Hi, thanks again, things seem a lot better! Google works OK now, instead of sending me to other sites.
Here are the logs:
ComboFix 09-05-26.05 - Caroline Dexter 28/05/2009 13:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1022.452 [GMT 1:00]
Running from: d:\documents and settings\Caroline Dexter.049924520170\Desktop\ChombiFox.exe
Command switches used :: d:\documents and settings\Caroline Dexter.049924520170\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
FILE ::
"d:\documents and settings\Caroline Dexter.049924520170\Application Data\asd.bat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\ALUNOTIFYRES.DLL
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvcRes.dll
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\AUPDATERES.DLL
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LSETUPRES.DLL
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LUALLRES.DLL
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuComServer_3_0.EXE
c:\program files\Symantec\LiveUpdate\LuComServerPS_3_0.DLL
c:\program files\Symantec\LiveUpdate\LuComServerRes.dll
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\LUINSDLLRES.DLL
c:\program files\Symantec\LiveUpdate\luinventoryinst.jar
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\LUSESAIntegration.dll
c:\program files\Symantec\LiveUpdate\LUSESAIntegrationRes.dll
c:\program files\Symantec\LiveUpdate\LUSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUUPDATE.EXE
c:\program files\Symantec\LiveUpdate\MFC71.DLL
c:\program files\Symantec\LiveUpdate\MSVCP71.DLL
c:\program files\Symantec\LiveUpdate\MSVCR71.DLL
c:\program files\Symantec\LiveUpdate\NetDetectController_3_0.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom_3_0.DLL
c:\program files\Symantec\LiveUpdate\providerInst.jar
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUCP1RES.DLL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SESA.Settings.LiveUpdate
c:\program files\Symantec\LiveUpdate\Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\program files\Symantec\LiveUpdate\SymantecRootInstallerRes.dll
c:\program files\Symantec\LiveUpdate\UNRAR.DLL
c:\program files\Symantec\LiveUpdate\winluproviderinst.jar
d:\documents and settings\Caroline Dexter.049924520170\Application Data\asd.bat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AUTOMATIC_LIVEUPDATE_SCHEDULER
-------\Legacy_LIVEUPDATE
-------\Legacy_SYMANTEC_CORE_LC
-------\Service_Automatic LiveUpdate Scheduler
-------\Service_LiveUpdate
-------\Service_Symantec Core LC
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.
2009-05-28 11:17 . 2009-05-28 11:18 -------- d--h--w C:\$AVG8.VAULT$
2009-05-26 16:58 . 2009-05-06 10:06 4784464 ----a-w d:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D0A9C05F-CA17-49EA-89AD-528233AA2883}\mpengine.dll
2009-05-24 15:19 . 2009-05-24 15:19 -------- d-----w c:\program files\Trend Micro
2009-05-23 17:18 . 2009-05-23 16:24 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-23 16:29 . 2009-05-23 16:29 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-23 16:29 . 2009-05-23 16:24 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-23 16:22 . 2009-05-23 16:22 -------- dc-h--w d:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-23 16:22 . 2009-03-12 08:17 2902048 -c--a-w d:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-23 16:22 . 2009-05-23 16:29 -------- d-----w d:\documents and settings\All Users\Application Data\Lavasoft
2009-05-23 16:22 . 2009-05-23 16:22 -------- d-----w c:\program files\Lavasoft
2009-05-23 16:19 . 2009-05-24 15:04 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-23 16:19 . 2009-05-23 21:24 -------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-23 11:33 . 2009-05-23 11:33 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-23 11:33 . 2009-05-23 11:33 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-23 11:33 . 2009-05-23 11:33 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-23 11:33 . 2009-05-23 11:33 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-23 11:33 . 2009-05-27 14:45 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-23 11:32 . 2009-05-28 09:28 -------- d-----w d:\documents and settings\All Users\Application Data\avg8
2009-05-23 11:32 . 2009-05-23 11:32 -------- d-----w c:\program files\AVG
2009-05-22 16:08 . 2009-05-22 16:08 -------- d-----w d:\documents and settings\Caroline Dexter.049924520170\Application Data\OD2
2009-05-21 21:00 . 2009-05-21 21:00 -------- d-----w d:\documents and settings\All Users\Application Data\SITEguard
2009-05-21 20:59 . 2009-05-28 12:55 -------- d-----w d:\documents and settings\All Users\Application Data\STOPzilla!
