Virus affecting search engine! PLEASE HELP ME GET RID OF THIS THING!

[frustrated89]

here is the log file... sorry i just realized i put it twice.

[attachment deleted by admin]

[evilfantasy]

OK things should get easier now.

I don't see anything that needs to be done with ComboFix so try to open, update and run MalwareBytes now. Please post the log it creates.

But first you need to get rid of Norton which is still running.

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

• Go to your desktop and double click on the removal tool and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC.
• Delete Nortonremoval tool from your Desktop.

.
----------

Now update and run MalwareBytes.

[frustrated89]

I'm running Malwarebytes right now, it is FINALLY working!!! Are we almost in the clear?

[evilfantasy]

I think we are. Depends on what MalwareBytes finds.

[frustrated89]

Here is the log....

[attachment deleted by admin]

[evilfantasy]

That found some of the same files that ComboFix was supposed to fix so we need to do another scan to make sure it is gone. This will only take a few minutes.

Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please include the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Also let me know how the computer is acting now?

[frustrated89]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 28/06/2007 12:38:01 PM
System Uptime: 13/04/2009 11:27:21 PM (0 hours ago)

Motherboard: Intel Corporation |  | CAPELL VALLEY(NAPA) CRB
Processor: Genuine Intel(R) CPU           T2080  @ 1.73GHz | U2E1 | 800/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 100 GiB total, 64.395 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 9.923 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Atheros Driver Installation Program
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
Choice Guard
DVD MovieFactory for TOSHIBA
FF Ver 3.4- UofM Home Version 080123
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Java(TM) SE Runtime Environment 6
JMP Student Edition
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Microsoft XML Parser
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NVT Malware Remover Tool v2.0.8b1
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Smart Menus (Windows Live Toolbar)
Super TextTwist
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Trend Micro OfficeScan Client
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
WinDVD for TOSHIBA

==== End Of File ===========================


[attachment deleted by admin]

[frustrated89]

My computer is working fine. I think that the search thing is working right now. Please tell me that everything is okay now??

[evilfantasy]

OK I found another one so it needs to be taken care of. This should be the last scan.


Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

Folder::
c:\windows\system32\gxvxccounter

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
  
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Click Additional Tasks
  
• Place a check next to Remove Useless JRE Files and click Go
  
• Exit JavaRa
  
• Delete the JavaRa files from the Desktop

.
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

[frustrated89]

here it is

ComboFix 09-04-14.01 - Natasha 14/04/2009  0:14.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.2.1033.18.1013.302 [GMT -5:00]
Running from: c:\users\Natasha\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Natasha\Desktop\CFScript.txt
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gxvxccounter

.
(((((((((((((((((((((((((   Files Created from 2009-03-14 to 2009-04-14  )))))))))))))))))))))))))))))))
.

