PDA

View Full Version : Yet another case of malware



VanHalenRock
2009-07-13, 22:48
I'm pretty sure I have a bad case of malware. I would be grateful if anyone would look over these logs. Thanks:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:57 PM, on 7/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Steam2\Steam.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9319 bytes

I have discovered many problems after i posted that report. I can't defrag my hardrive, google searches fail, and i cannot run search and destroy or malwarebytes. And I can't run most exe's. This problem may be bigger then I imagined.

(Well, i suppose i knew about malwarebytes and search and destroy not working before posting the logs, but it still doesnt work.)

Thanks for your support

km2357
2009-07-14, 21:06
Hello and welcome to Safer Networking.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

I will be back as soon as possible with your first instructions!

km2357
2009-07-14, 21:11
Step # 1: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.


Step # 2 Download and Run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


In your next post/reply, I need to see the following:

1. Uninstall List
2. The two RSIT Logs (log and info.txt)

VanHalenRock
2009-07-14, 22:09
Uninstall List

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Advertisement Service
Agere Systems PCI Soft Modem
Altitude 1.0.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
Azada
Battlefield 2142 Deluxe Edition
Big Fish Games Client
CC_ccProxyMSI
CC_ccStart
ccCommon
Compaq Connections
Diablo
Download Accelerator Plus (DAP)
Dynomite Deluxe
EA Download Manager
Easy Internet Sign-up
Frets On Fire
Heavy Weapon Deluxe
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
Icy Tower v1.4
ijji - Gunz
ijji Auto Installer
Internet Worm Protection
Iron Plague Movies 3.0
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
KBD
Killing Floor
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XNA Framework Redistributable 3.0
mIRC
Morrowind
Mozilla Firefox (3.0.11)
MSN
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Mummy Maze Deluxe
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall (Symantec Corporation)
Norton Security Center
Norton WMI Update
NVIDIA PhysX
PC-Doctor for Windows
Plants vs. Zombies
Platypus
Project64 1.6
PS2
PunkBuster Services
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
Rocket Mania Deluxe
Sacrifice
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sonic RecordNow!
SPBBC
Spybot - Search & Destroy
Steam
Symantec
SymNet
System Requirements Lab
TAK Iron Plague 3.0
Team Fortress 2
TES Construction Set
Total Annihilation: Kingdoms
Trine
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Uplink
VirtualCloneDrive
WarZone Client v1.0.44
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB883667
WinRAR archiver




Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2009-07-14 14:06:14
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 11 GB (20%) free of 53 GB
Total RAM: 767 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:16 PM, on 7/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Steam2\Steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9558 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\XoftSpy.job
C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
CNisExtBho Class - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2003-12-11 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton AntiVirus\NavShExt.dll [2004-08-18 210048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton AntiVirus\NavShExt.dll [2004-08-18 210048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2004-10-26 32881]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-21 155648]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-06-04 286720]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"VTTimer"=VTTimer.exe []
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-08-13 58488]
"SSC_UserPrompt"=c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-08-05 218240]
"NAV CfgWiz"=c:\Program Files\Norton AntiVirus\CfgWiz.exe [2004-08-18 132248]
"IS CfgWiz"=c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe [2003-11-04 124096]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-30 344064]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2009-04-21 2802688]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-01-29 52392]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-10-26 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"net"=C:\WINDOWS\system32\net.net [2009-07-13 110592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"Steam"=C:\Program Files\Steam2\Steam.exe [2009-06-25 1217784]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-30 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-21 344064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:*:Enabled:Battlefield 2142"
"C:\Program Files\Steam\steamapps\videogamefreak812\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\videogamefreak812\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe"="C:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe:*:Enabled:Garena"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Xfire\dppm_source.exe"="C:\Program Files\Xfire\dppm_source.exe:*:Disabled:Dyyno P2P Source Application"
"C:\Program Files\Zachtronics Industries\Infiniminer\InfiniminerServer.exe"="C:\Program Files\Zachtronics Industries\Infiniminer\InfiniminerServer.exe:*:Enabled:InfiniminerServer"
"C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver"
"C:\Cavedog\Kingdoms\Kingdoms.icd"="C:\Cavedog\Kingdoms\Kingdoms.icd:*:Enabled:Total Annihilation: Kingdoms"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\Diablo\Diablo.exe"="C:\Program Files\Diablo\Diablo.exe:*:Enabled:Diablo"
"C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe"="C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor"
"C:\Program Files\Steam\steamapps\videogamefreak812\dystopia\hl2.exe"="C:\Program Files\Steam\steamapps\videogamefreak812\dystopia\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Altitude\altitude.exe"="C:\Program Files\Altitude\altitude.exe:*:Enabled:altitude"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe"="C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII"
"C:\Program Files\Steam2\steamapps\videogamefreak812\team fortress 2\hl2.exe"="C:\Program Files\Steam2\steamapps\videogamefreak812\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam2\steamapps\common\defcon\defcon.exe"="C:\Program Files\Steam2\steamapps\common\defcon\defcon.exe:*:Enabled:Defcon"
"C:\Program Files\Altitude\map_editor.exe"="C:\Program Files\Altitude\map_editor.exe:*:Enabled:map_editor"
"C:\Program Files\Steam2\steamapps\common\killingfloor\System\KillingFloor.exe"="C:\Program Files\Steam2\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

