-11-16 06:36 -------- d-----w- c:\documents and settings\Shawn\Application Data\Symantec
2009-05-24 06:46 . 2009-05-24 06:46 -------- d-----w- c:\program files\inKline Global
2009-05-23 22:35 . 2009-01-01 10:17 -------- d-----w- c:\program files\Bigfoot Networks
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-18 21:04 . 2009-03-05 07:53 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-18 20:59 . 2009-05-18 20:59 -------- d-----w- c:\documents and settings\Shawn\Application Data\PC Tools
2009-05-17 10:16 . 2009-04-01 04:33 -------- d-----w- c:\documents and settings\Shawn\Application Data\uTorrent
2009-05-08 02:31 . 2009-05-08 02:31 -------- d-----w- c:\documents and settings\Shawn\Application Data\MSNInstaller
2009-05-02 04:47 . 2009-05-02 04:47 -------- d-----w- c:\program files\MSN Messenger
2009-05-01 21:54 . 2009-05-01 21:54 231176 ----a-w- c:\windows\system32\PDBoot.exe
2009-04-30 08:39 . 2008-11-15 05:33 -------- d-----w- c:\program files\Windows Live Toolbar
2009-04-30 08:28 . 2008-11-15 05:29 -------- d-----w- c:\program files\Windows Live
2009-04-30 07:33 . 2008-11-15 07:26 -------- d-----w- c:\program files\Dell Support Center
2009-04-29 05:20 . 2008-11-15 22:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-06 23:32 . 2009-02-22 08:56 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 23:32 . 2009-02-22 08:56 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-03 19:18 . 2009-05-18 21:00 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-03-31 19:23 . 2009-05-18 21:04 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-03-31 19:23 . 2009-05-18 21:04 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-03-31 19:23 . 2009-05-18 21:04 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-03-31 19:23 . 2009-05-18 21:04 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-06-17 03:02 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ie7\wininet.dll
[7] 2007-08-14 03:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-08-20 05:38 659456 87E694D09893978F22024FEEEDF35342 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp2gdr\wininet.dll
[-] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp2qfe\wininet.dll
[-] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3gdr\wininet.dll
[-] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3qfe\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\wininet.dll
[-] 2009-06-17 03:03 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\system32\wininet.dll
[7] 2009-03-08 12:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-27_18.30.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 22:02 . 2009-06-27 22:02 16384 c:\windows\Temp\Perflib_Perfdata_9b8.dat
+ 2009-06-27 22:00 . 2009-06-27 22:00 16384 c:\windows\Temp\Perflib_Perfdata_858.dat
+ 2009-06-27 18:31 . 2009-06-17 03:03 53080 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-27 18:31 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-27 18:31 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-27 18:31 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-27 18:31 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-27 18:31 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-27 18:31 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-27 18:31 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-27 18:31 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-27 18:31 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-27 18:31 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-27 18:31 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-27 18:31 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-27 18:31 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-27 18:31 . 2009-06-17 03:03 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-27 18:31 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-27 18:31 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-27 18:31 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-27 18:31 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-27 18:31 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-27 18:31 . 2009-06-17 02:37 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-27 18:31 . 2009-06-17 02:37 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-27 18:31 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-06-12 2952128]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"PC Booster"="c:\program files\inKline Global\PC Booster\PCBooster.exe" [2008-03-24 14479360]
"Maplom"="c:\program files\SlySoft\Game Jackal\GameJackal.exe" [2009-06-23 6501824]
"Reimage PC Booster"="c:\program files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" [2009-06-23 83240]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-22 4352832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-22 960528]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-22 165144]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-28 1657376]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-23 28160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Killer Tray Menu.lnk - c:\program files\Bigfoot Networks\Killer Driver\KillerTray.exe [2009-6-16 604672]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-17 528384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 20:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-25 07:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Registration Tool.lnk]
backup=c:\windows\pss\Run Registration Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Shawn^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
backup=c:\windows\pss\Neverwinter Nights Registration.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\StarWarsGalaxies\\SwgClient_r.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Turbine\\Dungeons & Dragons Online - Stormreach\\dndclient.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/18/2009 1:00 PM 130936]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2/1/2009 10:02 PM 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2/1/2009 10:02 PM 971552]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [5/18/2009 1:04 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [5/18/2009 1:04 PM 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [5/18/2009 1:02 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 Killer Port Manager;Killer Port Manager;c:\program files\Bigfoot Networks\Killer Driver\PortManager.exe [6/16/2009 9:56 PM 236544]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [11/18/2008 11:17 PM 41920]
R3 NetB834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\NetB834x.sys [1/1/2009 2:18 AM 103072]
R3 NetbEdge;Killer NIC NDIS-Edge Service;c:\windows\system32\drivers\NetBEdge.sys [1/1/2009 2:18 AM 22048]
R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [4/4/2008 3:49 PM 136832]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [11/14/2008 1:36 PM 26488]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/22/2009 12:56 AM 38496]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/17/2006 10:09 AM 35072]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [5/18/2009 12:59 PM 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/18/2009 12:59 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [5/18/2009 1:04 PM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: %SYSTEMROOT%\system32\BfLLR.dll
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Shawn\Application Data\Mozilla\Firefox\Profiles\x29ut26f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 18:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B42C9E5A-A4DC-1B20-3BF4-7995B2A877E2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abajgkehfnccennnoppcjoigjhgimhphdj"=hex:6b,61,65,6c,61,64,66,6e,6c,6b,6b,6f,
64,66,6f,6c,61,64,68,6a,61,64,00,00
"pakfdanklgfmddfmcpopmomicbpacppn"=hex:6a,61,61,6b,6c,65,64,70,6d,65,63,68,66,
66,6e,64,6d,6f,67,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(732)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\BfLLR.dll

