Windows Antivirus pro and other error messages

DDS (Ver_09-07-30.01) - NTFSx86
Run by Claire Sheldrake at 16:21:27.96 on 04/09/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.511.316 [GMT 1]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Claire Sheldrake\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
uWindow Title = Tiscali 10.0
mDefault_Page_URL = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
mStart Page = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
mWindow Title = Tiscali 10.0
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [PCTVOICE] pctspk.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol70t~1.lnk - c:\program files\aol 7.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digima~1.lnk - c:\program files\samsung\digimax viewer 1.0\DigimaxViewer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-2-23 109616]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-3-26 1251720]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080720.003\NAVENG.SYS [2008-7-21 89936]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080720.003\NAVEX15.SYS [2008-7-21 856336]

=============== Created Last 30 ================

2009-09-03 20:16 --d----- c:\docume~1\claire~1\applic~1\Malwarebytes
2009-09-03 20:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 20:16 18,456 a------- c:\windows\system32\drivers\mbam.sys
2009-09-03 20:16 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 20:16 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-03 19:53 --d----- C:\_OTM
2009-08-31 21:57 a-d----- c:\windows\system32\images
2009-08-31 21:05 --d----- c:\program files\common files\SupportSoft
2009-08-11 10:16 --d----- C:\Mileage 2009

==================== Find3M ====================


============= FINISH: 16:21:54.43 ===============

Bump

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on svchost.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-09-07.03 - Claire Sheldrake 08/09/2009 11:00.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.511.318 [GMT 1:00]
Running from: c:\documents and settings\Claire Sheldrake\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\fad.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif

.
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-03 19:16 . 2009-09-03 19:16 -------- d-----w- c:\documents and settings\Claire Sheldrake\Application Data\Malwarebytes
2009-09-03 19:16 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 19:16 . 2009-09-03 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 19:16 . 2009-09-03 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-03 19:16 . 2009-08-03 12:36 18456 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 18:53 . 2009-09-03 18:53 -------- d-----w- C:\_OTM
2009-08-31 20:05 . 2009-08-31 20:05 -------- d-----w- c:\documents and settings\Matt Sheldrake\Local Settings\Application Data\SupportSoft
2009-08-31 20:05 . 2009-08-31 20:05 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-08-11 09:16 . 2009-08-11 09:16 -------- d-----w- C:\Mileage 2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 14:43 . 2003-03-21 20:17 -------- d-----w- c:\program files\AOL 7.0
.

------- Sigcheck -------

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys

[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll

c:\windows\system32\drivers\ip6fw.sys ... is missing !!
c:\windows\system32\mspmsnsv.dll ... is missing !!
c:\windows\system32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-11-15 1670144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-07 294912]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2002-11-01 208560]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 561152]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-03-21 26112]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-31 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-04 286720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-20 98304]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672]
"PCTVOICE"="pctspk.exe" - c:\windows\SYSTEM32\pctspk.exe [2002-07-18 163840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 7.0 Tray Icon.lnk - c:\program files\AOL 7.0\aoltray.exe [2003-3-21 32839]
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
Digimax Viewer 1.0.lnk - c:\program files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe [2003-10-25 331776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/02/2008 21:21 109616]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2003-03-27 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 05:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
mWindow Title = Tiscali 10.0
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 11:07
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(732)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-09-08 11:10
ComboFix-quarantined-files.txt 2009-09-08 10:09

Pre-Run: 14,041,083,904 bytes free
Post-Run: 14,365,798,400 bytes free

129 --- E O F --- 2009-08-31 22:06

Now open a new notepad file.
Input this into the notepad file:

FCopy::
c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys | c:\windows\system32\drivers\ip6fw.sys
c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll | c:\windows\system32\mspmsnsv.dll
c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll | c:\windows\system32\xmlprov.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-09-07.03 - Claire Sheldrake 08/09/2009 15:46.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.511.306 [GMT 1:00]
Running from: c:\documents and settings\Claire Sheldrake\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Claire Sheldrake\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys --> c:\windows\system32\drivers\ip6fw.sys
c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll --> c:\windows\system32\mspmsnsv.dll
c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll --> c:\windows\system32\xmlprov.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.

2009-09-08 14:46 . 2004-08-04 07:56 129536 ----a-w- c:\windows\system32\xmlprov.dll
2009-09-08 14:46 . 2004-08-04 07:56 52224 ----a-w- c:\windows\system32\mspmsnsv.dll
2009-09-03 19:16 . 2009-09-03 19:16 -------- d-----w- c:\documents and settings\Claire Sheldrake\Application Data\Malwarebytes
2009-09-03 19:16 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 19:16 . 2009-09-03 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 19:16 . 2009-09-03 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-03 19:16 . 2009-08-03 12:36 18456 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 18:53 . 2009-09-03 18:53 -------- d-----w- C:\_OTM
2009-08-31 20:05 . 2009-08-31 20:05 -------- d-----w- c:\documents and settings\Matt Sheldrake\Local Settings\Application Data\SupportSoft
2009-08-31 20:05 . 2009-08-31 20:05 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-08-11 09:16 . 2009-08-11 09:16 -------- d-----w- C:\Mileage 2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 14:43 . 2003-03-21 20:17 -------- d-----w- c:\program files\AOL 7.0
.

------- Sigcheck -------

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SYSTEM32\mspmsnsv.dll

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\xmlprov.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-11-15 1670144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-07 294912]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2002-11-01 208560]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 561152]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-03-21 26112]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-31 57344]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-04 286720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-20 98304]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\SYSTEM32\Ati2mdxx.exe [2001-09-04 28672]
"PCTVOICE"="pctspk.exe" - c:\windows\SYSTEM32\pctspk.exe [2002-07-18 163840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 7.0 Tray Icon.lnk - c:\program files\AOL 7.0\aoltray.exe [2003-3-21 32839]
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
Digimax Viewer 1.0.lnk - c:\program files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe [2003-10-25 331776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23/02/2008 21:21 109616]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2003-03-27 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 05:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
mWindow Title = Tiscali 10.0
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/countries/uk/enu/gen/default.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 15:50
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(732)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-09-08 15:52
ComboFix-quarantined-files.txt 2009-09-08 14:52
ComboFix2.txt 2009-09-08 10:10

Pre-Run: 14,386,991,104 bytes free
Post-Run: 14,373,154,816 bytes free

110 --- E O F --- 2009-08-31 22:06

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

It seems to working fine. Is it free from virus' now?

Bump

Bump

Your logs show no sign of infection, what Anti virus are you currently running?

The antivirus had expired. I am just about to install Norton Internet security 2009 premium edition.

Hello.
Okay, install Norton 2009, then this should be fine.

Thanks for all your help.

Since this issue appears to be solved, this topic is now closed and being marked solved.

If you need the topic reopened, PM an administrator, moderator, or staff.