======List of files/folders created in the last 1 months======

2009-07-14 14:06:14 ----D---- C:\rsit
2009-07-13 13:04:30 ----D---- C:\Documents and Settings\All Users\Application Data\19548904
2009-07-06 22:34:15 ----D---- C:\Program Files\InterActual
2009-07-03 23:10:00 ----D---- C:\Program Files\Trine
2009-07-02 13:55:52 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-06-28 14:46:04 ----D---- C:\CrashReport
2009-06-27 16:12:59 ----D---- C:\games
2009-06-26 17:15:25 ----D---- C:\WINDOWS\system32\AGEIA
2009-06-26 17:15:25 ----D---- C:\Program Files\AGEIA Technologies
2009-06-26 17:09:56 ----D---- C:\Program Files\Nobilis
2009-06-25 13:24:29 ----D---- C:\Program Files\Steam2

======List of files/folders modified in the last 1 months======

2009-07-14 12:28:03 ----D---- C:\Program Files\Mozilla Firefox
2009-07-14 10:55:57 ----D---- C:\WINDOWS\Prefetch
2009-07-14 10:55:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-14 10:55:32 ----D---- C:\WINDOWS\temp
2009-07-14 10:54:37 ----D---- C:\WINDOWS\system32
2009-07-14 10:54:36 ----D---- C:\WINDOWS\system32\drivers
2009-07-13 23:05:25 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Xfire
2009-07-13 22:00:08 ----SD---- C:\WINDOWS\Tasks
2009-07-13 21:07:24 ----D---- C:\Program Files\Diablo II
2009-07-13 20:23:33 ----D---- C:\Program Files\Warcraft III
2009-07-13 18:11:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-13 14:22:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-13 14:15:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 14:12:39 ----D---- C:\WINDOWS
2009-07-13 13:26:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-11 23:56:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-10 11:36:06 ----D---- C:\Program Files\Altitude
2009-07-08 19:18:10 ----SD---- C:\Program Files\Xfire
2009-07-08 01:12:15 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2009-07-06 22:34:15 ----RD---- C:\Program Files
2009-07-06 18:48:40 ----SHD---- C:\WINDOWS\Installer
2009-07-06 18:40:22 ----HD---- C:\Config.Msi
2009-07-06 18:39:26 ----D---- C:\WINDOWS\system32\DirectX
2009-07-06 18:39:26 ----D---- C:\Program Files\Electronic Arts
2009-07-06 18:39:24 ----HD---- C:\WINDOWS\inf
2009-07-06 18:37:53 ----D---- C:\WINDOWS\WinSxS
2009-07-01 13:27:42 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\mIRC
2009-07-01 13:20:53 ----D---- C:\Program Files\mIRC
2009-06-28 18:55:12 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-06-27 14:46:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-26 17:14:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-26 17:13:50 ----RSD---- C:\WINDOWS\assembly
2009-06-25 13:28:20 ----D---- C:\Program Files\fail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-08-13 266368]
R2 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-30 1333760]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-06 13872]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041006.020\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041006.020\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton AntiVirus\SAVRT.SYS []
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-08-13 25824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-03-02 29184]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-21 737874]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-30 229888]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20040813.178\symidsco.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-09-23 173312]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-30 376832]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2003-12-09 218232]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-08-13 164984]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton AntiVirus\navapsvc.exe [2004-08-18 176768]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-11 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-06-28 189568]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-08-06 308352]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-08-13 206048]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-30 516096]
S2 NPFMntor;Norton AntiVirus Firewall Monitor Service; c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe [2004-08-18 46208]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-08-13 197752]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-08-13 78968]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-06-04 401408]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-04-26 2870429]
S3 SAVScan;SAVScan; c:\Program Files\Norton AntiVirus\SAVScan.exe [2004-07-23 197864]
S3 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




