# various application error messages and google search links being redirected



## stevechoanity (Mar 29, 2010)

This is my first time using this site, so please let me know if I have posted too much information or not enough. Thanks!

I have been getting a number of error messages over the past few days or so. Sometimes they are there when I return to my computer after a period of inactivity, and sometimes they appear after I do something, but that something can be as random as me clicking the button to open my favourites list.

Here are some of the messages:

Ad-Aware.exe - Application Error

The exception unknown software exception (0x0eedfade) occurred in the application at location 0x7c812afb

The options are to click OK or Cancel

Another example:

asOELnch.exe - Application Error

The exception unknown software exception (0xc06d007e) occurred in the application at location 0x7c812afb.

The options are to click OK or Cancel

Another "type" of error message I'm getting follows the pattern of this example:

Socket Notification Sink: Explorer.EXE - Application Error

The instruction at "0x7c910cce" referenced memory at "0x00000009". The memory could not be "read".

Click on OK to terminate the program

Click on CANCEL to debug the program

I have two other examples that follow the exact same format as the one directly above except the things that are referenced in the quotation marks are (for example 1): "0x7c910f1e" ... "0xbfc2bfc2" (for example 2): "0x7c911129" ... "0x267e0765"

Another example is:

Bookmark Manager: chrome.exe - Application Error

The instruction at "0x02366f1d" referenced memory at "0x00000008". The memory could not be "read".

Click on OK to terminate the program

Click on CANCEL to debug the program

I have tried to get technical support from Norton but they haven't been able to do anything.

Also, I have noticed that sometimes when I search in Google, the links that show up seem proper but when I click them I redirected to another site, usually a weird search site.

Here is the log from HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:52 PM, on 3/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {04E4F99A-80DE-4B73-BECB-2C742139AE98} - C:\WINDOWS\System32\dinput83232.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\DOCUME~1\user\LOCALS~1\Temp\1B3.tmp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123908302968
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\diactfrm32.dll
O20 - Winlogon Notify: 881d58cb862 - C:\WINDOWS\System32\diactfrm32.dll
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - C:\WINDOWS\system32\geplxss.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

--
End of file - 9197 bytes

I have no idea what to do now. Please help! Thank you!!


----------



## stevechoanity (Mar 29, 2010)

I just noticed another symptom that I'm assuming is related since up until I started noticing these problems I was able to get sound from my speakers. 

I noticed when I tried to play a music file using Winamp which is what I've used for years. When I try to play the song the player opens up, I hear nothing, the bar tracking the song progress does not move and I get the following message pop up in a separate window:

Nullsoft Direct Sound Output v2.49 (d) Error

Bad DirectSound driver. Please install proper drivers or select another device in configuration. 
Error code: 80070057

My only option is to click OK.


----------



## stevechoanity (Mar 29, 2010)

Now I am getting a message popping up from Norton that says: 

Security Risk Found

A program is behaving suspiciously on your computer. We recommend that you choose to block and remove it. 

lsass.exe

Remove this file (Recommended)

Allow this program to continue. 

I have now had this exact same message appear 3 times. Each time it is there when I return to my computer after a period of inactivity. Each time I click on Remove this file. After clicking that the 3rd time I ran a search of my computer for lsass and found it in 2 locations. One of which was C:\WINDOWS\system32. I tried to delete it but I got the message: 

Error Deleting File or Folder

Cannot delete lsass: Access is denied. 

Make sure the disk is not full or write-protected and that the file is not currently in use. 

OK

So, then I tried hitting Ctrl+Alt+Delete to bring up Windows Task Manager to end the process. When I tried to end the process I got the message:

Unable to Terminate Process

This is a critical system process. Task Manager cannot end this process. 

OK

So, I moved on to locate the other lsass file in C:\WINDOWS\ServicePackFiles\i386. That one I was able to move to the Recycle Bin and delete. After that I re-ran the search for the lsass file and found it only in the C:\WINDOWS\system32 location. 

So, it seems Norton cannot delete the lsass file and nor can I do so manually. 

Please help! It seems like my computer is getting worse and worse!

Thank you!!!


----------



## dvk01 (Dec 14, 2002)

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​
Download ComboFix from *Here* to your Desktop.

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this 
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *


----------



## stevechoanity (Mar 29, 2010)

ComboFix 10-03-29.04 - user 03/31/2010 12:04:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.600 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Application Data\020000001de91619862C.manifest
c:\documents and settings\user\Application Data\020000001de91619862O.manifest
c:\documents and settings\user\Application Data\020000001de91619862P.manifest
c:\documents and settings\user\Application Data\020000001de91619862S.manifest
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\extensions\{498c347f-0660-4a26-89e2-011c561f5e1f}
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\extensions\{498c347f-0660-4a26-89e2-011c561f5e1f}\chrome.manifest
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\extensions\{498c347f-0660-4a26-89e2-011c561f5e1f}\chrome\xulcache.jar
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\extensions\{498c347f-0660-4a26-89e2-011c561f5e1f}\defaults\preferences\xulcache.js
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\extensions\{498c347f-0660-4a26-89e2-011c561f5e1f}\install.rdf
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\oi0lkkh6.Paul\extensions\{498c347f-0660-4a26-89e2-011c561f5e1f}
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\oi0lkkh6.Paul\extensions\{498c347f-0660-4a26-89e2-011c561f5e1f}\chrome.manifest
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\oi0lkkh6.Paul\extensions\{498c347f-0660-4a26-89e2-011c561f5e1f}\chrome\xulcache.jar
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\oi0lkkh6.Paul\extensions\{498c347f-0660-4a26-89e2-011c561f5e1f}\defaults\preferences\xulcache.js
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\oi0lkkh6.Paul\extensions\{498c347f-0660-4a26-89e2-011c561f5e1f}\install.rdf
c:\documents and settings\user\Application Data\SystemProc
c:\documents and settings\user\Favorites\Online Security Test.url
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\recycler\S-1-5-21-1957994488-842925246-725345543-500
c:\windows\GnuHashes.ini
c:\windows\system32\976175020
c:\windows\system32\CABVIEW32.DLL
c:\windows\system32\clb3232.dll
c:\windows\system32\clbcatq32.dll
c:\windows\system32\cmcfg3232.dll
c:\windows\system32\cmdial3232.dll
c:\windows\system32\colbact32.dll
c:\windows\system32\COMMDLG32.DLL
c:\windows\system32\CORPOL32.DLL
c:\windows\system32\crypt3232.dll
c:\windows\system32\D3D8THK32.DLL
c:\windows\system32\D3DPMESH32.DLL
c:\windows\system32\d3dx9_253232.dll
c:\windows\system32\Data
c:\windows\system32\DATACLEN32.DLL
c:\windows\system32\DBMSRPCN32.DLL
c:\windows\system32\dbnetlib3232.dll
c:\windows\system32\DCIMAN3232.DLL
c:\windows\system32\DDRAWEX32.DLL
c:\windows\system32\deskadp32.dll
c:\windows\system32\dfrgsnap32.dll
c:\windows\system32\dgrpsetu32.dll
c:\windows\system32\DGSETUP32.DLL
c:\windows\system32\dgsetup3232.dll
c:\windows\system32\dgsetup323232.dll
c:\windows\system32\DHCPMON32.DLL
c:\windows\system32\dhcpsapi3232.dll
c:\windows\system32\diactfrm3232.dll
c:\windows\system32\DINPUT32.DLL
c:\windows\system32\DINPUT832.DLL
c:\windows\system32\dinput83232.dll
c:\windows\system32\divxdec_040c3232.dll
c:\windows\system32\DMIME32.DLL
c:\windows\system32\DMLOADER32.DLL
c:\windows\system32\dmocx32.dll
c:\windows\system32\DMSCRIPT32.DLL
c:\windows\system32\DMUSIC32.DLL
c:\windows\system32\dmusic3232.dll
c:\windows\system32\DNSAPI32.DLL
c:\windows\system32\dnsrslvr32.dll
c:\windows\system32\DPMODEMX32.DLL
c:\windows\system32\DS32GT32.DLL
c:\windows\system32\DSKQUOTA32.DLL
c:\windows\system32\DSPRPRES32.DLL
c:\windows\system32\dsuiext3232.dll
c:\windows\system32\duser32.dll
c:\windows\system32\dxdiagn3232.dll
c:\windows\system32\dxmasf3232.dll
c:\windows\system32\dxva23232.dll
c:\windows\system32\dxva2323232.dll
c:\windows\system32\dxva232323232.dll
c:\windows\system32\dxva23232323232.dll
c:\windows\system32\encapi32.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\@u1380385425v0
c:\windows\system32\SysWoW32\_u1380385425v0
c:\windows\system32\SysWoW32\_u1380385425v1
c:\windows\system32\SysWoW32\_u1380385425v2
c:\windows\system32\SysWoW32\_u1380385425v3
c:\windows\system32\SysWoW32\_u1380385425v4
c:\windows\system32\SysWoW32\_u1380385425v5
