Redirecting Searches--Work Computer-Help!

[TheBruce1]

Copy/paste the logs into your reply.

[jd007]

I think this is the right Combofix log. Let me know if it doesn't look right.
FWIW, the computer has been acting ok. Except Norton still pops up from time to time to tell me that it has found an infostealer, and won't get rid of it.

ComboFix 09-06-22.0B - Administrator 06/30/2009 15:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.234 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\jd007.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\avg8\Cfg\except.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\updatecomps.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg8\cfgall\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg8\cfgall\updateall.cfg
c:\documents and settings\All Users\Application Data\avg8\cfgall\userall.cfg
c:\documents and settings\All Users\Application Data\avg8\emc\Log\emc.log
c:\documents and settings\All Users\Application Data\avg8\Log\04de6e94-127c-4fe2-a9f3-658c1433a21d
c:\documents and settings\All Users\Application Data\avg8\Log\76e87164-55dc-46d6-8ad1-c9aa1559f327
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.11
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.12
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.13
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.14
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.15
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.16
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.17
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.18
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.19
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.20
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avildr.log
c:\documents and settings\All Users\Application Data\avg8\Log\cfglog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\commonpub.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpub.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\corelog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\documents and settings\All Users\Application Data\avg8\Log\lnglog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\nslog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\publog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\rslog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\schedlog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\srmlog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\updlog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\vaultlog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\wdlog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\Log\wdsvclog.cfg.old
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000003.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000006.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000007.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000008.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000009.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000010.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000011.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000012.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000013.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000014.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000015.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000016.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000017.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000018.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000019.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000020.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000021.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000022.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000023.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000024.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000025.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000026.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000027.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000028.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000029.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000030.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000031.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000032.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000033.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000034.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000035.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000036.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000037.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000038.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000039.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000040.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000041.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000042.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000043.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000044.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000045.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000046.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000047.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000048.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000049.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000050.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000051.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000052.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000053.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000054.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000055.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000056.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000057.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000058.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000059.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000060.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000061.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000062.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000063.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000064.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000065.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000066.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000067.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000068.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000069.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000070.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000071.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000072.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000073.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000074.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000075.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000076.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000077.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000078.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000079.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000080.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000081.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000082.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000083.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000084.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000085.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000086.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000087.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000088.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000089.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000090.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000091.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000092.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000093.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000094.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000095.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000096.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000097.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000098.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000099.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000100.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000101.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000102.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000103.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000104.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000105.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000106.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000107.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000108.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000109.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000110.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000111.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000112.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000113.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000114.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000115.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000116.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000117.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000118.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000119.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000120.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000121.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000122.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000123.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000124.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000125.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000126.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000127.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000128.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000129.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000130.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000131.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000132.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000133.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000134.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000135.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000136.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000137.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000138.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000139.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000140.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000141.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000142.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000143.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000144.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000145.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000146.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000147.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000148.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000149.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000150.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000151.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000152.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000153.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000154.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000155.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000156.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000157.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000158.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000159.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000160.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000161.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg8\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\backup\microavi.avg
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb2.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg8\update\prepare\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sb.dat.prepare
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sc.dat.prepare