- - - - - - - > 'explorer.exe'(4068)
c:\windows\system32\nview.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\MSVCP71.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-28 18:42
ComboFix-quarantined-files.txt 2009-06-28 02:42
ComboFix2.txt 2009-06-27 18:32

Pre-Run: 58,838,593,536 bytes free
Post-Run: 58,814,537,728 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

325

**chemist** · 06-27-2009, 09:42 PM

Hello IggyPop. Good job!

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

To open Notepad, go Start > Run and type Notepad then click 'OK'.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:

SecCenter::
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FCopy::
c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll | c:\windows\system32\wininet.dll

Folder::
c:\documents and settings\Shawn\Application Data\Azureus
c:\program files\Azureus

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------

06-17-2009, 11:31 PM	#1 (permalink)
IggyPop Registered User Join Date: Nov 2007 Posts: 16 OS: Win Xp Pro SP3	Help Needed Spyware.possible_website_hijack Hello Tech Support, A couple weeks ago I discovered after running a few anti Spyware tools that 2 threats and 2 infections remain from pctools spyware doctor while the other tools were infection free, (spyware.possible_website_hijack) Host entry:(127.0.0.1 spywareinfo.com) & (127.0.0.1 www.spywareinfo.com) I ran both the full scan and the Intelii-Scan, I have done some research and have found that this is a common problem with SD, I tried removing the infection but it would not let me it just says "some threats have not been cleaned successfully",I get frequent hang ups upon shut down and boot ups, my web browser changing on its own, applications hanging when closed and the (error program not responding) pop ups upon shutting down or logging off. I have followed the New Instructions and as you can see below I have copied and pasted the DDS.txt file and have attached Attach.txt and ARK.txt zip. Any Help would be ever so greatly appreciated Thank you IggyPop Attach.zip ark.zip DDS (Ver_09-05-14.01) - NTFSx86 Run by Shawn at 22:46:52.54 on Tue 06/16/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2126 [GMT -8:00] AV: Spyware Doctor with AntiVirus On-access scanning disabled (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Norton Internet Security On-access scanning enabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security enabled {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\windows\system32\svchost -k DcomLaunch C:\windows\system32\svchost -k rpcss C:\windows\System32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\Norton Save and Restore\Agent\VProTray.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\inKline Global\PC Booster\PCBooster.exe C:\windows\system32\rundll32.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\windows\system32\ctfmon.exe C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Bigfoot Networks\Killer Driver\PortManager.exe C:\Program Files\Reimage\Reimage PC Booster\ReimageBooster.exe C:\Program Files\SlySoft\Game Jackal\32611.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\windows\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe C:\Program Files\Spyware Doctor\TFEngine\TFService.exe C:\windows\System32\alg.exe C:\Program Files\Reimage\Reimage PC Booster\REI_Booster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\SearchFilterHost.exe C:\Documents and Settings\Shawn\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Norton Save and Restore 2.0] "c:\program files\norton save and restore\agent\VProTray.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [PC Booster] c:\program files\inkline global\pc booster\PCBooster.exe mRun: [nwiz] nwiz.exe /install mRun: [Maplom] c:\program files\slysoft\game jackal\GameJackal.exe /silent mRun: [Reimage PC Booster] "c:\program files\reimage\reimage pc booster\postrebootexecuter.exe" false na "c:\program files\reimage\reimage pc booster\ReimageBooster.exe" /tray mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\killer~1.lnk - c:\program files\bigfoot networks\killer driver\KillerTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll LSP: %SYSTEMROOT%\system32\BfLLR.