c:\windows\system32\SysWoW32\_u1380385425v6
c:\windows\system32\SysWoW32\_u1380385425v7
c:\windows\system32\SysWoW32\mu1380385425v4
c:\windows\system32\SysWoW32\mu1380385425v4.kwd
c:\windows\system32\SysWoW32\mu1380385425v5
c:\windows\system32\SysWoW32\mu1380385425v5.kwd
c:\windows\system32\SysWoW32\mu1380385425v6
c:\windows\system32\SysWoW32\mu1380385425v6.kwd
c:\windows\system32\SysWoW32\mu1380385425v7
c:\windows\system32\SysWoW32\mu1380385425v7.kwd
c:\windows\system32\SysWoW32\wu1380385425v0
c:\windows\system32\SysWoW32\wu1380385425v0.kwd
c:\windows\system32\SysWoW32\wu1380385425v1
c:\windows\system32\SysWoW32\wu1380385425v1.kwd
c:\windows\system32\SysWoW32\wu1380385425v2
c:\windows\system32\SysWoW32\wu1380385425v2.kwd
c:\windows\system32\SysWoW32\wu1380385425v3
c:\windows\system32\SysWoW32\wu1380385425v3.kwd
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-31 15:46 . 2010-03-31 15:56 -------- d-----w- c:\windows\LMI444.tmp
2010-03-31 15:29 . 2010-03-31 15:29 57344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\.GetMemoryInfoEx.exe
2010-03-31 15:28 . 2010-03-31 15:28 46952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\.hsie2010.exe
2010-03-31 15:28 . 2010-03-31 15:28 24952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\.CLT2010.exe
2010-03-31 15:27 . 2009-07-12 08:05 225280 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\Microsoft.VC90.CRT\msvcm90.dll
2010-03-31 15:27 . 2009-07-12 08:02 653120 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\Microsoft.VC90.CRT\msvcr90.dll
2010-03-31 15:27 . 2009-07-12 08:02 569664 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\Microsoft.VC90.CRT\msvcp90.dll
2010-03-31 13:44 . 2010-03-31 13:44 200704 ----a-w- c:\windows\system32\divx_xx0c32.dll
2010-03-31 09:52 . 2010-03-29 19:26 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100330.048\NAVENG.SYS
2010-03-31 09:52 . 2010-03-29 19:26 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100330.048\NAVENG32.DLL
2010-03-31 09:52 . 2010-03-29 19:26 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100330.048\NAVEX32A.DLL
2010-03-31 09:52 . 2010-03-29 19:26 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100330.048\NAVEX15.SYS
2010-03-31 09:52 . 2010-03-29 19:26 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100330.048\EECTRL.SYS
2010-03-31 09:52 . 2010-03-29 19:26 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100330.048\CCERASER.DLL
2010-03-31 09:52 . 2010-03-29 19:26 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100330.048\ECMSVR32.DLL
2010-03-31 09:52 . 2010-03-29 19:26 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100330.048\ERASER.SYS
2010-03-30 23:08 . 2010-03-30 23:08 516480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\EmailScannerAddin.dll
2010-03-30 23:08 . 2010-03-30 23:08 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll
2010-03-30 18:48 . 2010-03-30 18:48 200704 ----a-w- c:\windows\system32\dpuGUI1132.dll
2010-03-30 01:10 . 2010-03-30 01:10 202752 ----a-w- c:\windows\system32\browsewm32.dll
2010-03-30 00:10 . 2010-03-30 00:10 202752 ----a-w- c:\windows\system32\bitsprx432.dll
2010-03-29 22:10 . 2010-03-29 22:10 202752 ----a-w- c:\windows\system32\bitsprx232.dll
2010-03-29 20:58 . 2010-03-29 20:58 -------- d-----w- c:\program files\Trend Micro
2010-03-29 19:28 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\Scxpx86.dll
2010-03-29 19:28 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSxpx86.dll
2010-03-29 19:28 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSviA64.sys
2010-03-29 19:28 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSvix86.sys
2010-03-29 19:28 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSXpx86.sys
2010-03-29 19:19 . 2009-12-10 03:16 784752 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
2010-03-29 19:19 . 2009-11-17 00:51 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
2010-03-29 19:17 . 2009-12-17 06:29 892272 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\CLT\cltLMSx.dll
2010-03-29 19:17 . 2010-03-29 19:17 -------- d-----w- c:\windows\system32\drivers\NIS
2010-03-29 19:17 . 2010-03-29 19:17 -------- d-----w- c:\program files\Norton Internet Security