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 17:32 . 2009-06-30 17:32 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-30 14:23 . 2009-06-17 18:15 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090630.002\NAVEX32A.DLL
2009-06-30 14:23 . 2009-06-17 18:15 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090630.002\NAVENG.SYS
2009-06-30 14:23 . 2009-06-17 18:15 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090630.002\NAVEX15.SYS
2009-06-30 14:23 . 2009-06-17 18:15 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090630.002\EECTRL.SYS
2009-06-30 14:23 . 2009-06-17 18:15 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090630.002\ERASER.SYS
2009-06-30 14:23 . 2009-06-17 18:15 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090630.002\NAVENG32.DLL
2009-06-30 14:23 . 2009-06-17 18:15 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090630.002\ECMSVR32.DLL
2009-06-30 14:23 . 2009-06-17 18:15 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090630.002\CCERASER.DLL
2009-06-24 01:18 . 2009-06-17 18:15 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys
2009-06-24 01:18 . 2009-06-17 18:15 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys
2009-06-24 01:18 . 2009-06-17 18:15 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSxpx86.dll
2009-06-24 01:18 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\Scxpx86.dll
2009-06-24 01:18 . 2009-06-17 18:15 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSviA64.sys
2009-06-19 20:40 . 2009-06-17 18:15 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-19 20:40 . 2009-06-17 18:15 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-19 20:40 . 2009-06-17 18:15 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-19 20:40 . 2009-06-17 18:15 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-19 20:40 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-17 18:27 . 2009-06-17 18:27 -------- d-----r- c:\program files\Norton Support
2009-06-17 18:26 . 2009-06-17 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-06-17 18:16 . 2009-06-17 18:15 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-17 18:15 . 2009-06-17 18:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-17 18:14 . 2009-06-17 18:14 -------- d-----w- c:\program files\Windows Sidebar
2009-06-17 18:10 . 2009-06-17 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-17 18:10 . 2009-06-17 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-17 18:10 . 2009-06-17 18:10 -------- d-----w- c:\program files\NortonInstaller
2009-06-17 18:04 . 2009-06-17 18:04 -------- d-----w- c:\documents and settings\All Users\Symantec Temporary Files
2009-06-17 14:45 . 2009-06-17 14:45 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-16 20:46 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-16 19:43 . 2009-06-16 19:43 -------- d-----w- c:\windows\system32\scripting
2009-06-16 19:43 . 2009-06-16 19:43 -------- d-----w- c:\windows\l2schemas
2009-06-16 19:43 . 2009-06-16 19:43 -------- d-----w- c:\windows\system32\en
2009-06-16 19:43 . 2009-06-16 19:43 -------- d-----w- c:\windows\system32\bits
2009-06-16 19:40 . 2009-06-16 19:43 -------- d-----w- c:\windows\ServicePackFiles
2009-06-16 18:37 . 2009-06-16 18:39 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-06-12 22:53 . 2009-06-12 22:53 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-06-12 22:49 . 2009-06-12 22:49 -------- d-----w- c:\program files\AccessMV
2009-06-12 22:46 . 2009-06-12 22:46 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 19:55 . 2007-10-30 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-26 14:50 . 2007-02-15 16:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-06-18 12:16 . 2009-06-17 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-16 22:11 . 2008-03-26 18:37 -------- d-----w- c:\program files\Google
2009-06-16 19:46 . 2006-04-21 22:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\program files\spybotsd162.exe ---
Company: Safer Networking Limited
File Description: Spybot - Search & Destroy
File Version: 1.6.2
Product Name: Spybot - Search & Destroy
Copyright: © 2000-2009 Safer Networking Limited. All rights reserved.
Original Filename: ------
File size: 16409960
Created time: 2009-06-16 18:37
Modified time: 2009-06-16 18:39
MD5: 54ACBA9CFD7154C02CEACF6310CF3CFA
SHA1: 0F5961EA37EB9F9E2A3545264EE219562BBE6D29


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-02-11 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-11 98304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2005-12-05 437008]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-27 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-11-12 995328]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [6/17/2009 1:15 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [6/17/2009 1:15 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [6/17/2009 1:15 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSXpx86.sys [6/23/2009 8:18 PM 276344]
R2 Airlink101 802.11g Wireless WLService;Airlink101 802.11g WLService;c:\program files\Airlink101\AWLH3026\WLService.exe [5/2/2006 2:59 PM 49152]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [6/17/2009 1:15 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/17/2009 1:34 PM 101936]
R3 USB-100;Prestige USB Adapter;c:\windows\system32\drivers\USB150.SYS [9/3/2003 11:17 AM 23938]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2f6e06be-92b4-4bde-83e5-cd685e75706a} - (no file)
BHO-{79722DEE-25EE-4836-A8BF-E06E3F6AA4F7} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 15:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-06-30 15:10
ComboFix-quarantined-files.txt 2009-06-30 20:10
ComboFix2.txt 2009-06-30 17:35