2009-04-14 04:14 . 2009-04-14 04:14   --------   d-----w   c:\users\Natasha\AppData\Roaming\Malwarebytes
2009-04-14 01:57 . 2009-04-14 01:57   --------   d-----w   c:\program files\NVT Malware Remover Tool
2009-04-14 01:29 . 2009-04-06 20:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-04-14 01:29 . 2009-04-06 20:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 01:29 . 2009-04-14 01:29   --------   d-----w   c:\users\All Users\Malwarebytes
2009-04-14 01:29 . 2009-04-14 01:29   --------   d-----w   c:\programdata\Malwarebytes
2009-04-14 01:29 . 2009-04-14 01:29   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-04-13 22:05 . 2009-04-13 22:07   --------   d-----w   C:\ComboFix
2009-04-12 00:01 . 2009-04-13 00:49   --------   dc----w   c:\windows\system32\DRVSTORE
2009-04-11 23:58 . 2009-04-13 00:49   --------   d-----w   c:\users\All Users\Lavasoft
2009-04-11 23:58 . 2009-04-13 00:49   --------   d-----w   c:\programdata\Lavasoft
2009-04-10 14:35 . 2009-04-13 19:39   14040   ----a-w   c:\windows\cfgall.ini
2009-04-10 14:05 . 2009-04-10 14:05   --------   d-----w   C:\Quarantine
2009-04-10 14:04 . 2009-04-10 14:04   --------   d-----w   c:\windows\system32\log
2009-04-10 14:03 . 2009-04-13 00:01   --------   d-----w   c:\program files\Trend Micro
2009-04-10 13:52 . 2009-04-10 13:52   --------   d-----w   c:\users\Natasha\AppData\Roaming\InstallShield
2009-04-02 02:29 . 2009-04-02 02:29   0   ---ha-w   c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 05:19 . 2007-06-28 17:46   16384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-14 05:19 . 2007-06-28 17:46   16384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-14 05:19 . 2007-06-28 17:46   131072   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-14 05:19 . 2009-04-14 05:19   2048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-14 05:19 . 2009-04-14 05:19   2048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-14 04:10 . 2008-02-12 22:41   --------   d-----w   c:\program files\Common Files\Symantec Shared
2009-04-14 04:08 . 2008-02-12 22:42   --------   d-----w   c:\programdata\Symantec
2009-04-13 02:20 . 2009-04-13 03:04   15087689   ----a-w   c:\program files\PROCESSLIST.DB
2009-04-13 02:20 . 2009-04-13 03:04   1143446   ----a-w   c:\program files\PROCESSLISTRELATED.DB
2009-04-13 00:22 . 2009-04-12 14:05   444   ----a-w   C:\aaw7boot.log
2009-04-10 14:07 . 2006-11-02 10:25   51200   ----a-w   c:\windows\Inf\infpub.dat
2009-04-10 14:07 . 2006-11-02 10:25   86016   ----a-w   c:\windows\Inf\infstrng.dat
2009-04-10 14:07 . 2006-11-02 10:25   86016   ----a-w   c:\windows\Inf\infstor.dat
2009-03-12 14:57 . 2006-11-02 11:18   --------   d-----w   c:\program files\Windows Mail
2009-03-12 14:16 . 2007-07-26 21:43   --------   d-----w   c:\programdata\Microsoft Help
2009-02-27 17:34 . 2007-09-27 19:53   32768   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-02-27 17:34 . 2007-09-27 19:53   16384   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-02-27 17:34 . 2007-09-27 19:53   16384   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-02-21 17:53 . 2008-03-08 03:09   --------   d-----w   c:\program files\Windows Live
2009-02-09 03:10 . 2009-03-11 14:46   2033152   ----a-w   c:\windows\System32\win32k.sys
2009-02-07 00:52 . 2009-02-07 00:52   49504   ----a-w   c:\windows\System32\sirenacm.dll
2009-01-15 06:11 . 2009-02-12 03:53   827392   ----a-w   c:\windows\System32\wininet.dll
2008-12-19 09:01 . 2008-05-26 14:56   680   ----a-w   c:\users\Natasha\AppData\Local\d3d9caps.dat
2008-12-19 02:52 . 2006-11-02 12:50   174   --sha-w   c:\program files\desktop.ini
2007-07-27 16:46 . 2007-06-28 04:00   112408   ----a-w   c:\users\Natasha\AppData\Local\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((   SnapShot@2009-04-13_22.33.35.23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-06 23:40 . 2009-04-14 05:21   45788              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-14 05:21   61744              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-06-28 04:01 . 2009-04-14 03:23   10836              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-381672913-1497699758-3801013932-1000_UserData.bin
+ 2007-06-28 04:01 . 2009-04-14 05:21   10836              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-381672913-1497699758-3801013932-1000_UserData.bin
+ 2007-06-28 17:46 . 2009-04-14 05:19   16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-06-28 17:46 . 2009-04-14 03:21   16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-28 17:46 . 2009-04-14 05:19   16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-06-28 17:46 . 2009-04-14 03:21   16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-14 03:21 . 2009-04-14 03:21   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-14 05:19 . 2009-04-14 05:19   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-14 05:19 . 2009-04-14 05:19   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-14 03:21 . 2009-04-14 03:21   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-14 05:20 . 2008-11-27 20:52   296224              c:\windows\temp\TZ5345.EXE
- 2006-11-02 12:43 . 2009-04-14 03:09   262144              c:\windows\System32\config\systemprofile\ntuser.dat
+ 2006-11-02 12:43 . 2009-04-14 05:13   262144              c:\windows\System32\config\systemprofile\ntuser.dat
+ 2007-06-28 17:46 . 2009-04-14 05:19   131072              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-28 17:46 . 2009-04-14 03:21   131072              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 12:47 . 2009-04-14 05:22   262144              c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-14 03:23   262144              c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2006-11-02 12:47 . 2009-04-14 03:23   262144              c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2006-11-02 12:47 . 2009-04-14 05:22   262144              c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-06-28 04:10 . 2009-04-14 03:19   729848              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2007-06-28 04:10 . 2009-04-14 05:18   729848              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-12 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-12 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-12 530552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-11-27 718120]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-07 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{29DF42F3-06E5-4AF2-8F87-01E0CA882130}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{48B3A74E-4778-4E18-BAF0-32A825034145}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{50C363D8-B98A-4FD4-9ED7-889E9B7E8B41}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{5BA02A87-7C49-47E6-9A1E-F75B19E442C5}c:\\program files\\gamehouse\\texttwist\\texttwist.exe"= UDP:c:\program files\gamehouse\texttwist\texttwist.exe:Super TextTwist
"UDP Query User{A838F259-EA07-402D-9C96-64E3B1E37CC4}c:\\program files\\gamehouse\\texttwist\\texttwist.exe"= TCP:c:\program files\gamehouse\texttwist\texttwist.exe:Super TextTwist
"{ED272B27-4716-433F-9940-EA6C64A86A2F}"= UDP:c:\users\Natasha\AppData\Local\Temp\7zSD2E8.tmp\SymNRT.exe:Norton Removal Tool
"{0A6322AA-EAA4-43F4-8775-C76C9D4AD2A5}"= TCP:c:\users\Natasha\AppData\Local\Temp\7zSD2E8.tmp\SymNRT.exe:Norton Removal Tool
"{76D597C6-402F-46BE-997F-F89B5E58B1AC}"= UDP:11050:Trend Micro OfficeScan Listener

R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-08-21 652552]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2008-11-26 205328]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [2008-11-26 36368]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

.
Contents of the 'Scheduled Tasks' folder

2009-04-13 c:\windows\Tasks\User_Feed_Synchronization-{2863D096-11F2-4FDE-893A-3C671B4EAF22}.job
- c:\windows\system32\msfeedssync.exe [2008-06-12 07:33]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 00:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Trend Micro\OfficeScan Client\NTRtScan.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Trend Micro\OfficeScan Client\TmListen.exe
c:\windows\temp\TZ5345.EXE
c:\program files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\System32\conime.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt  2009-04-14 05:33
ComboFix2.txt  2009-04-14 03:35

Pre-Run: 71,636,881,408 bytes free
Post-Run: 71,556,997,120 bytes free

188   --- E O F ---   2009-04-14 00:44

[frustrated89]

I ran Malwarebytes which found 1 object infected. I clicked remove and it did its process. After the computer restarted I did a scan again and it did not detect any object infected. Is it gone now?

[Shandy]

c:\windows\temp\TZ5345.EXE  <--- Looks like trouble, unless it's something to do with hiding combo fix from malware??
Don't do anything until EvilFantasy replies

[BC_Programmer]

that's part of combofix, I believe.

[evilfantasy]

Time to clean up. Let me know if you have any questions.


• Click START then RUN
  
• Now type Combo-fix /u in the runbox
  
• Make sure there's a space between Combo-fix and /u
• Then hit Enter.
• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
.
----------

Go to c:\windows\temp\ and delete

everything in the temp folder.

----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

.
Important: Restart the computer before continuing.

----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[frustrated89]

Thank you VERY VERY VERY much for all your help and patience with me!