2010-03-29 19:16 . 2010-03-29 19:16 -------- d-----w- c:\program files\NortonInstaller
2010-03-29 18:36 . 2010-03-31 15:54 -------- d-----w- c:\windows\LMI193.tmp
2010-03-29 15:09 . 2010-03-29 15:09 202752 ----a-w- c:\windows\system32\davclnt32.dll
2010-03-29 13:09 . 2010-03-29 13:09 202752 ----a-w- c:\windows\system32\d3dx9_2732.dll
2010-03-29 12:09 . 2010-03-29 12:09 202752 ----a-w- c:\windows\system32\d3drm32.dll
2010-03-29 10:09 . 2010-03-29 10:09 202752 ----a-w- c:\windows\system32\d3d932.dll
2010-03-29 07:09 . 2010-03-29 07:09 202752 ----a-w- c:\windows\system32\cryptsvc32.dll
2010-03-29 05:09 . 2010-03-29 05:09 202752 ----a-w- c:\windows\system32\confmsp32.dll
2010-03-29 02:09 . 2010-03-29 02:09 202752 ----a-w- c:\windows\system32\cnetcfg32.dll
2010-03-28 22:09 . 2010-03-28 22:09 202752 ----a-w- c:\windows\system32\cewmdm32.dll
2010-03-28 20:09 . 2010-03-28 20:09 202752 ----a-w- c:\windows\system32\cdm32.dll
2010-03-28 17:40 . 2010-03-28 17:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-03-28 17:08 . 2010-03-28 17:08 -------- d-----w- c:\documents and settings\user\Application Data\Tific
2010-03-28 13:54 . 2010-03-28 13:54 202752 ----a-w- c:\windows\system32\eappgnui32.dll
2010-03-28 05:55 . 2010-03-28 05:55 202752 ----a-w- c:\windows\system32\DivX32.dll
2010-03-28 03:54 . 2010-03-28 03:54 202752 ----a-w- c:\windows\system32\dmconfig32.dll
2010-03-28 02:11 . 2010-03-28 02:11 202752 ----a-w- c:\windows\system32\dbmsadsn32.dll
2010-03-28 00:28 . 2010-03-27 23:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-27 23:04 . 2010-03-27 23:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-27 23:04 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-27 23:03 . 2010-03-27 23:04 -------- d-----w- c:\program files\Lavasoft
2010-03-27 22:44 . 2010-03-27 22:44 202752 ----a-w- c:\windows\system32\divxdec_040c32.dll
2010-03-27 19:33 . 2010-03-27 19:33 202752 ----a-w- c:\windows\system32\divx_xx1132.dll
2010-03-27 19:20 . 2010-03-27 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-03-27 19:20 . 2010-03-27 19:29 -------- d-----w- c:\program files\RegCure
2010-03-27 18:33 . 2010-03-27 18:33 202752 ----a-w- c:\windows\system32\deskperf32.dll
2010-03-27 12:40 . 2010-03-27 12:40 202752 ----a-w- c:\windows\system32\dmcompos32.dll
2010-03-27 06:40 . 2010-03-27 06:40 202752 ----a-w- c:\windows\system32\dfsshlex32.dll
2010-03-27 03:40 . 2010-03-27 03:40 202752 ----a-w- c:\windows\system32\dbnetlib32.dll
2010-03-27 00:25 . 2010-03-27 00:25 62776 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-03-27 00:24 . 2010-03-27 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-26 22:39 . 2010-03-26 22:39 202752 ----a-w- c:\windows\system32\eventlog32.dll
2010-03-26 21:39 . 2010-03-26 21:39 202752 ----a-w- c:\windows\system32\esentprf32.dll
2010-03-26 19:39 . 2010-03-26 19:39 202752 ----a-w- c:\windows\system32\EqnClass32.dll
2010-03-26 18:39 . 2010-03-26 18:39 202752 ----a-w- c:\windows\system32\eappprxy32.dll
2010-03-26 16:39 . 2010-03-26 16:39 202752 ----a-w- c:\windows\system32\dxmasf32.dll
2010-03-26 13:39 . 2010-03-26 13:39 202752 ----a-w- c:\windows\system32\dxdiagn32.dll
2010-03-26 10:39 . 2010-03-26 10:39 202752 ----a-w- c:\windows\system32\dsuiext32.dll
2010-03-26 09:39 . 2010-03-26 09:39 202752 ----a-w- c:\windows\system32\dpuGUI1032.dll
2010-03-26 07:39 . 2010-03-26 07:39 202752 ----a-w- c:\windows\system32\dpl10032.dll
2010-03-26 04:40 . 2010-03-26 04:40 202752 ----a-w- c:\windows\system32\dgnet32.dll
2010-03-26 03:45 . 2010-03-26 03:45 202752 ----a-w- c:\windows\system32\dxva232.dll
2010-03-26 01:00 . 2010-03-26 01:00 202752 ----a-w- c:\windows\system32\d3dx9_2532.dll
2010-03-26 00:01 . 2010-03-26 00:01 202752 ----a-w- c:\windows\system32\clb32.dll
2010-03-25 23:02 . 2010-03-25 23:02 202752 ----a-w- c:\windows\system32\dhcpsapi32.dll
2010-03-25 21:47 . 2010-03-25 21:47 111104 ----a-w- c:\windows\system32\drmclien32.dll
2010-03-25 21:47 . 2010-03-25 21:47 202752 ----a-w- c:\windows\system32\dpnwsock32.dll
2010-03-25 21:47 . 2010-03-25 21:47 120320 ----a-w- c:\windows\system32\diactfrm32.dll
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\bbRGen.dll