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212589685328 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226727083515 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\shawn\applic~1\mozilla\firefox\profiles\x29ut26f.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll ============= SERVICES / DRIVERS =============== R0 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-11-14 133152] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-18 130936] R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-2-1 134272] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-5-23 310320] R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-2-1 971552] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-5-18 51488] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-5-18 39200] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-5-23 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-5-23 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090610.006\IDSXpx86.sys [2009-6-12 276344] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-5-18 159600] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024] R2 Killer Port Manager;Killer Port Manager;c:\program files\bigfoot networks\killer driver\PortManager.exe [2009-6-16 236544] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-5-23 115560] R2 Norton Save and Restore;Norton Save and Restore;c:\program files\norton save and restore\agent\VProSvc.exe [2007-2-13 3425632] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-18 348752] R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-18 1095560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-25 101936] R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [2008-11-18 43144] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090616.035\NAVENG.SYS [2009-6-16 89104] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090616.035\NAVEX15.SYS [2009-6-16 876144] R3 NetB834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\NetB834x.sys [2009-1-1 103072] R3 NetbEdge;Killer NIC NDIS-Edge Service;c:\windows\system32\drivers\NetBEdge.sys [2009-1-1 22048] R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-5-18 64392] R3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2008-4-4 136832] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-5-18 33056] R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x] S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-11-14 26488] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-22 38496] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-10-17 35072] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408] =============== Created Last 30 ================ 2009-06-16 21:56 121,376 a------- c:\windows\system32\bfLLR.dll 2009-06-16 21:56 114,720 a------- c:\windows\system32\instLLR.exe 2009-06-16 20:17 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-06-16 19:59 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-06-16 19:02 124,188 a------- c:\windows\system32\reimage.rep 2009-06-16 18:58 207,759 a------- c:\windows\system32\reimageu.nat 2009-06-16 18:58 117,020 a------- c:\windows\system32\reimage.nat 2009-06-16 18:57 81,920 a------- c:\windows\system32\ieencode.dll 2009-06-16 18:57 35,328 a------- c:\windows\system32\drivers\pcntpci5.sys 2009-06-16 18:57 20,608 a------- c:\windows\system32\drivers\usbuhci.sys 2009-06-16 18:57 14,208 a------- c:\windows\system32\drivers\battc.sys 2009-06-16 18:57 13,952 a------- c:\windows\system32\drivers\cmbatt.sys 2009-06-16 18:57 10,240 a------- c:\windows\system32\drivers\compbatt.sys 2009-06-16 18:57 5,504 a------- c:\windows\system32\drivers\intelide.sys 2009-06-16 18:57 8,192 a------- c:\windows\REGLOCS.OLD 2009-06-16 18:36 9,728 a------- c:\windows\system32\Native.exe 2009-06-16 18:36 <DIR> --d----- C:\ReimageUndo 2009-06-16 01:22 1,318 a------- c:\windows\system32\Compress.res 2009-06-16 01:22 264 a------- c:\windows\reimage.ini 2009-06-16 01:22 <DIR> --d----- C:\rei 2009-06-16 01:22 <DIR> --d----- c:\program files\Reimage 2009-06-14 21:00 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf 2009-06-14 20:59 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2009-06-14 20:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf 2009-06-14 20:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf 2009-06-14 20:58 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-06-14 15:38 <DIR> --d----- c:\docume~1\shawn\applic~1\Blackberry Desktop 