McAfee cannot delete trojan

[njansse2]

Hello, I am using Windows XP and running McAfee Anti-virus. The on-access scan keeps trying to delete a trojan with the file location C:\PROGRAM FILES\DRIVER\DRIVER.DLL and it is detected as Generic.dx!nl, but status is delete failed. It then tries to delete it again but continues to fail. Also, I have had trouble open windows from a google search. My firefox tab just says "jumping" and the page fails to load. I am not sure if these problems are related, but I included it anyway. Here are the log files...




DDS (Ver_09-05-14.01) - NTFSx86
Run by Nick Janssen at 19:31:25.00 on Sun 06/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1220 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\Nick Janssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\svchost.exe -k driver
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Nick Janssen\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [RamBooster] c:\program files\rambooster 2.0\Rambooster.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Google Update] "c:\documents and settings\nick janssen\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\nickja~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\nickja~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: aol.com\free
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nickja~1\applic~1\mozilla\firefox\profiles\gl1di4h7.default\
FF - plugin: c:\documents and settings\nick janssen\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\nick janssen\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2008\chem3d\npChem3DPlugin.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2008\chemdraw\NPCDP32.DLL
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-16 64160]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-8-3 72904]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-8-3 34344]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-8-3 177672]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2009-06-21 19:27 <DIR> --d-h--- c:\windows\PIF
2009-06-21 18:24 <DIR> --d----- C:\ComboFix
2009-06-19 18:56 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-19 18:56 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-17 20:05 2 a------- c:\windows\010112010146118114.lso
2009-06-17 20:05 <DIR> --d----- c:\program files\driver
2009-06-17 20:04 2 a------- c:\windows\010112010146118114.dat
2009-06-17 20:04 2 a------- c:\windows\0101120101465749.lso
2009-06-17 20:04 1 ----h--- c:\windows\jmmark2.dat
2009-06-17 20:04 2 a------- c:\windows\0101120101465749.dat
2009-06-17 20:04 2 a------- c:\windows\0101120101465452.lso
2009-06-17 20:04 2 a------- c:\windows\0101120101465452.dat
2009-06-17 20:04 1 ----h--- c:\windows\bf23567.dat
2009-06-17 20:04 14,336 a---h--- c:\windows\ld10.exe

==================== Find3M ====================

2009-06-19 12:48 49,758 a------- c:\windows\system32\nvModes.dat
2009-06-09 19:15 0 ac------ c:\windows\system32\drivers\lvuvc.hs
2009-06-09 19:15 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-06-04 22:26 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-23 22:25 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-11-21 03:14 30 ac------ c:\documents and settings\nick janssen\jagex_runescape_preferences.dat
2008-09-27 18:21 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 19:33:30.15 ===============

I hope I attached everything correctly to make this easy for you. Thank you very much.

[KB.]

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

[KB.]

Starting instructions
The following instructions are only for this Forum member and machine. If you use these instructions on another machine, you risk seriously damaging the system and doing so will make clean up much more difficult and complicated. If you think you have a similar problem, please begin your own, new thread. I do not offer free private support.

Disable Ad-Watch
Special Note if Ad-Aware is installed and Ad-Watch is enabled: Before proceeding, disable Ad-Watch and leave it disabled until we're done here. See http://aumha.net/viewtopic.php?f=43&t=38668

P2P Concern
Your logs showed some peer-to-peer filesharing apps. I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Read more here:
File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

My preference is that you un-install LimeWire 4.18.3 and µTorrent and any other P-2-P that this pc has. Should you choose to keep it I ask that you not use the application until I've finished cleaning your system.

Run ComboFix
It appears that you've already downloaded and installed ComboFix, however you have not run it.

You should have a file on your desktop that is ComboFix.exe or Combo-Fix.exe (if you re-named it to include the -).

Let's run ComboFix now.

• Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
  
• Help with disabling your antivirus application can be found here => here
  
• Double-click on Combo-Fix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes to continue scanning for malware.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Update Java for XP:

• Go to http://java.sun.com/javase/downloads/index.jsp
• Download Java Runtime Environment (JRE) 6 Update 14
• Select the appropriate option(s), check the "I agree..." box and press CONTINUE
• Without checking the box, click on jre-6u14-windows-i586-p.exe directly underneath Windows Offline Installation > SAVE it to your desktop, do not RUN it.
• When the download is complete, close all browser windows and double-click on the saved file (jre-6u14-windows-i586-p.exe ) to install the update. Be patient: It may take five (5) minutes or more for the installation to complete.
• Delete the downloaded installation file after completing the above procedure :!: and reboot if not prompted to do so.
• Open Control Panel > Add/Remove Programs:
  • Uninstall anything that says Sun Java, Java JRE, or similar except Java TM 6 Update 14 which you just installed.
  • Close Add/Remove Programs.
  
  In Windows Explorer, navigate to C:\Program Files\Java <=this folder. Delete any subfolders except the subfolder named jre6 which was just created by the installation above.
  
  Do NOT delete C:\Program Files\JavaVM <=this folder, if found!

Post Back
Please post back with:

1. Contents of C:\Combofix.txt;
2. System status ... how is it running now???

Good Luck

[njansse2]

Thank you for your time. I am not having the trouble with McAfee any more nor am I having trouble with google search. So those problems seem to be cleared for now. Here is the log file for you to look over. Thanks again for the help.

ComboFix 09-06-22.01 - Nick Janssen 06/22/2009 15:14.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.984 [GMT -5:00]
Running from: c:\documents and settings\Nick Janssen\Desktop\Combo-Fix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\windows\Fonts\-
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\driver\driver.dll
c:\program files\driver\driver.sys
c:\windows\system32\mygmhoxd.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Service_driver
-------\Service_driverdrv


((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-22 00:27 . 2009-06-22 00:27 -------- d--h--w- c:\windows\PIF
2009-06-21 23:24 . 2009-06-22 20:11 -------- d-----w- C:\ComboFix
2009-06-19 23:56 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-19 23:56 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-18 01:04 . 2009-06-18 01:04 2 ----a-w- c:\windows\010112010146118114.dat
2009-06-18 01:04 . 2009-06-18 01:04 1 ---h--w- c:\windows\jmmark2.dat
2009-06-18 01:04 . 2009-06-18 01:04 2 ----a-w- c:\windows\0101120101465749.dat
2009-06-18 01:04 . 2009-06-18 01:04 2 ----a-w- c:\windows\0101120101465452.dat
2009-06-18 01:04 . 2009-06-18 01:04 1 ---h--w- c:\windows\bf23567.dat
2009-06-12 16:26 . 2009-06-12 16:26 152576 ----a-w- c:\documents and settings\Nick Janssen\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-05 03:26 . 2009-06-05 03:26 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-05 03:26 . 2009-06-05 03:26 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-05 03:26 . 2009-06-05 03:26 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-05 03:26 . 2009-06-05 03:26 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-05 03:26 . 2009-06-05 03:26 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-05 03:26 . 2009-06-05 03:26 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-05 03:26 . 2009-06-05 03:26 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-05 03:25 . 2009-06-05 03:25 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-05 03:25 . 2009-06-05 03:25 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-05 03:25 . 2009-06-05 03:25 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-05 03:25 . 2009-06-05 03:25 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-05 03:25 . 2009-06-05 03:25 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-05 03:25 . 2009-06-05 03:25 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-05 03:25 . 2009-06-05 03:25 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-05 03:25 . 2009-06-05 03:25 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-05 03:25 . 2009-06-05 03:25 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-05 03:25 . 2009-06-05 03:25 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 19:49 . 2007-08-03 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-20 16:36 . 2008-08-21 23:19 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\uTorrent
2009-06-19 17:48 . 2007-08-03 17:32 49758 ----a-w- c:\windows\system32\nvModes.dat
2009-06-12 16:28 . 2007-08-03 17:43 -------- d-----w- c:\program files\Java
2009-06-12 15:58 . 2007-08-15 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 00:15 . 2007-08-03 23:24 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2009-06-10 00:15 . 2008-12-07 08:09 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-06-05 03:26 . 2009-04-17 04:20 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-05 02:08 . 2007-12-02 02:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-21 16:33 . 2009-01-04 05:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-15 21:19 . 2009-05-15 21:19 152576 ----a-w- c:\documents and settings\Nick Janssen\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 05:59 . 2009-05-06 05:59 -------- d-----w- c:\program files\Coupons
2009-05-06 02:45 . 2009-05-06 02:44 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\takenote
2009-05-06 02:45 . 2009-05-06 02:45 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\gtk-2.0
2009-04-29 04:56 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 03:25 . 2009-04-24 03:25 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 03:25 . 2009-04-17 03:25 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-24 23:33 . 2009-03-24 23:33 237264 ----a-w- c:\documents and settings\Nick Janssen\Application Data\Mozilla\plugins\npgoogletalk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-05 1830128]
"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-03 67128]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-12 160592]
"Google Update"="c:\documents and settings\Nick Janssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-05 133104]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-06 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-05 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\Nick Janssen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-30 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-07 20:46 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Nick Janssen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Nick Janssen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:driver