----------



## stevechoanity (Mar 29, 2010)

2010-03-10 20:03 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 15:27 . 2010-03-29 19:18 968560 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\hsplayer.dll
2010-03-29 22:23 . 2005-01-18 23:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-29 19:18 . 2010-03-29 19:18 -------- d-----w- c:\program files\Symantec
2010-03-29 19:18 . 2010-03-29 19:18 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-29 19:18 . 2010-03-29 19:18 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-29 19:18 . 2010-03-29 19:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-29 19:18 . 2010-03-29 19:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-29 19:17 . 2009-11-29 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-29 17:18 . 2009-10-13 20:44 -------- d-----w- c:\program files\Google
2010-03-28 19:37 . 2009-11-29 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-27 23:07 . 2010-03-27 23:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-27 23:07 . 2010-03-27 23:07 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys
2010-03-27 23:07 . 2010-03-27 23:07 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\EmailScanner.dll
2010-02-03 20:08 . 2010-02-03 20:06 -------- d-----w- c:\program files\iTunes
2010-02-03 20:07 . 2005-11-17 20:11 -------- d-----w- c:\program files\iPod
2010-02-03 20:07 . 2007-07-07 02:19 -------- d-----w- c:\program files\Common Files\Apple
2010-02-03 20:01 . 2010-02-03 20:00 -------- d-----w- c:\program files\QuickTime
2010-02-03 19:55 . 2010-02-03 19:55 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-27 16:09 . 2010-01-27 16:09 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d2fc38a-n\msvcp71.dll
2010-01-27 16:09 . 2010-01-27 16:09 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d2fc38a-n\msvcr71.dll
2010-01-27 16:09 . 2010-01-27 16:09 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-41a812cb-n\decora-sse.dll
2010-01-27 16:09 . 2010-01-27 16:09 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d2fc38a-n\jmc.dll
2010-01-27 16:09 . 2010-01-27 16:09 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-41a812cb-n\decora-d3d.dll
2009-12-31 16:50 . 2002-08-29 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-02 20:44 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-10-06 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\881d58cb862]
2010-03-25 21:47 120320 ----a-w- c:\windows\system32\diactfrm32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-05-21 18:56 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-06-17 22:43 2550272 ----a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-05-16 04:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 22:10 61952 ------w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-06-17 23:12 69632 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/27/2010 7:07 PM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\SymDS.sys [3/29/2010 3:18 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\SymEFA.sys [3/29/2010 3:18 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/24/2010 4:38 PM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.07F\cchpx86.sys [3/29/2010 3:18 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F\Ironx86.sys [3/29/2010 3:18 PM 116272]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [10/24/2008 5:18 PM 460168]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/31/2010 5:52 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSXpx86.sys [3/29/2010 3:28 PM 329592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/13/2009 4:44 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1265264]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [3/29/2010 3:17 PM 126392]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [9/11/2008 10:15 PM 3768]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [7/26/2008 4:07 PM 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [7/26/2008 4:07 PM 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 15:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:08]

2010-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 20:44]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 20:44]

2010-03-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-03-29 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - user.job
- c:\program files\Norton Internet Security\Engine\17.5.0.127\navw32.exe [2010-03-29 06:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tsn.ca/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{04E4F99A-80DE-4B73-BECB-2C742139AE98} - c:\windows\System32\dmocx32.dll
HKCU-Run-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe
MSConfigStartUp-Lexmark 2200 Series - c:\program files\Lexmark 2200 Series\lxbvbmgr.exe
MSConfigStartUp-Steam - c:\program files\steam\steam.exe
MSConfigStartUp-VVSN - c:\program files\VVSN\VVSN.exe
MSConfigStartUp-WINCINEMAMGR - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
AddRemove-Curious Cats - c:\documents and settings\user\Desktop\uninstall curious_cats_free.exe
AddRemove-speer - c:\windows\DrUninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 12:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\System32\diactfrm32.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-31 12:17:37
ComboFix-quarantined-files.txt 2010-03-31 16:17

Pre-Run: 114,437,070,848 bytes free
Post-Run: 116,729,495,552 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 5F1129B37382D754C231475A94735CB4


----------



## dvk01 (Dec 14, 2002)

Please download Malwarebytes' Anti-Malware to your desktop
from HERE or  HERE 

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded. 
Once the program has loaded, select Perform quick scan, then click Scan. 
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. 
Please include this log in your next reply.

It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert) 
If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot


----------



## stevechoanity (Mar 29, 2010)

I was able to do everything you asked. I did not get the error on reboot and so did not need to reboot a second time. The log is as follows:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3938

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/31/2010 3:30:04 PM
mbam-log-2010-03-31 (15-30-04).txt

Scan type: Quick scan
Objects scanned: 116758
Time elapsed: 8 minute(s), 22 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 47

Memory Processes Infected:
C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\diactfrm32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\d3dim32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04e4f99a-80de-4b73-becb-2c742139ae98} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{04e4f99a-80de-4b73-becb-2c742139ae98} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\881d58cb862 (Trojan.Tracur) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\user\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\d3dim32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\diactfrm32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\248.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnetcfg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bitsprx232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bitsprx432.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdm32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cewmdm32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cryptsvc32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3d932.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3drm32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3dx9_2532.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3dx9_2732.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deskperf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DivX32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\divxdec_040c32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpl10032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnwsock32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsuiext32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\esentprf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eventlog32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxdiagn32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxmasf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clb32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\browsewm32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmconfig32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfsshlex32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgnet32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhcpsapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EqnClass32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\confmsp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\davclnt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbmsadsn32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbnetlib32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\divx_xx1132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmcompos32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxva232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eappgnui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eappprxy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpuGUI1032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drmclien32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\divx_xx0c32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpuGUI1132.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Please advise what to do next. By the way, thank you so very much for this help!


----------



## dvk01 (Dec 14, 2002)

I think it found and fixed most of the problems but to be sure

* Run Kaspersky online virus scan *Kaspersky Online Scanner*.

