Active Another Google Malware virus on my computer

[Active] Another Google Malware virus on my computer

Obviously new to this forum but I did read through some of the other advice regarding the adware malware programs. I, too, cannot use any search engine without being redirected to other websites. I installed and ran malwarebytes and it found 10 programs that spybot did not. I have attached the notepad documentation below. After running and then removing these threats, I still am getting the same thing when doing a google search. Any advice is appreciated!

Bob

Malwarebytes' Anti-Malware 1.31
Database version: 1565
Windows 5.1.2600 Service Pack 2

12/29/2008 3:03:45 PM
mbam-log-2008-12-29 (15-03-45).txt

Scan type: Quick Scan
Objects scanned: 77582
Time elapsed: 27 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Setup1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\NPROTECT\00182129.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysaudio.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

 

Hello griz7674 and Welcome.


Please follow the instruction in the link below to run RSIT and post that log please.
http://www.windowsbbs.com/malware-virus-removal/announcements.html

 

Here you go!

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2008-12-30 09:11:09
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 41 GB (53%) free of 76 GB
Total RAM: 1015 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:37 AM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe "
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE864028-534C-4836-8EA8-F91322E8DB5E}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe

--
End of file - 12818 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
CNavExtBho Class - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2006-02-05 140960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5233FCD-D258-4903-89B8-FB1568E7413D}]
Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2006-02-05 140960]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl "=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"SunKistEM "=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-03-11 135168]
" "= []
"eFax 4.1 "=C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe [2005-12-16 107008]
"HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"Share-to-Web Namespace Daemon "=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"Google Desktop Search "=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-26 29744]
"LogitechCommunicationsManager "=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon "=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"MP10_EnsureFileVer "=C:\WINDOWS\inf\unregmp2.exe [2004-08-04 208896]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Act.Outlook.Service "=C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe [2007-03-28 9728]
"Act! Preloader "=C:\Program Files\ACT\ACT for Windows\ActSage.exe [2007-03-28 1015808]
"OpenDNS Update "=C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe [2008-11-04 281088]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"updateMgr "=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Aim6 "= []
"DW6 "=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [2008-06-10 785520]
"SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe
eFax 4.1.lnk - C:\Program Files\eFax Messenger 4.1\J2GTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-01-29 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*isabled:Windows Messenger "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe "= "C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager "
"C:\Program Files\ACT\Act for Windows\ActSage.exe "= "C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage "
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "= "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:sqlbrowser "
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "= "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:sqlservr "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

======List of files/folders created in the last 1 months======

2008-12-30 09:11:10 ----D---- C:\Program Files\trend micro
2008-12-30 09:11:09 ----D---- C:\rsit
2008-12-29 14:33:38 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-12-29 14:33:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 14:33:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 10:35:31 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-29 10:35:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-19 11:09:38 ----A---- C:\WINDOWS\system32\Ilda32.dll
2008-12-19 11:09:38 ----A---- C:\WINDOWS\system32\BORLNDMM.DLL
2008-12-19 11:09:34 ----D---- C:\Program Files\CoffeeCup Software