Info

info.txt logfile of random's system information tool 1.06 2009-07-14 14:06:22

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Advertisement Service-->C:\WINDOWS\system32\net.net Uninstall
Agere Systems PCI Soft Modem-->agrsmdel
Altitude 1.0.0-->C:\Program Files\Altitude\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Azada -->"C:\Program Files\Azada\Uninstall.exe"
Battlefield 2142 Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
CC_ccProxyMSI-->MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart-->MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Compaq Connections-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 6750491
Diablo-->C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
Dynomite Deluxe-->"C:\Program Files\PopCap Games\Dynomite Deluxe\unins000.exe"
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Frets On Fire-->"C:\Program Files\Frets on Fire\Uninstall.exe"
Heavy Weapon Deluxe-->"C:\Program Files\PopCap Games\Heavy Weapon Deluxe\unins000.exe"
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Icy Tower v1.4-->"c:\games\icytower1.4\unins000.exe"
ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Iron Plague Movies 3.0-->C:\Cavedog\Kingdoms\Movies\unins000.exe
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{00FC6799-866E-44A1-A60C-DCF394CF56FD}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Killing Floor-->"C:\Program Files\Steam2\steam.exe" steam://uninstall/1250
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft XNA Framework Redistributable 3.0-->MsiExec.exe /I{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Morrowind-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Mummy Maze Deluxe-->"C:\Program Files\PopCap Games\Mummy Maze Deluxe\unins000.exe"
Norton AntiVirus 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Personal Firewall (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}.exe /X
Norton Personal Firewall-->MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
PC-Doctor for Windows-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
Plants vs. Zombies-->C:\Program Files\PopCap Games\Plants vs. Zombies\PopUninstall.exe "C:\Program Files\PopCap Games\Plants vs. Zombies\Install.log"
Platypus-->"C:\Program Files\PopCap Games\Platypus\unins000.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Rocket Mania Deluxe-->"C:\Program Files\PopCap Games\Rocket Mania Deluxe\unins000.exe"
Sacrifice-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6231FDA0-7E6F-11D4-A671-006008D09831}\Setup.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TAK Iron Plague 3.0-->C:\Cavedog\Kingdoms\unins000.exe
Team Fortress 2-->"C:\Program Files\Steam2\steam.exe" steam://uninstall/440
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
Total Annihilation: Kingdoms-->C:\WINDOWS\IsUninst.exe -fC:\Cavedog\Kingdoms\Uninst.isu
Trine-->"C:\Program Files\Trine\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Uplink-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Uplink\Uninst.isu"
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
WarZone Client v1.0.44-->C:\PROGRA~1\WarZone\UNWISE.EXE C:\PROGRA~1\WarZone\INSTALL.LOG
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> [2009-01-21]
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe [2009-01-21]
O4 - HKLM\..\Run: [70cd6b0a] rundll32.exe "C:\WINDOWS\system32\nyphmlxh.dll",b [2009-01-21]
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2009-01-21]
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE [2009-01-21]
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) [2009-01-25]
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) [2009-01-25]