After the updates have downloaded, click on the "Scan Settings" button.
select the *(b)"Spyware, Adware, Dialers and other potentially dangerous programs" *for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from 

If that won't run then 
Run an online antivirus check from one of the following sites

http://www.eset.com/online-scanner
http://www.pandasoftware.com/activescan/
http://www.bitdefender.com/scan8/ie.html


----------



## stevechoanity (Mar 29, 2010)

I ran the Kaspersky scan and it took many hours. I went to bed with it still running. At that point it was in the 70s or 80 % complete range and hadn't found any infected files. When I got up and checked the computer it seemed it had rebooted. I suspect it was because of a Windows update that automatically rebooted my computer. I hadn't installed any new updates as I had been told not to but I think this happened automatically. So, I have checked to see if I still have any symptoms. I can play music files now but my Google searches still often get redirected to weird sites that are not at all what the links say they are. What should I do now? Thanks!


----------



## dvk01 (Dec 14, 2002)

if you are still being redirected try this

Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

post back with its log and we can go from there


----------



## stevechoanity (Mar 29, 2010)

Hi, I'm not sure if I'm doing something wrong but I downloaded the program and ran it. It doesn't produce a log. Or at least not one in notepad that I can copy and paste or save and attach. It does list the following:

TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.2.8.1 Mar 22 2010 10:43:04

Scanning Services . . . 

Scanning Kernel memory . . .

Completed

Results: 
Memory objects infected / cured / cured on reboot: 0 / 0 / 0
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0

Press any key to continue . . .

When I hit a key it closes the program.

It only takes it a second or two to do this. Please advise on next step. Thanks!


