IE problems after trojan removed by Norton AV

[rexology]

On July 2nd I received a note that my Norton Antivirus had located and removed Trojan.fakeavalert. Since that time, I have been having issues with IE and when using Alt+Tab I can see an IE window that says Alert Popup among the active programs, but it does not show up in Task Manager.

Here is the DDS:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Me at 22:59:59.53 on 30/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.693 [GMT -7:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\Me\Desktop\dds.pif

============== Pseudo HJT Report ===============

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SB Audigy 2 Startup Menu] /L:ENG
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\me\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\me\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://usfulfillment.puretracks.com/onager.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - hxxp://univ8.centra.com/SiteRoots/safeco/Install/CentraDownloader.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-22 05:18 <DIR> --d----- c:\docume~1\me\applic~1\Pro Cycling Manager 2009
2009-07-22 04:30 <DIR> --d----- c:\program files\Cyanide
2009-07-22 04:07 <DIR> --d----- c:\program files\ProCyclingMgr
2009-07-21 21:54 3,033,712 a------- c:\windows\system32\drivers\appdrv01.sys
2009-07-21 21:54 316,816 a------- c:\windows\system32\appdrvrem01.exe
2009-07-20 23:55 <DIR> --dsh--- c:\documents and settings\me\IECompatCache
2009-07-15 10:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MemeoCommon
2009-07-15 10:29 <DIR> --d----- c:\program files\common files\Memeo
2009-07-15 10:29 <DIR> --d----- c:\program files\WD
2009-07-15 10:28 <DIR> --d----- c:\docume~1\me\applic~1\WD
2009-07-15 10:27 <DIR> --d----- c:\program files\common files\eSellerate
2009-07-15 10:16 <DIR> --d----- c:\program files\MioNet
2009-07-15 10:16 <DIR> --d----- c:\program files\Western Digital Corporation
2009-07-15 10:15 <DIR> --d----- c:\program files\Western Digital
2009-07-14 13:48 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-10 11:41 <DIR> --d----- c:\program files\WebEx
2009-07-10 11:35 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-10 11:33 14,048 -------- c:\windows\system32\spmsg2.dll
2009-07-10 11:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Linksys
2009-07-10 11:30 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-10 11:27 23,992 a------- c:\windows\system32\drivers\pnarp.sys
2009-07-10 11:27 25,272 a------- c:\windows\system32\drivers\purendis.sys
2009-07-10 11:26 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-07-10 11:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-07-10 11:24 <DIR> --d----- c:\program files\Linksys
2009-07-03 03:39 <DIR> --dsh--- c:\documents and settings\me\PrivacIE
2009-07-03 00:23 <DIR> --dsh--- c:\documents and settings\me\IETldCache
2009-07-03 00:18 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-07-03 00:17 <DIR> --d----- c:\windows\ie8updates
2009-07-03 00:15 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 00:15 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 00:11 <DIR> -cd-h--- c:\windows\ie8

==================== Find3M ====================

2009-07-30 21:48 8,497 a--sh--- c:\windows\system32\mmf.sys
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 06:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-03 10:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 10:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 10:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 10:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 10:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 10:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 10:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 10:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 10:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 10:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 04:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 07:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 12:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2004-06-23 05:07 13,195 a------- c:\documents and settings\me\zguicfgw.dat

============= FINISH: 23:04:10.85 ==============

The others are attached. Any help is appreciated.

[Ried]

Hello rexology and our apologies for the delay.

If you still require assistance, please run a new scan with dds, post the fresh dds.txt , and we'll get started.