2009-06-12 19:50 256 a------- c:\documents and settings\shawn\pool.bin 2009-06-11 12:33 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys 2009-06-06 21:51 <DIR> --d----- c:\program files\Roxio 2009-06-06 21:51 <DIR> --d----- c:\program files\common files\Sonic Shared 2009-06-06 20:37 256 a------- c:\windows\system32\pool.bin 2009-06-06 20:36 <DIR> --d----- c:\docume~1\shawn\applic~1\Research In Motion 2009-06-06 20:05 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys 2009-06-06 20:03 <DIR> --d----- c:\program files\common files\Research In Motion 2009-06-06 20:03 <DIR> --d----- c:\program files\Research In Motion 2009-06-06 19:37 <DIR> --dsh--- c:\windows\ftpcache 2009-05-30 23:36 <DIR> --d----- c:\documents and settings\shawn\dwhelper 2009-05-30 12:33 <DIR> --d----- c:\program files\Datel 2009-05-25 21:44 38,229 -------- c:\windows\system32\drivers\StMp3Rec.sys 2009-05-25 21:37 <DIR> --d----- c:\windows\Downloaded Installations 2009-05-25 04:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll 2009-05-23 22:55 128,104 a------- c:\windows\system32\drivers\WimFltr.sys 2009-05-23 22:55 14,072 a------- c:\windows\system32\drivers\vproeventmonitor.sys 2009-05-23 22:54 <DIR> --d----- c:\program files\Norton Save and Restore 2009-05-23 22:46 <DIR> --d----- c:\program files\inKline Global 2009-05-23 21:26 <DIR> --d--r-- c:\program files\Norton Support 2009-05-23 13:49 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys 2009-05-23 13:49 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-23 13:49 60,808 a------- c:\windows\system32\S32EVNT1.DLL 2009-05-23 13:49 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT 2009-05-23 13:49 805 a------- c:\windows\system32\drivers\SYMEVENT.INF 2009-05-23 13:48 <DIR> --d----- c:\windows\system32\drivers\NIS 2009-05-23 13:48 <DIR> --d----- c:\program files\Norton Internet Security 2009-05-23 13:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton 2009-05-23 13:45 <DIR> --d----- c:\program files\NortonInstaller 2009-05-23 13:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2009-05-22 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools 2009-05-22 22:25 <DIR> --d----- c:\windows\system32\wbem\Repository 2009-05-19 05:05 1,380,403 a------- c:\windows\system32\avgsdk.dll 2009-05-18 13:04 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys 2009-05-18 13:04 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys 2009-05-18 13:04 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys 2009-05-18 13:04 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys 2009-05-18 13:02 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys 2009-05-18 13:00 130,936 a------- c:\windows\system32\drivers\PCTCore.sys 2009-05-18 13:00 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys 2009-05-18 12:59 64,392 a------- c:\windows\system32\drivers\pctplsg.sys 2009-05-18 12:59 <DIR> --d----- c:\program files\Spyware Doctor 2009-05-18 12:59 <DIR> --d----- c:\docume~1\shawn\applic~1\PC Tools ==================== Find3M ==================== 2009-06-16 19:02 285,184 a------- c:\windows\system32\gdi32.dll 2009-06-16 19:02 246,272 a------- c:\windows\system32\es.dll 2009-06-16 19:02 21,640 a------- c:\windows\system32\emptyregdb.dat 2009-06-16 19:02 139,264 a------- c:\windows\system32\cscript.exe 2009-06-16 19:02 71,680 a------- c:\windows\system32\admparse.dll 2009-06-16 19:02 35,328 a------- c:\windows\system32\corpol.dll 2009-06-16 18:37 2,145,280 a------- c:\windows\system32\ntoskrnl.exe 2009-06-16 18:37 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe 2009-06-09 09:51 40,584 a------- c:\windows\system32\drivers\maplom.sys 2009-06-09 09:50 43,144 a------- c:\windows\system32\drivers\maploml.sys 2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll 2009-05-17 13:45 2,206 a------- c:\windows\system32\tmp.reg 2009-05-01 13:54 231,176 a------- c:\windows\system32\PDBoot.exe 2009-04-30 01:36 75,776 a------- c:\windows\system32\WS2Fix.exe 2009-03-01 23:58 24,192 a------- c:\documents and settings\shawn\usbsermptxp.sys 2009-03-01 23:58 22,768 a------- c:\documents and settings\shawn\usbsermpt.sys 2009-02-24 23:58 61,224 a------- c:\documents and settings\shawn\GoToAssistDownloadHelper.exe 2008-11-19 23:54 22,328 a------- c:\docume~1\shawn\applic~1\PnkBstrK.sys ============= FINISH: 22:48:25.01 ===============