======List of files/folders modified in the last 1 months======

2008-12-30 09:11:10 ----D---- C:\Program Files
2008-12-30 09:08:46 ----D---- C:\WINDOWS\Prefetch
2008-12-29 15:13:06 ----D---- C:\Program Files\Mozilla Firefox
2008-12-29 15:09:40 ----A---- C:\WINDOWS\win.ini
2008-12-29 15:08:42 ----D---- C:\WINDOWS\Temp
2008-12-29 15:06:01 ----D---- C:\WINDOWS\system32\drivers
2008-12-29 15:06:01 ----D---- C:\WINDOWS\system32
2008-12-29 15:05:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-29 15:03:45 ----D---- C:\WINDOWS
2008-12-29 11:26:34 ----A---- C:\ActExtLog.txt
2008-12-29 08:49:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-29 08:49:30 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-16 16:34:19 ----D---- C:\RJT Consulting
2008-12-10 16:32:32 ----D---- C:\Program Files\Common Files\Symantec Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 GBFSHook;GBFSHook; C:\WINDOWS\system32\drivers\GBFSHook.sys [2005-10-03 15360]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2004-01-29 122110]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2004-01-29 99002]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-01-29 95579]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver; C:\WINDOWS\System32\DRIVERS\m4301A.sys [2004-05-13 83552]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061204.017\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061204.017\NavEx15.Sys []
R3 NPDriver;Norton UnErase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 SAVRT;SAVRT; \??\C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-18 542976]
R3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\System32\Drivers\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-07-16 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-07-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-07-16 21488]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2007-04-12 21120]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
S3 SDdriver;SDdriver; \??\C:\WINDOWS\System32\Drivers\sddriver.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-08-07 12992]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-08-07 110784]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-08-07 31936]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20081210.002\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-08-07 28352]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-06-14 235168]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 GBPoll;GoBack Polling Service; C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe [2005-10-03 587392]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 MSSQL$ACT7;SQL Server (ACT7); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-06-28 28952920]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe [2006-02-05 139936]
R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe [2006-02-05 46752]
R2 NProtectService;Norton UnErase Protection; C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE [2005-10-03 95832]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2007-09-05 20480]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE [2005-10-03 176193]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-06-13 1119888]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WebUpdate;Web Update Service by PowerProgrammer; C:\WINDOWS\system32\WebUpdateSvc.exe [2005-12-22 266240]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-08-13 78968]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-26 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2005-09-24 749696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-07-16 65795]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 SAVScan;Symantec AVScan; C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 SPBBCSvc;SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-05-11 1160848]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

-----------------EOF-----------------


I also ran the malware program for the full hard drive scan and no additional virus's were found. Thoughts?

Bob

 

That was the cause of your google issues,just in case you were curious.

In the very same link I posted before,there are instructions for 2 online scanners,if you dont mind,would you take the time to run both and copy any results they produce to notepad,then post them here.

Id like to be sure there isnt anything left.

 

I will run those scans in a bit but I am still having the same problems with my computer so somehow the virus is still working.

Bob

 

I hope I'm not missing the obvious but I did not see two other links to scanners on your previous post. Please advise. Thanks.

Bob

 

I did just run the Kapersky program and after 3 hours it finally finished and did not find any virus's etc. I also emptied my recycle bin just to be on the safe side and it's still doing it! Any other thoughts? Thanks!

Bob

 

Hi Bob and Sorry for the delay.

Lets try something simple before we start using alot of different tools.

Are you familiar with your router and how to reset it to the default settings it came with?

It is possible the router configs were tampered with at some point and they are pointing all your DNS request to a nasty dns server.

There was a rash of this about the same time sysaudio made the scene.

Do try an attempt to restore the router to factory defaults,then make yourself a nice healhty hard login name and password for the router itself and if you use wireless,you would do yourself a favor to use WPA2 encryption and set yourself another nice hard long login name and password for the wireless connection.

If any doubts or troubles,let me know.

 

I will reset it but wouldn't that make it to where I could not access any website? If I type the name of the site into my address bar then it works fine. It's only while performing a search engine function that it misdirects the links. I will go reset the router in a bit and see if that helps. Thanks.

 

I reset the router and that did nothing. Thoughts?

Bob

 

I ran Combofix and my problem was solved! Here is the log:

ComboFix 09-01-05.02 - Owner 2009-01-05 14:13:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.544 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ntnet.drv
c:\windows\system32\wdmaud.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-05 09:01 . 2009-01-05 09:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\OpenDNS Updater
2008-12-30 09:11 . 2008-12-30 09:11 <DIR> d-------- C:\rsit
2008-12-30 09:11 . 2008-12-30 09:11 <DIR> d-------- c:\program files\trend micro
2008-12-29 14:33 . 2008-12-29 14:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-29 14:33 . 2008-12-29 14:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-29 14:33 . 2008-12-29 14:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-29 14:33 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-29 14:33 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-29 10:35 . 2008-12-29 11:29 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-29 10:35 . 2008-12-29 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-19 11:09 . 2008-12-19 11:09 <DIR> d-------- c:\program files\CoffeeCup Software
2008-12-19 11:09 . 1999-03-22 12:29 233,472 --a------ c:\windows\system32\Ilda32.dll
2008-12-19 11:09 . 1998-06-17 04:00 18,944 --a------ c:\windows\system32\BORLNDMM.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 15:01 --------- d-----w c:\program files\OpenDNS Updater
2008-12-10 22:32 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-25 16:30 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2008-11-25 15:30 --------- d-----w c:\program files\AviSynth 2.5
2008-11-25 15:28 --------- d-----w c:\program files\eRightSoft
2008-11-24 22:16 --------- d-----w c:\program files\iTunes
2008-11-24 22:16 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 22:15 --------- d-----w c:\program files\iPod
2008-11-24 22:15 --------- d-----w c:\program files\Common Files\Apple
2008-11-24 22:10 --------- d-----w c:\program files\Bonjour
2008-11-24 22:09 --------- d-----w c:\program files\QuickTime
2008-11-24 22:02 --------- d-----w c:\program files\Apple Software Update
2008-11-07 20:23 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-07-22 21:00 56,912 ----a-w c:\documents and settings\Owner\g2mdlhlpx.exe
2006-08-24 17:22 216 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-02-26 20:38 122,368 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2003-03-31 12:00 94,784 --sh--w c:\windows\twain.dll
2004-08-04 07:56 50,688 --sh--w c:\windows\twain_32.dll
2008-09-08 18:58 88 --sh--r c:\windows\system32\DCAD1C5376.sys
2004-08-04 07:56 54,784 --sh--w c:\windows\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w c:\windows\system32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w c:\windows\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sh--w c:\windows\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sha-w c:\windows\system32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DW6 "= "c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunKistEM "= "c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-11 135168]
"eFax 4.1 "= "c:\program files\eFax Messenger 4.1\J2GDllCmd.exe" [2005-12-16 107008]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"Share-to-Web Namespace Daemon "= "c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-26 29744]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"MP10_EnsureFileVer "= "c:\windows\inf\unregmp2.exe" [2004-08-04 208896]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Act.Outlook.Service "= "c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 9728]
"Act! Preloader "= "c:\program files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 1015808]
"OpenDNS Update "= "c:\program files\OpenDNS Updater\OpenDNS Updater.exe" [2009-01-05 316416]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-08-09 1742384]
eFax 4.1.lnk - c:\program files\eFax Messenger 4.1\J2GTray.exe [2006-03-16 513024]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Norton GoBack.lnk - c:\program files\Norton SystemWorks\Norton GoBack\GBTray.exe [2005-10-03 857728]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-09-11 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420 "= i420vfw.dll
"aux2 "= wdmaud.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe "=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe "=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe "=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1433:TCP "= 1433:TCP:sql tcp
"1434:UDP "= 1434:UDP:sql udp

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2006-12-04 102712]
R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [2004-05-13 83552]
R4 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-06-28 28952920]
R4 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~3\NPROTECT.EXE [2005-10-03 95832]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-11 24652]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-26 29744]
.
Contents of the 'Scheduled Tasks' folder

2006-03-15 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-08-04 01:56]

2006-03-15 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-08-04 01:56]

2008-10-04 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
- c:\progra~1\NORTON~1\NORTON~2\Navw32.exe [2006-02-05 01:03]

2009-01-05 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2005-10-05 21:02]

2008-12-30 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-Aim6 - (no file)
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
TCP: {FE864028-534C-4836-8EA8-F91322E8DB5E} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\j9vmkvfw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ijm.org/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 14:30:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Norton SystemWorks\Norton GoBack\GBPoll.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\WebUpdateSvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-01-05 14:42:59 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-01-05 20:41:32

Pre-Run: 43,564,343,296 bytes free
Post-Run: 43,821,350,912 bytes free

182 --- E O F --- 2008-06-23 16:01:18

 

It would appear you read my mind,I have been hammered with work and unable to get back here as Id like,apologize for that.

This is the exact file I was to hunt down next but you found it first,good work!

Id hope the PC is acting somewhat right again?

Let me know how things are please.