Pre-Run: 13,738,942,464 bytes free
Post-Run: 13,755,580,416 bytes free

460 --- E O F --- 2009-06-11 08:02





Here is the Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, July 07, 2009 21:19:05
Records in database: 2438187
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 38275
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:26:36


File name / Threat name / Threats count
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sysinit32.vir Infected: Trojan-Downloader.Win32.Delf.cuc 1
C:\System Volume Information\_restore{9A7DCB7B-F40D-4B40-91E4-1C77F4D7F945}\RP0\A0000001.dll Infected: Trojan.Win32.Agent.clxm 1
C:\System Volume Information\_restore{9A7DCB7B-F40D-4B40-91E4-1C77F4D7F945}\RP4\A0000632.dll Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

[TheBruce1]

Hello again

Those were the correct logs.

Quote:

Except Norton still pops up from time to time to tell me that it has found an infostealer, and won't get rid of it.

Does Norton give you the location of these files, if so, post them in your reply.

======

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

SkipFix::

File::
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe

Folder::
c:\program files\AccessMV
c:\documents and settings\All Users\Application Data\Viewpoint

Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[jd007]

This is the location that I get from Norton:

globalroot\systemroot\system32\msivxmxddvfgvkjxdskqybgrrruybxtesqsfq.dll

Here is the Combofix log:
------------------------------------------------------------------------
ComboFix 09-07-08.07 - Administrator 07/09/2009 9:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.265 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\jd007.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
"c:\program files\Common Files\aolback\Comps\toolbar\toolbr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\AccessMV
c:\program files\AccessMV\Uninstall.exe
c:\program files\Common Files\aolback\Comps\toolbar\toolbr.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 07:27 . 2009-06-17 18:15 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090708.041\NAVENG.SYS
2009-07-09 07:27 . 2009-06-17 18:15 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090708.041\NAVEX15.SYS
2009-07-09 07:27 . 2009-06-17 18:15 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090708.041\EECTRL.SYS
2009-07-09 07:27 . 2009-06-17 18:15 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090708.041\ERASER.SYS
2009-07-09 07:27 . 2009-06-17 18:15 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090708.041\NAVENG32.DLL
2009-07-09 07:27 . 2009-06-17 18:15 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090708.041\NAVEX32A.DLL
2009-07-09 07:27 . 2009-06-17 18:15 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090708.041\ECMSVR32.DLL
2009-07-09 07:27 . 2009-06-17 18:15 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090708.041\CCERASER.DLL
2009-07-07 17:40 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\Scxpx86.dll
2009-07-07 17:40 . 2009-06-17 18:15 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSXpx86.sys
2009-07-07 17:40 . 2009-06-17 18:15 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSxpx86.dll
2009-07-07 17:40 . 2009-06-17 18:15 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSvix86.sys
2009-07-07 17:40 . 2009-06-17 18:15 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSviA64.sys
2009-07-06 23:23 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090703.001\Scxpx86.dll
2009-07-06 23:23 . 2009-06-17 18:15 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090703.001\IDSviA64.sys
2009-07-06 23:23 . 2009-06-17 18:15 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090703.001\IDSvix86.sys
2009-07-06 23:23 . 2009-06-17 18:15 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090703.001\IDSXpx86.sys
2009-07-06 23:23 . 2009-06-17 18:15 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090703.001\IDSxpx86.dll
2009-07-06 20:35 . 2009-07-06 20:34 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-06 20:34 . 2009-07-06 20:34 -------- d-----w- c:\program files\Java