======Security center information======

AV: Norton AntiVirus 2005
FW: Norton Internet Worm Protection

======System event log======

Computer Name: JACOB
Event Code: 256
Message: Timed out sending notification of device interface change to window of "Settings - Steam"

Record Number: 36
Source Name: PlugPlayManager
Time Written: 20090626113606.000000-300
Event Type: warning
User:

Computer Name: JACOB
Event Code: 256
Message: Timed out sending notification of device interface change to window of "Settings - Steam"

Record Number: 35
Source Name: PlugPlayManager
Time Written: 20090626113606.000000-300
Event Type: warning
User:

Computer Name: JACOB
Event Code: 256
Message: Timed out sending notification of device interface change to window of "Settings - Steam"

Record Number: 34
Source Name: PlugPlayManager
Time Written: 20090626113604.000000-300
Event Type: warning
User:

Computer Name: JACOB
Event Code: 256
Message: Timed out sending notification of device interface change to window of "Settings - Steam"

Record Number: 33
Source Name: PlugPlayManager
Time Written: 20090626113603.000000-300
Event Type: warning
User:

Computer Name: JACOB
Event Code: 256
Message: Timed out sending notification of device interface change to window of "Settings - Steam"

Record Number: 32
Source Name: PlugPlayManager
Time Written: 20090626113602.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: JACOB
Event Code: 1000
Message: Faulting application braid.exe, version 0.0.0.0, faulting module braid.exe, version 0.0.0.0, fault address 0x0003853e.

Record Number: 177
Source Name: Application Error
Time Written: 20090417162952.000000-300
Event Type: error
User:

Computer Name: JACOB
Event Code: 1000
Message: Faulting application braid.exe, version 0.0.0.0, faulting module braid.exe, version 0.0.0.0, fault address 0x0003853e.

Record Number: 175
Source Name: Application Error
Time Written: 20090417162948.000000-300
Event Type: error
User:

Computer Name: JACOB
Event Code: 1000
Message: Faulting application braid.exe, version 0.0.0.0, faulting module braid.exe, version 0.0.0.0, fault address 0x0003853e.

Record Number: 173
Source Name: Application Error
Time Written: 20090417162944.000000-300
Event Type: error
User:

Computer Name: JACOB
Event Code: 1000
Message: Faulting application braid.exe, version 0.0.0.0, faulting module braid.exe, version 0.0.0.0, fault address 0x0003853e.

Record Number: 171
Source Name: Application Error
Time Written: 20090417162937.000000-300
Event Type: error
User:

Computer Name: JACOB
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 165
Source Name: ASP.NET 1.1.4322.0
Time Written: 20090417153435.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

km2357
2009-07-15, 07:47
Step # 1: Disable Teatimer

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

This is a two step process.
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.



Step # 2: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt and a fresh HiJackThis Log in your next reply.

Use multiple posts if you can't fit everything into one post.