2009-05-21 20:59 . 2009-05-21 20:59 -------- d-----w c:\program files\STOPzilla!
2009-05-21 20:59 . 2009-05-21 20:59 -------- d-----w c:\program files\Common Files\iS3
2009-05-21 20:37 . 2009-05-06 10:06 4784464 ----a-w d:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-21 20:35 . 2009-05-21 20:35 -------- d-----w c:\program files\Windows Defender
2009-05-17 14:53 . 2004-08-03 22:07 59264 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
2009-05-17 14:53 . 2004-08-03 22:07 59264 ----a-w c:\windows\system32\dllcache\usbaudio.sys
2009-05-13 14:28 . 2009-05-13 14:28 17408 ----a-r c:\windows\system32\SZIO5.dll
2009-05-13 14:27 . 2009-05-13 14:27 294912 ----a-r c:\windows\system32\SZBase5.dll
2009-05-13 14:27 . 2009-05-13 14:27 540672 ----a-r c:\windows\system32\SZComp5.dll
2009-05-12 13:13 . 2009-05-12 13:13 61328 ----a-r c:\windows\system32\drivers\SZKG.sys
2009-05-10 01:54 . 2009-05-10 01:54 -------- d-----w d:\documents and settings\Caroline Dexter.049924520170\Application Data\AdobeUM
2009-05-09 17:53 . 2001-08-17 12:53 3328 ----a-w c:\windows\system32\drivers\qv2kux.sys
2009-05-09 17:53 . 2001-08-17 12:53 3328 ----a-w c:\windows\system32\dllcache\qv2kux.sys
2009-05-08 08:39 . 2009-05-26 18:03 -------- d-----w d:\documents and settings\Caroline Dexter.049924520170\Application Data\EndNote
2009-05-08 08:30 . 2002-12-31 10:00 17920 ----a-w c:\windows\system32\mdimon.dll
2009-05-08 08:30 . 2009-05-08 08:30 -------- d-----w c:\program files\Microsoft ActiveSync
2009-05-08 08:29 . 2009-05-08 08:30 -------- d-----w c:\windows\SHELLNEW
2009-05-08 08:28 . 2009-05-08 08:28 -------- d-----w c:\program files\Microsoft.NET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 12:55 . 2009-05-28 12:55 472 ----a-w c:\windows\system32\drivers\kgpfr2.cfg
2009-05-28 12:55 . 2009-05-28 12:54 704 ----a-w c:\windows\system32\drivers\kgpcpy.cfg
2009-05-17 17:08 . 2007-06-12 13:00 -------- d-----w d:\documents and settings\Caroline Dexter.049924520170\Application Data\n-Track Studio5
2009-05-08 08:38 . 2007-02-04 21:16 89176 ----a-w d:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 08:38 . 2009-05-08 08:38 0 ----a-w d:\documents and settings\Caroline Dexter.049924520170\Application Data\wklnhst.dat
2009-04-26 14:44 . 2009-04-26 14:44 -------- d-----w d:\documents and settings\Caroline Dexter.049924520170\Application Data\VadeRetro
2009-04-24 18:50 . 2009-04-24 18:50 -------- d-----w c:\program files\Common Files\Risxtd
2009-04-24 18:50 . 2009-04-24 18:50 -------- d-----w d:\documents and settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2009-04-24 18:50 . 2009-04-24 18:50 -------- d-----w c:\program files\Common Files\ResearchSoft
2009-04-24 18:50 . 2009-04-24 18:50 -------- d-----w c:\program files\EndNote Web
2009-04-24 18:48 . 2009-04-24 18:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-27 09:56 . 2009-03-27 09:56 126976 ----a-r c:\windows\system32\IS3HTUI5.dll
2009-03-27 09:55 . 2009-03-27 09:55 393216 ----a-r c:\windows\system32\IS3DBA5.dll
2009-03-27 09:55 . 2009-03-27 09:55 372736 ----a-r c:\windows\system32\IS3UI5.dll
2009-03-27 09:55 . 2009-03-27 09:55 61440 ----a-r c:\windows\system32\IS3Hks5.dll
2009-03-27 09:54 . 2009-03-27 09:54 23040 ----a-r c:\windows\system32\IS3XDat5.dll
2009-03-27 09:54 . 2009-03-27 09:54 221184 ----a-r c:\windows\system32\IS3Win325.dll
2009-03-27 09:54 . 2009-03-27 09:54 94208 ----a-r c:\windows\system32\IS3Inet5.dll
2009-03-27 09:53 . 2009-03-27 09:53 90112 ----a-r c:\windows\system32\IS3Svc5.dll
2009-03-27 09:50 . 2009-03-27 09:50 716800 ----a-r c:\windows\system32\IS3Base5.dll
2009-03-06 14:00 . 2004-09-10 13:57 284160 ----a-w c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-28_09.48.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-05 12:16 . 2009-05-28 12:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-05 12:16 . 2009-05-28 09:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-10-05 12:16 . 2009-05-28 12:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-05 12:16 . 2009-05-28 09:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-05 12:16 . 2009-05-28 12:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-10-05 12:16 . 2009-05-28 09:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-05 26112]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2006-01-30 1978368]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-23 1947928]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-23 516440]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-10-18 557056]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-27 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2006-5-17 2297856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-01-30 07:53 49152 ----a-w c:\apps\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-23 11:33 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/05/2009 17:29 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/05/2009 12:33 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/05/2009 12:33 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/05/2009 12:32 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 20:06 953168]
R2 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [12/05/2009 14:13 61328]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [27/03/2006 17:53 167808]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - BEEP
.
Contents of the 'Scheduled Tasks' folder
2009-05-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:24]
2009-05-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.youtube.com/watch?v=hZLchENhVVY&NR=1uInternet Connection Wizard,ShellNext =
hxxp://www2.arnes.si/~mmilut/BladeEnc.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-28 13:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\RtlGina2.dll
c:\apps\Softex\OmniPass\opxpgina.dll
- - - - - - - > 'lsass.exe'(756)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
- - - - - - - > 'explorer.exe'(3000)
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\apps\Softex\OmniPass\SCUREDLL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\apps\Softex\OmniPass\OmniServ.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\apps\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\apps\ABOARD\AOSD.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-28 14:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 13:00
ComboFix2.txt 2009-05-28 09:49
Pre-Run: 20,566,609,920 bytes free
Post-Run: 20,468,871,168 bytes free
282 --- E O F --- 2009-04-25 08:08
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, May 28, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 28, 2009 14:26:36
Records in database: 2265298
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: Infected:
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
Scan statistics:
Files scanned: 89724
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:19:07
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\ieocx.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.gxl 1
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP96\A0026328.dll Infected: not-a-virus:AdWare.Win32.BHO.gxl 1
D:\Documents and Settings\Caroline Dexter.049924520170\Desktop\HELLO E14\Fruitty Loops 4.5\Fruity Loops Studio 4.5.2 Producer Edition.iso Infected: Trojan-PSW.Win32.Delf.dnd 1
D:\Documents and Settings\Caroline Dexter.049924520170\Local Settings\Application Data\Microsoft\CD Burning\HELLO E14\Fruitty Loops 4.5\Fruity Loops Studio 4.5.2 Producer Edition.iso Infected: Trojan-PSW.Win32.Delf.dnd 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:17, on 28/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\QuickTime\qttask.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.youtube.com/watch?v=hZLchENhVVY&NR=1R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www2.arnes.si/~mmilut/BladeEnc.htmlO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EndNote Web - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: EndNote Web - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
--
End of file - 8583 bytes
I am unsure which antivirus software I should have running when I am not running these logs and scans. Stopzilla comes on automatically and I have been turning it off.
Thanks