2009-07-03 16:12 . 2009-07-06 19:31 -------- d-----w- c:\documents and settings\Administrator\.SunDownloadManager
2009-07-03 15:52 . 2009-07-03 15:52 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-07-03 15:49 . 2009-07-03 15:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-03 15:47 . 2009-07-03 15:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-03 15:38 . 2009-04-29 04:46 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-07-03 15:38 . 2009-04-29 04:46 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2009-06-30 21:16 . 2009-06-17 18:15 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSviA64.sys
2009-06-30 21:16 . 2009-06-17 18:15 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSvix86.sys
2009-06-30 21:16 . 2009-06-17 18:15 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSXpx86.sys
2009-06-30 21:16 . 2009-06-17 18:15 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\IDSxpx86.dll
2009-06-30 21:16 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625.003\Scxpx86.dll
2009-06-17 18:27 . 2009-06-17 18:27 -------- d-----r- c:\program files\Norton Support
2009-06-17 18:26 . 2009-06-17 18:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-06-17 18:16 . 2009-06-17 18:15 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-17 18:15 . 2009-06-17 18:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-17 18:14 . 2009-06-17 18:14 -------- d-----w- c:\program files\Windows Sidebar
2009-06-17 18:10 . 2009-06-17 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-17 18:10 . 2009-06-17 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-17 18:10 . 2009-06-17 18:10 -------- d-----w- c:\program files\NortonInstaller
2009-06-17 18:04 . 2009-06-17 18:04 -------- d-----w- c:\documents and settings\All Users\Symantec Temporary Files
2009-06-17 14:45 . 2009-06-17 14:45 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-16 20:46 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-16 19:43 . 2009-06-16 19:43 -------- d-----w- c:\windows\system32\scripting
2009-06-16 19:43 . 2009-06-16 19:43 -------- d-----w- c:\windows\l2schemas
2009-06-16 19:43 . 2009-06-16 19:43 -------- d-----w- c:\windows\system32\en
2009-06-16 19:43 . 2009-06-16 19:43 -------- d-----w- c:\windows\system32\bits
2009-06-16 19:40 . 2009-06-16 19:43 -------- d-----w- c:\windows\ServicePackFiles
2009-06-16 18:37 . 2009-06-16 18:39 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-06-12 22:53 . 2009-06-12 22:53 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-06-12 22:46 . 2009-06-12 22:46 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 19:35 . 2007-02-11 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-07-02 18:00 . 2007-02-15 16:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-06-18 12:16 . 2009-06-17 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-16 22:11 . 2008-03-26 18:37 -------- d-----w- c:\program files\Google
2009-06-16 19:46 . 2006-04-21 22:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_17.31.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-06 21:38 . 2009-07-06 21:38 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat
+ 2009-07-06 21:37 . 2009-07-06 21:37 16384 c:\windows\Temp\Perflib_Perfdata_768.dat
+ 2007-12-08 09:00 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
+ 2007-12-08 09:00 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-04 12:00 . 2008-05-19 11:33 18944 c:\windows\system32\msisip.dll
+ 2004-08-04 12:00 . 2008-05-19 06:57 95744 c:\windows\system32\msiexec.exe
+ 2009-03-08 09:32 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
+ 2009-01-07 23:20 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
+ 2008-05-19 11:33 . 2008-05-19 11:33 18944 c:\windows\system32\dllcache\msisip.dll
+ 2008-05-19 06:57 . 2008-05-19 06:57 95744 c:\windows\system32\dllcache\msiexec.exe
+ 2009-06-16 22:11 . 2009-06-16 22:11 24064 c:\windows\Installer\4f6de3.msi
+ 2004-08-04 12:00 . 2008-04-17 06:43 2560 c:\windows\system32\msimsg.dll
+ 2008-04-17 06:43 . 2008-04-17 06:43 2560 c:\windows\system32\dllcache\msimsg.dll
+ 2008-09-04 06:01 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
- 2008-09-04 06:01 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2004-08-04 12:00 . 2008-05-19 11:33 332800 c:\windows\system32\msihnd.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
+ 2009-07-06 20:35 . 2009-07-06 20:34 148888 c:\windows\system32\javaws.exe
+ 2009-07-06 20:35 . 2009-07-06 20:34 144792 c:\windows\system32\javaw.exe
+ 2009-07-06 20:35 . 2009-07-06 20:34 144792 c:\windows\system32\java.exe
+ 2008-05-19 11:33 . 2008-05-19 11:33 332800 c:\windows\system32\dllcache\msihnd.dll
+ 2008-09-04 05:55 . 2004-08-04 12:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-09-04 05:55 . 2004-08-04 12:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2006-04-21 22:12 . 2006-04-21 22:12 264704 c:\windows\Installer\55791.msi
+ 2007-02-14 23:42 . 2007-02-14 23:42 995840 c:\windows\Installer\551a9.msi
+ 2009-01-15 15:29 . 2009-01-15 15:29 337408 c:\windows\Installer\367a9c4.msi
+ 2004-08-04 12:00 . 2004-08-04 12:00 1326080 c:\windows\system32\webfldrs.msi
+ 2004-08-04 12:00 . 2008-05-19 11:33 4445184 c:\windows\system32\msi.dll
+ 2008-05-19 11:33 . 2008-05-19 11:33 4445184 c:\windows\system32\dllcache\msi.dll
+ 2008-09-04 06:01 . 2004-08-04 12:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-09-04 05:59 . 2004-08-04 12:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 18:08 . 2007-05-25 18:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2007-02-13 22:53 . 2007-02-13 22:53 3443712 c:\windows\Installer\797209.msi
+ 2008-03-26 18:38 . 2008-03-26 18:38 7641088 c:\windows\Installer\771fb91b.msi
+ 2009-07-06 20:34 . 2009-07-06 20:34 1563648 c:\windows\Installer\74547.msi
+ 2006-04-21 19:56 . 2006-04-21 19:56 5922816 c:\windows\Installer\71e02.msi
+ 2007-02-14 23:41 . 2009-07-07 16:24 2248192 c:\windows\Installer\551a5.msi
+ 2007-02-12 23:10 . 2007-02-12 23:10 2401280 c:\windows\Installer\2fe08.msi
+ 2007-02-12 23:09 . 2007-02-12 23:09 2549248 c:\windows\Installer\2fe02.msi
+ 2007-11-15 13:32 . 2007-11-15 13:32 1539072 c:\windows\Installer\206e81.msi
+ 2007-02-14 23:39 . 2003-05-19 19:36 2250240 c:\windows\Cache\Adobe Reader 6.0\ENUBIG\Adobe Reader 6.0.msi
+ 2007-12-09 09:06 . 2007-12-09 09:06 15256576 c:\windows\Installer\b1cde.msp
+ 2007-02-13 22:54 . 2007-02-13 22:54 19210240 c:\windows\Installer\797252.msp
+ 2007-10-20 02:30 . 2007-10-20 02:30 26621440 c:\windows\Installer\206e82.msi
+ 2007-02-14 23:30 . 2007-02-14 23:30 23412224 c:\windows\Installer\1574dd5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-02-11 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-11 98304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2005-12-05 437008]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-27 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-11-12 995328]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-06 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [6/17/2009 1:15 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [6/17/2009 1:15 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [6/17/2009 1:15 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090707.001\IDSXpx86.sys [7/7/2009 12:40 PM 276344]
R2 Airlink101 802.11g Wireless WLService;Airlink101 802.11g WLService;c:\program files\Airlink101\AWLH3026\WLService.exe [5/2/2006 2:59 PM 49152]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [6/17/2009 1:15 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/17/2009 1:34 PM 101936]
R3 USB-100;Prestige USB Adapter;c:\windows\system32\drivers\USB150.SYS [9/3/2003 11:17 AM 23938]
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2f6e06be-92b4-4bde-83e5-cd685e75706a} - (no file)
BHO-{79722DEE-25EE-4836-A8BF-E06E3F6AA4F7} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 09:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1085031214-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,36,3d,b2,a4,24,65,4e,8c,d6,c7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,36,3d,b2,a4,24,65,4e,8c,d6,c7,\
.
Completion time: 2009-07-09 9:45
ComboFix-quarantined-files.txt 2009-07-09 14:45
ComboFix2.txt 2009-06-30 20:10
ComboFix3.txt 2009-06-30 17:35

Pre-Run: 13,206,024,192 bytes free
Post-Run: 13,324,955,648 bytes free

217 --- E O F --- 2009-06-11 08:02

[TheBruce1]

Hello again jd

If you still have GMER on your desktop, run it again as you previous did prior to posting for help, if GMER is no longer on your desktop, follow instructions below.


Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..
  
  
  
  Click the image to enlarge it
  
  
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[TheBruce1]

Do you still require assistance? If there is no reply to this post with 48hrs, this thread will be closed.

[jd007]

Here is the gmer log.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-13 11:41:42
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 8214E050 ZwAlertResumeThread
SSDT 82161050 ZwAlertThread
SSDT 81562318 ZwAllocateVirtualMemory
SSDT 8214B050 ZwAssignProcessToJobObject
SSDT 82398758 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEFCAB040]
SSDT 81561958 ZwCreateMutant
SSDT 81561440 ZwCreateSymbolicLinkObject
SSDT 815D4670 ZwCreateThread
SSDT 8166E050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEFCAB2C0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEFCAB820]
SSDT 81562470 ZwDuplicateObject
SSDT 81561FC0 ZwFreeVirtualMemory
SSDT 816EB050 ZwImpersonateAnonymousToken
SSDT 8212D050 ZwImpersonateThread
SSDT 82344288 ZwLoadDriver
SSDT 8156D070 ZwMapViewOfSection
SSDT 81670050 ZwOpenEvent
SSDT 81562610 ZwOpenProcess
SSDT 82162050 ZwOpenProcessToken
SSDT 8166F050 ZwOpenSection
SSDT 81562540 ZwOpenThread
SSDT 81561510 ZwProtectVirtualMemory
SSDT 821D4130 ZwResumeThread
SSDT 8212E050 ZwSetContextThread
SSDT 81561DE0 ZwSetInformationProcess
SSDT 8212B050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEFCABA70]
SSDT 8212C050 ZwSuspendProcess
SSDT 81671050 ZwSuspendThread
SSDT 821630B8 ZwTerminateProcess
SSDT 816EC050 ZwTerminateThread
SSDT 8214F050 ZwUnmapViewOfSection
SSDT 81562248 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

[TheBruce1]

Hi

Quote:

globalroot\systemroot\system32\msivxmxddvfgvkjxdskqybgrrruybxtesqsfq.dll

Do you still get this warning for Norton, GMER report shows no rootkits on your system.

[jd007]

Yes, still the same thing.

[TheBruce1]

Hi

As show in post 9:

Quote:

ComboFix 09-06-22.0B - Administrator 06/30/2009 12:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.311 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\jd007.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\abW9
c:\windows\cookies.ini
c:\windows\system32\ddfpddme.ini
c:\windows\system32\drivers\MSIVXypafkmrvxdorjuunkltodevkpyewfnha.sys
c:\windows\system32\hoggqanx.ini
c:\windows\system32\kmllm.bak1
c:\windows\system32\kmllm.ini
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXkelqexmpwqonopqutiynmjlacbjccdhe.dll
c:\windows\system32\MSIVXmxddvfgvkjxdskqybgrrruybxtesqsfq.dll

Combofix has already removed that rootkit and your GMER log is clean, so the problem lies with Symantec`s software. You would be better discussing this issue in Norton`s forum.
http://community.norton.com/norton/

========

You don't seem to have a firewall program installed. Using a firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

• OutPost Free Firewall
• Online Armor Free
• PC Tools Firewall Plus Free

==========

If there are no further issues, continue below.

=========

Delete DDS from your desktop, you can keep ATF-Cleaner if you wish...otherwise delete from desktop.

=========

Well done, your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok.

===========

Clear IE6 cookies

*Open IE and click Tools
*Click on Internet Options
*Click on General Tab
*Click on Delte Temp Files & Cookies buttons.


Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.


Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.


For Internet Explorer users:
WOT for IE

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

SpywareBlaster to help prevent spyware from installing in the first place.

• Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items

------------------------------------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Secunia PSI is a programme that will alert you to vulnerabilities and outdated programs you have installed, such as Java, Flash Player and many more.

It can also alert you if you have not installed the latest patches from Microsoft.

==============================================

Also, please take a look at this well written article:

PC Safety and Security--What Do I Need?

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.

[jd007]

Thank you for your help. This is a great service that you guys provide.

[TheBruce1]

You`re welcome, take care