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/16/2009 10:25 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/9/2008 4:17 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1005904]
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:25]

2009-06-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-03 22:02]

2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1801674531-725345543-1003.job
- c:\documents and settings\Nick Janssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 22:27]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: aol.com\free
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 15:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(8096)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Completion time: 2009-06-22 15:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-22 20:28
ComboFix2.txt 2007-11-25 00:52

Pre-Run: 89,320,480,768 bytes free
Post-Run: 89,577,394,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

237 --- E O F --- 2009-06-12 15:58

[KB.]

Thanks for posting back.

We have a few things to do for the moment and I need some information to help me assist you.

uTorrent Questions
Did you remove uTorrent from the system? If you didn't, please do so now. If you did, please let me know.

Malwarebytes' Anti-Malware
Please download by clicking here:
http://www.besttechie.net/tools/mbam-setup.exe

• Re-name the downloaded file Nailmalware
• Once re-named, close all programs and Windows on your computer (including this one.)
• Double-click on the icon on your desktop named Nailmalware.exe. This will start the installation of MBAM onto your computer.
• When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
• MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.
• On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.
• MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
• When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results.
• :!: Make sure all entries have a Checkmark at their far left. If you do not, the program will have done nothing..
• Click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs' quarantine.
• When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then do a File, Save and then close the Notepad window. Remember where you saved the log file, as we will want to see it later. If MBAM suggests a reboot is necessary, be sure to do so. Otherwise there can be active infectors still on your system that would only be removed finally with the reboot sequence.

Run ComboFix
Let's re-run ComboFix as follows:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines:

Code:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown:

• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Do not run ComboFix more than once

Re-activate your protection programs at this time

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

1. Contents of C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
2. Answer to uTorrent questions;
3. Contents of C:\ComboFix.txt;
4. System status...how is your system running now???

Good Luck

[njansse2]

My computer is running well. I also deleted utorrent before my previous post. I could not find the file C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt. I tried to disable the antivirus software but it turned on in the middle of combofix.