06-23-2009, 09:44 PM	#2 (permalink)
IggyPop Registered User Join Date: Nov 2007 Posts: 16 OS: Win Xp Pro SP3	Re: Help Needed Spyware.possible_website_hijack bump

06-23-2009, 10:34 PM	#3 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,639 OS: XP SP3	Re: Help Needed Spyware.possible_website_hijack Hello and Welcome to TSF. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. ------------------------------------------------------ Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper. ------------------------------------------------------ Please visit this webpage for download links, and instructions for running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix. Get help here Please post the C:\ComboFix.txt in your next reply for further review. ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

06-25-2009, 11:27 AM	#6 (permalink)
IggyPop Registered User Join Date: Nov 2007 Posts: 16 OS: Win Xp Pro SP3	Re: Help Needed Spyware.possible_website_hijack Hi Chemist, It seems I have gotten myself in a bit of a bind now, after I had followed your first instructions to download and carefully run Combofix I had tried to mannualy Install the recovery console before I posted the Combofix report and still did not succeed and now for some reason my PC is going into a boot loop and is showing a partial blue screen error indicating my HDD is corrupt and that I need to run CHKDSK /F to scan for errors, unfortunately I had not written down the exact error message to put into this reply as I will start up my PC again and try to catch the error while it flashes for a mere split second and get to you ASAP. Thank you in advance IggyPop

06-25-2009, 10:11 PM	#7 (permalink)
IggyPop Registered User Join Date: Nov 2007 Posts: 16 OS: Win Xp Pro SP3	Re: Help Needed Spyware.possible_website_hijack Hi Chemist, I had a chance to catch the error report and it appears to be a total blue screen of death 0_o , I tried to boot off my XP Disk and it would load files but then just before loading into windows setup I would get the Blue screen. A Problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this error screen, restart your computer, If this screen appears again , follow these steps: Check for viruses on your computer, Remove any newly installed hardrives or harddrive controllers, Check your hardrive to make sure it is properly configured and terminated, Run CHKDSK /F to check for harddrive corruption and then restart your computer. Technical Information: Stop: 0X0000007B (0XF78D2524, 0XC0000034, 0X00000000, 0X00000000) Thank you in advance IggyPop

06-26-2009, 04:01 PM	#9 (permalink)
IggyPop Registered User Join Date: Nov 2007 Posts: 16 OS: Win Xp Pro SP3	Re: Help Needed Spyware.possible_website_hijack Hi Chemist, I was able to get my PC image restored so what I will do now is go back to the beginning and start over by following your step by step instructions and then give you an update on my progress Thanks IggyPop