----------



## dvk01 (Dec 14, 2002)

run combofix again please


----------



## stevechoanity (Mar 29, 2010)

ComboFix 10-03-29.04 - user 04/01/2010 15:57:59.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.648 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Application Data\020000001de91619862C.manifest
c:\documents and settings\user\Application Data\020000001de91619862O.manifest
c:\documents and settings\user\Application Data\020000001de91619862P.manifest
c:\documents and settings\user\Application Data\020000001de91619862S.manifest
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\extensions\{41c5b3ec-8111-4655-82d9-5b9698935ea3}
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\extensions\{41c5b3ec-8111-4655-82d9-5b9698935ea3}\chrome.manifest
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\extensions\{41c5b3ec-8111-4655-82d9-5b9698935ea3}\chrome\xulcache.jar
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\extensions\{41c5b3ec-8111-4655-82d9-5b9698935ea3}\defaults\preferences\xulcache.js
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\extensions\{41c5b3ec-8111-4655-82d9-5b9698935ea3}\install.rdf
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\oi0lkkh6.Paul\extensions\{41c5b3ec-8111-4655-82d9-5b9698935ea3}
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\oi0lkkh6.Paul\extensions\{41c5b3ec-8111-4655-82d9-5b9698935ea3}\chrome.manifest
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\oi0lkkh6.Paul\extensions\{41c5b3ec-8111-4655-82d9-5b9698935ea3}\chrome\xulcache.jar
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\oi0lkkh6.Paul\extensions\{41c5b3ec-8111-4655-82d9-5b9698935ea3}\defaults\preferences\xulcache.js
c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\oi0lkkh6.Paul\extensions\{41c5b3ec-8111-4655-82d9-5b9698935ea3}\install.rdf
c:\windows\system32\4.tmp
c:\windows\system32\976175020
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-04-01 15:09 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-04-01 15:08 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-04-01 15:08 . 2010-04-01 15:08 -------- d-----w- c:\windows\Logs
2010-04-01 15:08 . 2010-04-01 15:08 -------- d-----w- c:\program files\Winamp Detect
2010-04-01 14:35 . 2010-03-29 19:26 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100401.002\NAVENG.SYS
2010-04-01 14:35 . 2010-03-29 19:26 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100401.002\NAVENG32.DLL
2010-04-01 14:35 . 2010-03-29 19:26 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100401.002\NAVEX32A.DLL
2010-04-01 14:35 . 2010-03-29 19:26 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100401.002\NAVEX15.SYS
2010-04-01 14:35 . 2010-03-29 19:26 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100401.002\EECTRL.SYS
2010-04-01 14:35 . 2010-03-29 19:26 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100401.002\CCERASER.DLL
2010-04-01 14:35 . 2010-03-29 19:26 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100401.002\ECMSVR32.DLL
2010-04-01 14:35 . 2010-03-29 19:26 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100401.002\ERASER.SYS
2010-03-31 19:18 . 2010-03-31 19:18 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-03-31 19:18 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 19:17 . 2010-03-31 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-31 19:17 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 19:17 . 2010-03-31 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-31 15:29 . 2010-03-31 15:29 57344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\.GetMemoryInfoEx.exe
2010-03-31 15:28 . 2010-03-31 15:28 46952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\.hsie2010.exe
2010-03-31 15:28 . 2010-03-31 15:28 24952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\.CLT2010.exe
2010-03-31 15:27 . 2009-07-12 08:05 225280 ----a-r-  c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\Microsoft.VC90.CRT\msvcm90.dll
2010-03-31 15:27 . 2009-07-12 08:02 653120 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\Microsoft.VC90.CRT\msvcr90.dll
2010-03-31 15:27 . 2009-07-12 08:02 569664 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\Download\Microsoft.VC90.CRT\msvcp90.dll
2010-03-30 23:08 . 2010-03-30 23:08 516480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\EmailScannerAddin.dll
2010-03-30 23:08 . 2010-03-30 23:08 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\WSCUpdate.dll
2010-03-29 20:58 . 2010-03-29 20:58 -------- d-----w- c:\program files\Trend Micro
2010-03-29 19:28 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\Scxpx86.dll
2010-03-29 19:28 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSxpx86.dll
2010-03-29 19:28 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSviA64.sys
2010-03-29 19:28 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSvix86.sys
2010-03-29 19:28 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSXpx86.sys
2010-03-29 19:19 . 2010-03-25 23:29 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
2010-03-29 19:19 . 2009-11-17 00:51 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
2010-03-29 19:17 . 2009-12-17 06:29 892272 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\CLT\cltLMSx.dll
2010-03-29 19:17 . 2010-04-01 07:19 -------- d-----w- c:\windows\system32\drivers\NIS
2010-03-29 19:17 . 2010-03-29 19:17 -------- d-----w- c:\program files\Norton Internet Security
2010-03-29 19:16 . 2010-03-29 19:16 -------- d-----w- c:\program files\NortonInstaller
2010-03-29 18:36 . 2010-03-31 15:54 -------- d-----w- c:\windows\LMI193.tmp
2010-03-28 17:40 . 2010-03-28 17:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2010-03-28 17:08 . 2010-03-28 17:08 -------- d-----w- c:\documents and settings\user\Application Data\Tific
2010-03-28 00:28 . 2010-03-27 23:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-27 23:04 . 2010-03-27 23:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-27 23:04 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-27 23:03 . 2010-03-27 23:04 -------- d-----w- c:\program files\Lavasoft
2010-03-27 19:20 . 2010-03-27 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-03-27 19:20 . 2010-03-27 19:29 -------- d-----w- c:\program files\RegCure
2010-03-27 00:25 . 2010-03-27 00:25 62776 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-03-27 00:24 . 2010-03-27 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-10 20:03 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 15:09 . 2004-08-13 22:16 -------- d-----w- c:\program files\Winamp
2010-03-31 16:33 . 2010-03-29 19:18 968560 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\OCS\hsplayer.dll
2010-03-29 22:23 . 2005-01-18 23:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-29 19:18 . 2010-03-29 19:18 -------- d-----w- c:\program files\Symantec
2010-03-29 19:18 . 2010-03-29 19:18 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-29 19:18 . 2010-03-29 19:18 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-29 19:18 . 2010-03-29 19:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-29 19:18 . 2010-03-29 19:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-29 19:17 . 2009-11-29 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-29 17:18 . 2009-10-13 20:44 -------- d-----w- c:\program files\Google
2010-03-28 19:37 . 2009-11-29 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-27 23:07 . 2010-03-27 23:07 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-27 23:07 . 2010-03-27 23:07 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\SBREDrv.sys
2010-03-27 23:07 . 2010-03-27 23:07 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\EmailScanner.dll
2010-02-03 20:08 . 2010-02-03 20:06 -------- d-----w- c:\program files\iTunes
2010-02-03 20:07 . 2005-11-17 20:11 -------- d-----w- c:\program files\iPod
2010-02-03 20:07 . 2007-07-07 02:19 -------- d-----w- c:\program files\Common Files\Apple
2010-02-03 20:01 . 2010-02-03 20:00 -------- d-----w- c:\program files\QuickTime
2010-02-03 19:55 . 2010-02-03 19:55 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-27 16:09 . 2010-01-27 16:09 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d2fc38a-n\msvcp71.dll
2010-01-27 16:09 . 2010-01-27 16:09 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d2fc38a-n\msvcr71.dll
2010-01-27 16:09 . 2010-01-27 16:09 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-41a812cb-n\decora-sse.dll
2010-01-27 16:09 . 2010-01-27 16:09 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3d2fc38a-n\jmc.dll
2010-01-27 16:09 . 2010-01-27 16:09 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-41a812cb-n\decora-d3d.dll
.