Here is the combofix txt file

ComboFix 09-06-23.01 - Nick Janssen 06/24/2009 16:39.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1591 [GMT -5:00]
Running from: c:\documents and settings\Nick Janssen\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Nick Janssen\Desktop\CFscript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 21:03 . 2009-06-24 21:03 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\Malwarebytes
2009-06-24 21:02 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 21:02 . 2009-06-24 21:03 -------- d-----w- c:\program files\nailmalware
2009-06-24 21:02 . 2009-06-24 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-24 21:02 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 03:26 . 2009-06-23 03:26 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-23 03:26 . 2009-06-23 03:26 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-23 03:26 . 2009-06-23 03:26 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-23 03:26 . 2009-06-23 03:26 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-23 03:26 . 2009-06-23 03:26 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-23 03:26 . 2009-06-23 03:26 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-23 03:26 . 2009-06-23 03:26 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-23 03:26 . 2009-06-23 03:26 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-23 03:26 . 2009-06-23 03:26 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-23 03:25 . 2009-06-23 03:25 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-23 03:25 . 2009-06-23 03:25 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-23 03:25 . 2009-06-23 03:25 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-23 03:25 . 2009-06-23 03:25 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-23 03:25 . 2009-06-23 03:25 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-22 00:27 . 2009-06-22 00:27 -------- d--h--w- c:\windows\PIF
2009-06-21 23:24 . 2009-06-22 20:11 -------- d-----w- C:\ComboFix
2009-06-19 23:56 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-19 23:56 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-12 16:26 . 2009-06-12 16:26 152576 ----a-w- c:\documents and settings\Nick Janssen\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-05 03:26 . 2009-06-05 03:26 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-05 03:26 . 2009-06-05 03:26 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-05 03:25 . 2009-06-05 03:25 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-05 03:25 . 2009-06-05 03:25 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 21:20 . 2007-12-02 02:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-24 03:11 . 2007-08-03 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-22 21:00 . 2007-08-03 17:43 -------- d-----w- c:\program files\Java
2009-06-22 20:58 . 2009-04-03 20:55 -------- d-----w- c:\program files\Snood 4
2009-06-22 20:36 . 2009-01-04 05:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 16:36 . 2008-08-21 23:19 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\uTorrent
2009-06-19 17:48 . 2007-08-03 17:32 49758 ----a-w- c:\windows\system32\nvModes.dat
2009-06-12 15:58 . 2007-08-15 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 00:15 . 2007-08-03 23:24 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2009-06-10 00:15 . 2008-12-07 08:09 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-06-05 03:26 . 2009-04-17 04:20 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-15 21:19 . 2009-05-15 21:19 152576 ----a-w- c:\documents and settings\Nick Janssen\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 05:59 . 2009-05-06 05:59 -------- d-----w- c:\program files\Coupons
2009-05-06 02:45 . 2009-05-06 02:44 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\takenote
2009-05-06 02:45 . 2009-05-06 02:45 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\gtk-2.0
2009-04-29 04:56 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 03:25 . 2009-04-24 03:25 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 03:25 . 2009-04-17 03:25 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-22_20.23.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-24 21:44 . 2009-06-24 21:44 16384 c:\windows\TEMP\Perflib_Perfdata_770.dat
+ 2004-08-04 10:00 . 2009-06-24 21:49 71710 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-06-22 20:25 71710 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2009-06-24 21:49 442192 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2009-06-22 20:25 442192 c:\windows\system32\perfh009.dat
+ 2009-06-22 20:37 . 2009-06-22 20:36 148888 c:\windows\system32\javaws.exe
- 2009-06-12 16:28 . 2009-05-21 16:34 148888 c:\windows\system32\javaws.exe
+ 2009-06-22 20:37 . 2009-06-22 20:36 144792 c:\windows\system32\javaw.exe
- 2009-06-12 16:28 . 2009-05-21 16:34 144792 c:\windows\system32\javaw.exe
+ 2009-06-22 20:37 . 2009-06-22 20:36 144792 c:\windows\system32\java.exe
- 2009-06-12 16:28 . 2009-05-21 16:34 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-24 1830128]
"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-03 67128]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-12 160592]
"Google Update"="c:\documents and settings\Nick Janssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-05 133104]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-06 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-23 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-22 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\Nick Janssen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-30 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-07 20:46 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Nick Janssen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Nick Janssen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/16/2009 10:25 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/9/2008 4:17 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1003344]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:25]

2009-06-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-03 22:02]

2009-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1801674531-725345543-1003.job
- c:\documents and settings\Nick Janssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 22:27]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: aol.com\free
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 16:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\program files\McAfee\VirusScan Enterprise\mcshield.exe [4848] 0x89892020

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3816)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-06-24 16:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-24 21:55
ComboFix2.txt 2009-06-22 20:28
ComboFix3.txt 2007-11-25 00:52

Pre-Run: 89,519,157,248 bytes free
Post-Run: 89,445,560,320 bytes free

242 --- E O F --- 2009-06-12 15:58

[KB.]

I haven't reviewed your reports in detail and will do so.

I'm leaving on vacation tomorrow so I can't give detailed instructions until Monday.

Hang in there while you await my next post.

Good Luck

[Ried]

Hello njansse2,

In an effort to keep you moving, KB. has asked me to look in on this thread during his absence.


The logs are looking much better. What is needed now, is to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

======================================

Launch Malwarebytes Anti Malware program. Click on the Logs tab and you'll find the logs. Copy/paste the contents in your next reply along with the Kaspersky results.

[KB.]

Howdy, njansse2.

Ried posted instructions that I'd like for you to follow.

Please post back with the Malwarebytes' information as well as the Kaspersky results.

Thanks and Good Luck

[njansse2]

Hello!

I ran the Kaspersky Scanner. I wasn't sure if you wanted the Malwarebytes log from before or from now. So I will post both of them. Thanks a lot. None of the scanners are finding any malware now.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, June 29, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 29, 2009 20:20:57
Records in database: 2402168
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 64426
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:10:26

No malware has been detected. The scan area is clean.

The selected area was scanned.


Here is the Malwarebytes log from last week.

Malwarebytes' Anti-Malware 1.38
Database version: 2330
Windows 5.1.2600 Service Pack 3

6/24/2009 4:13:15 PM
mbam-log-2009-06-24 (16-13-15).txt

Scan type: Quick Scan
Objects scanned: 94117
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\8085:tcp (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\jmmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101465452.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101465749.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101465452.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted successfully.


Here is the Log from now

Malwarebytes' Anti-Malware 1.38
Database version: 2330
Windows 5.1.2600 Service Pack 3

6/29/2009 3:56:57 PM
mbam-log-2009-06-29 (15-56-57).txt

Scan type: Quick Scan
Objects scanned: 95851
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[KB.]

Nice work

I'd like to start cleaning up after some of the applications I've had you use.

Please note that when I have you go to Add or Remove Programs, make certain that the "Show Updates" box at the top right is checked

Uninstall MBAM
Go to Add or Remove Programs and remove (i.e. uninstall) Malwarebytes AntiMalware.

Uninstall Kaspersky
Go to Add or Remove Programs and remove (i.e. uninstall) Kaspersky Online Scanner.

ComboFix Cleanup
Click Start, then click Run.
Enter into the command box that opens: combofix /u and then click OK.

If you renamed this file, use the new name (e.g. Combo-Fix /u) in following this instruction rather than "Combofix /u".

Be certain to include a space between the x in Combo-Fix and the /u.



Post Back
Post back with:

1. Confirmation that you've completed the above;
2. System status ... how is everything running now???

Good Luck

[KB.]

Have you completed the aforementioned instructions and can you provide the requested information?

Please let me know, otherwise we can close this thread.

Thanks and Good Luck

[njansse2]

Thank you so much for the help. Everything seems to be in ship shape and I deleted those programs from my computer. Thank you very much for the help

[KB.]

You're very welcome, I'm glad I could help.

Windows Update
Using Internet Explorer (only), check in at Windows Update and install all critical updates (see notes below first) offered; reboot if prompted to do so.

DO NOT INSTALL IE8 at this time! You can uncheck it as an update at Windows Update

Note: You may not want to install IE8 at this time but if you do install it and don't care for it you can revert back to IE7 by uninstalling IE8 via Add or Remove Programs

In short, you'll need to disable all of your AntiVirus and AntiSpyware applications prior to installing IE8. Reboot twice once IE8 is installed and re-enable your protections when complete.

I've always downloaded the IE8 installer from this link => IE8 Installer then disabled protections and installed it rather than installing via Windows Updates. I recommend that you do the same should you choose to install IE8.

Tip: Critical updates are offered on the second Tuesday of every month.

Windows Updates should be configured such that Automatic Update is enabled, at least to just notify.

How to configure and use Automatic Updates in Windows XP: Automatic Updates for XP

Consider hardening your defenses
Consider adding the additional layer of AntiSpyWare (don't confuse with AntiVirus, you can run in tandem) protection noted below:

• Download and Install Windows Defender by Microsoft (free): Windows Defender

Learn to stay safe
Spend some time reading about how to keep your computer safe on the Internet: Stay Safe

Final Note
If you have questions or experience further problems feel free to post back in this thread. If not, let me know otherwise I'll have it marked as complete.

Take care and happy safe surfing.