06-26-2009, 04:43 PM	#10 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,639 OS: XP SP3	Re: Help Needed Spyware.possible_website_hijack Do NOT run ComboFix. Run dds and gmer again and post/attach the logs here for review before doing anything else. __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

06-27-2009, 12:50 AM	#12 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,639 OS: XP SP3	Re: Help Needed Spyware.possible_website_hijack Hello again, IggyPop. Please download the Norton Removal Tool and Save it to your Desktop. Close all programs and double-click the Norton_Removal_Tool.exe then click Run Follow the on-screen instructions. Restart the computer if asked. Then delete Norton_Removal_Tool.exe from your desktop. ------------------------------------------------------ Delete ComboFix from your desktop if it still exists. Please download ComboFix and Save it to your Desktop. Note: It is important that it is saved directly to your desktop First, we need to install the Windows Recovery Console. The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Download the file from this Microsoft page: http://www.microsoft.com/downloads/d...displaylang=en Do not be concerned that this file is for SP2 and you have SP3. It will work just fine on your system. Save it as it is originally named to your Desktop. Now close all open windows and programs, including all antivirus and antispyware programs. Get help here Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console. As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return. ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper. Once the Recovery Console is installed, this blue window will appear: Please continue as follows: Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here Please click Yes to continue scanning for malware. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When the tool is finished, it will produce a log for you. Please post that log, ComboFix.txt, in your next reply. ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

06-27-2009, 12:59 PM	#13 (permalink)
IggyPop Registered User Join Date: Nov 2007 Posts: 16 OS: Win Xp Pro SP3	Re: Help Needed Spyware.possible_website_hijack Hello Chemist, After following the instructions very carefully the Recovery console still does not want to install,When I drag the dl file sp2 from microsoft website I get and error after clicking yes to the user aggreement the error reads "Boot Partition cannot be Enumerated correctly" , so basically it wants to bypass the Recovery console setup and go straight to scanning my PC for malware and this is even after running the Norton Removal tool. Thanks IggyPop

06-27-2009, 01:52 PM	#14 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,639 OS: XP SP3	Re: Help Needed Spyware.possible_website_hijack Hello again, IggyPop. Please run this tool--it will only take a moment. Download BootCheck.exe to your desktop. Double click BootCheck.exe to run the check When complete, a Notepad window will open with some text in it Save the Notepad file to your desktop as BootCheck.txt Copy the contents of BootCheck.txt and post it in your next reply __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

06-27-2009, 02:46 PM	#15 (permalink)
IggyPop Registered User Join Date: Nov 2007 Posts: 16 OS: Win Xp Pro SP3	Re: Help Needed Spyware.possible_website_hijack Hi Chemist, Here is the Boot log WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED ! Contents of boot.ini: IggyPop

06-27-2009, 07:44 PM	#17 (permalink)
IggyPop Registered User Join Date: Nov 2007 Posts: 16 OS: Win Xp Pro SP3	Re: Help Needed Spyware.possible_website_hijack Hello Chemist, Here is the Boot log again, hope this helps. IggyPop WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED ! Contents of C:\boot.ini: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

06-27-2009, 07:55 PM	#18 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,639 OS: XP SP3	Re: Help Needed Spyware.possible_website_hijack Hello again, IggyPop. Now try dragging and dropping the Microsoft file onto ComboFix. Let me know. ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

06-27-2009, 09:42 PM	#20 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,639 OS: XP SP3	Re: Help Needed Spyware.possible_website_hijack Hello IggyPop. Good job! Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ Close any open browsers. Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix. To open Notepad, go Start > Run and type Notepad then click 'OK'. Open Notepad and copy/paste all the text in the codebox below into Notepad: Code: SecCenter:: AV: Norton Internet Security On-access scanning disabled (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FCopy:: c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll \| c:\windows\system32\wininet.dll Folder:: c:\documents and settings\Shawn\Application Data\Azureus c:\program files\Azureus Save this Notepad file as CFScript.txt to your Desktop and then close the file. Referring to the picture above, drag CFScript onto ComboFix If you are prompted to update ComboFix, please choose Yes Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply. Note: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall. ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE