Also infected with redirect trojan

[qetzal]

Like many others here, I've gotten infected with the redirect trojan. MWB says it removes it, but it re-appears when I restart my browser. I also keep getting a .tmp file on my desktop: dzobufujau.tmp.

Windows XP Professional Version 5.1.2600 Service Pack 3 Build 2600

Internet Explorer 8 Version 8.0.6001.18702

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by RossDurland at 9:37:22 on 2011-11-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1013 [GMT -6:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

BHO: {049183f6-9a2e-462e-b871-73a52592705e} - c:\documents and settings\rossdurland\local settings\application data\ShellUser.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [<NO NAME>] c:\docume~1\rossdu~2\locals~1\temp\mpp775.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [EPSON NX420 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\docume~1\rossdu~2\locals~1\temp\E_S14.tmp" /EF "HKCU"

uRun: [Epson Stylus NX420(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\windows\temp\E_SB6.tmp" /EF "HKCU"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"

mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: uspto.gov

DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://mrw.interscience.wiley.com/wfplayer/tdserver.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab

DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268154477734

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264997586015

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} - hxxps://qgen.interwise.com/qgen/Application/EventEntry/AxWebInstaller.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6615453C-52D5-4558-82F3-839513BAE773} : DhcpNameServer = 192.168.1.254

Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

LSA: Authentication Packages = msv1_0 wvauth

.

============= SERVICES / DRIVERS ===============

.

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]

R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-28 105592]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111027.002\naveng.sys [2011-10-28 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111027.002\navex15.sys [2011-10-28 1576312]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-20 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-20 133104]

.

=============== File Associations ===============

.

scrfile="%1" %*

.

=============== Created Last 30 ================

.

2011-11-12 15:21:06 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b586e1bb-69b5-4b6c-837d-01ddeac42b90}\offreg.dll

2011-11-11 17:15:29 244224 ----a-w- c:\documents and settings\rossdurland\local settings\application data\ShellUser.dll

2011-11-11 07:36:34 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b586e1bb-69b5-4b6c-837d-01ddeac42b90}\mpengine.dll

2011-11-01 13:58:58 -------- d-----w- c:\documents and settings\rossdurland\local settings\application data\adaware

2011-11-01 13:58:57 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection

2011-11-01 13:58:53 -------- d-----w- c:\program files\Toolbar Cleaner

2011-11-01 13:58:50 -------- d-----w- c:\documents and settings\rossdurland\application data\adawaretb

2011-11-01 13:58:48 -------- d-----w- c:\program files\adawaretb

2011-10-16 18:45:46 -------- d-----w- c:\program files\iPod

2011-10-16 18:45:40 -------- d-----w- c:\program files\iTunes

2011-10-16 18:35:18 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-10-17 13:31:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-19 13:19:47 6776168 ----a-w- C:\windowsupdateagent30-x86.exe

.

============= FINISH: 9:37:46.01 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 4/17/2008 2:06:09 PM

System Uptime: 11/12/2011 9:20:15 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0KU184

Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 41.795 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP776: 10/3/2011 8:58:47 AM - System Checkpoint

RP777: 10/4/2011 9:57:45 AM - System Checkpoint

RP778: 10/5/2011 10:58:50 AM - System Checkpoint

RP779: 10/6/2011 12:33:43 PM - System Checkpoint

RP780: 10/7/2011 1:50:45 PM - System Checkpoint

RP781: 10/8/2011 5:21:09 PM - System Checkpoint

RP782: 10/9/2011 2:06:28 AM - Software Distribution Service 3.0

RP783: 10/10/2011 2:58:04 AM - System Checkpoint

RP784: 10/11/2011 8:25:14 AM - System Checkpoint

RP785: 10/12/2011 9:07:43 AM - System Checkpoint

RP786: 10/13/2011 9:10:44 AM - System Checkpoint

RP787: 10/14/2011 9:19:12 AM - System Checkpoint

RP788: 10/15/2011 2:10:56 PM - Software Distribution Service 3.0

RP789: 10/16/2011 2:58:34 PM - System Checkpoint

RP790: 10/17/2011 3:24:08 PM - System Checkpoint

RP791: 10/19/2011 8:53:02 AM - System Checkpoint

RP792: 10/19/2011 3:30:43 PM - Installed Cn3D 4.3.

RP793: 10/21/2011 9:46:47 AM - System Checkpoint

RP794: 10/24/2011 12:10:36 PM - System Checkpoint

RP795: 10/25/2011 12:44:50 PM - System Checkpoint

RP796: 10/26/2011 2:35:09 PM - System Checkpoint

RP797: 10/27/2011 3:34:45 PM - System Checkpoint

RP798: 10/28/2011 4:15:23 PM - System Checkpoint

RP799: 10/29/2011 5:57:15 PM - System Checkpoint

RP800: 10/30/2011 2:05:36 AM - Software Distribution Service 3.0

RP801: 10/31/2011 8:53:10 AM - System Checkpoint

RP802: 11/1/2011 8:56:18 AM - Installed Ad-Aware

RP803: 11/1/2011 8:58:29 AM - Installed Ad-Aware

RP804: 11/2/2011 1:50:28 AM - Software Distribution Service 3.0

RP805: 11/3/2011 11:32:45 PM - System Checkpoint

RP806: 11/4/2011 11:54:59 PM - System Checkpoint

RP807: 11/5/2011 2:17:21 AM - Software Distribution Service 3.0

RP808: 11/6/2011 11:16:43 AM - System Checkpoint

RP809: 11/9/2011 8:59:51 PM - System Checkpoint

RP810: 11/10/2011 1:36:26 AM - Software Distribution Service 3.0

RP811: 11/11/2011 1:36:27 AM - Software Distribution Service 3.0

RP812: 11/11/2011 10:03:41 PM - Removed Ad-Aware

.

==== Installed Programs ======================

.

32 Bit HP BiDi Channel Components Installer

ACD/Labs Software in C:\Program Files\ACDFREE12\

Acrobat.com

Ad-Aware Security Toolbar

Adobe Acrobat - Reader 6.0.2 Update

Adobe Acrobat 6.0.1 Standard

Adobe AIR

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.1)

AiO_Scan

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AT&T Connect Participant

ATT-AACE

AuthenTec Fingerprint Sensor Minimum Install

biolsp patch

Bonjour

Broadcom ASF Management Applications

Broadcom Management Programs

Browser Address Error Redirector

BufferChm

Canon MP Navigator 2.0

Canon MP170

CleanUp!

Cn3D 4.1

Cn3D 4.3

Compatibility Pack for the 2007 Office system

Conexant HDA D330 MDC V.92 Modem

CP_PLSBusinessFlyers

CreativeProjects

Data Analysis 7.0

Dell Drivers MSI

Dell Embassy Trust Suite by Wave Systems

Dell Touchpad

Dell Wireless WLAN Card

Destinations

Digital Line Detect

Director

DocProc

Document Manager Lite

DocumentViewer

EMBASSY Security Center

EMBASSY Security Setup

EMBASSY Trust Suite by Wave Systems

Epson Event Manager

EPSON NX420 Series Printer Uninstall

EPSON Scan

EpsonNet Print

EpsonNet Setup 3.2

ESC Home Page Plugin

GanttProject

Gemalto

GemSafe Standard Edition 5.1

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 4.5.0.452

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Color LaserJet 2820/2830/2840 2.0

HP Image Zone 4.7

HP PSC & OfficeJet 4.7

HP Software Update

hppCLJ2800

hppDustDevil

hppFaxDrv

hppFonts

hppIOFiles

hppManuals2800

hppscan2800

hppScanTo

hppSendFax

hppTooCool

HPSystemDiagnostics

ICS Viewer 6.0

ImageJ 1.40g

InstantShare

Intel® Graphics Media Accelerator Driver

IntelliSonic Speech Enhancement

interneTIFF 9.0-FREE (IE Browser)

iTunes

Java Auto Updater

Java 6 Update 23

LiveUpdate 3.0 (Symantec Corporation)

Malwarebytes' Anti-Malware version 1.51.2.1300

Meeting Service

Mendeley Desktop 0.9.6.2

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft IntelliPoint 7.0

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Outlook Personal Folders Backup

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft UI Engine

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Modem Diagnostic Tool

MSN Toolbar

MSN Toolbar Platform

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

NetWaiting

NTRU TCG Software Stack

OGA Notifier 2.0.0048.0

PhotoGallery

PowerDVD

Preboot Manager

Private Information Manager

PyroMark Assay Design 2.0

PyroMark Launcher 2.0.6.20

PyroMark Q24 2.0.6.20

QFolder

QuickSet

QuickTime

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio Update Manager

Safari

Scan

SearchAssist

Secure Update

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Security Wizards

Sequence Scanner v1.0

SkinsHP1

Sonic Activation Module

Symantec AntiVirus

TrayApp

Trusted Drive Manager

tsp patch

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

upekmsi

VC90Runtime

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Wave Infrastructure Installer

Wave Support Software

WebFldrs XP

WebReg

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows XP Service Pack 3

Yahoo! Install Manager

.

==== Event Viewer Messages From Past Week ========

.

11/9/2011 6:36:05 PM, error: NETLOGON [5719] - No Domain Controller is available for domain AMBIO due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

11/9/2011 11:05:55 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer Ambiodc using any of the configured protocols.

11/9/2011 1:57:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the EpsonBidirectionalService service to connect.

11/9/2011 1:57:14 PM, error: Service Control Manager [7000] - The EpsonBidirectionalService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

dds1 0937 2011-11-12.txt

attach1 0920 2011-11-12.txt

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!