((((((((((((((((((((((((((((( [email protected]_16.13.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-01 19:53 . 2010-04-01 19:53 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat
+ 2006-11-08 02:03 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 02:03 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
+ 2002-08-29 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
- 2002-08-29 12:00 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
+ 2010-03-31 23:01 . 2010-02-27 02:23 43696 c:\windows\system32\drivers\NIS\1106000.020\srtspx.sys
- 2009-06-18 20:44 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-18 20:44 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
- 2007-05-09 10:40 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 10:40 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-05-10 05:25 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
- 2004-02-06 23:05 . 2009-12-21 19:14 916480 c:\windows\system32\wininet.dll
+ 2004-02-06 23:05 . 2010-02-25 06:24 916480 c:\windows\system32\wininet.dll
+ 2002-08-29 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2002-08-29 12:00 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
+ 2002-08-29 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
- 2002-08-29 12:00 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
- 2006-11-08 02:03 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll
+ 2006-11-08 02:03 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll
- 2002-08-29 12:00 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
+ 2002-08-29 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2002-08-29 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
- 2002-08-29 12:00 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
- 2002-08-29 12:00 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
+ 2002-08-29 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2010-03-31 23:01 . 2010-02-04 01:40 340016 c:\windows\system32\drivers\NIS\1106000.020\symtdiv.sys
+ 2010-03-31 23:01 . 2010-02-04 01:40 362032 c:\windows\system32\drivers\NIS\1106000.020\symtdi.sys
+ 2010-03-31 23:01 . 2010-02-04 01:40 172592 c:\windows\system32\drivers\NIS\1106000.020\symefa.sys
+ 2010-03-31 23:01 . 2009-10-15 03:50 328752 c:\windows\system32\drivers\NIS\1106000.020\symds.sys
+ 2010-03-31 23:01 . 2010-02-27 02:23 325680 c:\windows\system32\drivers\NIS\1106000.020\srtsp.sys
+ 2010-03-31 23:01 . 2010-02-27 02:23 116784 c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys
+ 2010-03-31 23:01 . 2010-02-25 23:22 501888 c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys
+ 2006-05-10 05:25 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:25 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-10-17 17:04 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 17:04 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
- 2006-05-10 05:25 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 10:40 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 10:40 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-18 20:44 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2006-05-10 05:25 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:25 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-11-07 08:27 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:27 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:26 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-01 07:01 . 2009-12-21 19:14 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-01 07:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-01 07:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-04-01 07:01 . 2009-12-21 19:14 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-04-01 07:01 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-04-01 07:01 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2004-01-21 21:20 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2004-07-07 22:37 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll
- 2006-10-17 16:57 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
+ 2006-10-17 16:57 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2006-05-10 05:25 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-19 15:06 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 10:40 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-09 10:40 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2006-11-08 02:03 . 2010-02-25 15:54 11070976 c:\windows\system32\ieframe.dll
+ 2007-05-09 10:40 . 2010-02-25 15:54 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-01 07:01 . 2009-12-21 19:14 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.


----------



## stevechoanity (Mar 29, 2010)

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-02 20:44 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-10-06 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-05-21 18:56 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-06-17 22:43 2550272 ----a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-05-16 04:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 22:10 61952 ------w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-06-17 23:12 69632 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/27/2010 7:07 PM 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [3/31/2010 7:01 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [3/31/2010 7:01 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/24/2010 4:38 PM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\cchpx86.sys [3/31/2010 7:01 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [3/31/2010 7:01 PM 116784]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [10/24/2008 5:18 PM 460168]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/31/2010 5:52 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100326.001\IDSXpx86.sys [3/29/2010 3:28 PM 329592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/13/2009 4:44 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1265264]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [3/31/2010 7:01 PM 126392]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [9/11/2008 10:15 PM 3768]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [7/26/2008 4:07 PM 508544]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [7/26/2008 4:07 PM 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 15:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:08]

2010-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 20:44]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 20:44]

2010-04-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-04-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - user.job
- c:\program files\Norton Internet Security\Engine\17.6.0.32\navw32.exe [2010-03-31 23:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tsn.ca/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9f8lzm0t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 16:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-04-01 16:10:55
ComboFix-quarantined-files.txt 2010-04-01 20:10
ComboFix2.txt 2010-03-31 16:17

Pre-Run: 116,397,666,304 bytes free
Post-Run: 116,466,958,336 bytes free

- - End Of File - - 6602E7E3C9CC3A3F520A4D2C0AB90A65


----------



## dvk01 (Dec 14, 2002)

are you still getting any diverts now


----------



## stevechoanity (Mar 29, 2010)

No. I have been trying to do different things to see if I get any error messages or search diverts and it seems all the problems are now cleared up!!! Thank you so much! My last question then is, should I be uninstalling combofix, Hijackthis, Malwarebytes TDSSKiller, etc?


----------



## dvk01 (Dec 14, 2002)

I would keep MBAM & update it & run scans with it regularly

delete tdss killer

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then * RUN*
* Now type *Combofix /Uninstall * in the runbox and click *OK*. Note the *space *between the *X* and the */U*, it needs to be there.









This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here* http://www.thespykiller.co.uk/index.php?page=3 *for info on how to tighten your security settings and how to help prevent future attacks.

and scan here* http://secunia.com/software_inspector/ * for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place


----------



## stevechoanity (Mar 29, 2010)

I have deleted TDSS killer and Combofix. Would you advise that I keep HiJackThis? If not, are there any instructions on how to uninstall it?

Thank you! You are the best. I will recommend everyone to come here for help!


----------



## dvk01 (Dec 14, 2002)

there should be an entry in add/remove programs for Hijackthis, but it can be handy to keep , just in case of any future problems


----------