VanHalenRock
2009-07-15, 19:06
ComboFix Log

ComboFix 09-07-14.08 - Compaq_Owner 07/15/2009 10:43.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.565 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix02.exe
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\19548904
c:\documents and settings\All Users\Application Data\19548904\19548904.exe
c:\program files\system\smss.exe.assembly
c:\recycler\S-1-5-21-3999101701-2381902238-82915049-1008
c:\windows\Installer\10233f.msi
c:\windows\Installer\102345.msi
c:\windows\Installer\11115f0.msi
c:\windows\Installer\13167e9.msi
c:\windows\Installer\134af53.msi
c:\windows\Installer\137843.msi
c:\windows\Installer\1385bd1.msi
c:\windows\Installer\172104.msi
c:\windows\Installer\1784297.msi
c:\windows\Installer\178429d.msi
c:\windows\Installer\1bd30e4.msp
c:\windows\Installer\1d92b2.msi
c:\windows\Installer\1d92b8.msi
c:\windows\Installer\1d92ed.msi
c:\windows\Installer\1d92fe.msi
c:\windows\Installer\1d9342.msi
c:\windows\Installer\1d934a.msi
c:\windows\Installer\1d9352.msi
c:\windows\Installer\1d935a.msi
c:\windows\Installer\1d9361.msi
c:\windows\Installer\1d9367.msi
c:\windows\Installer\1d93a9.msi
c:\windows\Installer\2275e1c.msp
c:\windows\Installer\28269ae.msp
c:\windows\Installer\287c9.msi
c:\windows\Installer\2934517.msi
c:\windows\Installer\293451e.msp
c:\windows\Installer\2af86d9.msi
c:\windows\Installer\2b46e.msi
c:\windows\Installer\2e349.msi
c:\windows\Installer\2e394.msp
c:\windows\Installer\3339a.msi
c:\windows\Installer\3b33b8.msi
c:\windows\Installer\3b33be.msi
c:\windows\Installer\3b33c4.msi
c:\windows\Installer\3b33ca.msi
c:\windows\Installer\3b33d0.msi
c:\windows\Installer\3b33d6.msi
c:\windows\Installer\3b33dc.msi
c:\windows\Installer\3b33e2.msi
c:\windows\Installer\3b33e8.msi
c:\windows\Installer\3b33ee.msi
c:\windows\Installer\3b6332.msi
c:\windows\Installer\41809d.msi
c:\windows\Installer\4180a3.msi
c:\windows\Installer\4180af.msi
c:\windows\Installer\4180b9.msi
c:\windows\Installer\4b974.msi
c:\windows\Installer\5ac61d.msi
c:\windows\Installer\5de955.msi
c:\windows\Installer\6fc261.msi
c:\windows\Installer\70d05d7.msp
c:\windows\Installer\800447.msi
c:\windows\Installer\9f1f8.msi
c:\windows\Installer\bd2680.msi
c:\windows\Installer\be939.msi
c:\windows\Installer\ce2ea6.msi
c:\windows\Installer\d4bff.msi
c:\windows\Installer\d4c05.msi
c:\windows\Installer\e78ae.msi
c:\windows\Installer\e78b3.msi
c:\windows\Installer\f02af2.msi
c:\windows\system32\drivers\hjgruiqjdsoary.sys
c:\windows\system32\drivers\UACbodjoeptbablrdvqv.sys
c:\windows\system32\hjgruicxgfkthu.dll
c:\windows\system32\hjgruijwcwjktl.dat
c:\windows\system32\hjgruioqvhlfob.dat
c:\windows\system32\hjgruityexyprq.dll
c:\windows\system32\net.net
c:\windows\system32\UACegsmlnjoalruggxwm.dll
c:\windows\system32\UACgphqhxngkjfvcjheg.dll
c:\windows\system32\UAChjbsomhyvtnwycnld.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmvovotkgsyjxjaifv.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACurpempfwlpbimovpb.dll
c:\windows\system32\UACwponqtjlqcrnswwuf.dat
c:\windows\system32\UACxuiyliqudltvhrrel.dll
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruitnxmkxvr
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-14 19:06 . 2009-07-14 19:06 -------- d-----w- C:\rsit
2009-07-13 19:22 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 19:22 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-07 20:23 . 2009-07-01 22:53 52224 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
2009-07-07 20:23 . 2009-07-01 22:53 114688 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\npmozax.dll
2009-07-07 03:34 . 2009-07-07 03:40 -------- d-----w- c:\program files\InterActual
2009-07-04 04:10 . 2009-07-04 04:12 -------- d-----w- c:\program files\Trine
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-28 19:46 . 2009-06-28 19:46 -------- d-----w- C:\CrashReport
2009-06-27 21:12 . 2009-06-27 21:12 -------- d-----w- C:\games
2009-06-26 22:15 . 2009-06-26 22:15 -------- d-----w- c:\windows\system32\AGEIA
2009-06-26 22:15 . 2009-06-26 22:15 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-26 22:09 . 2009-06-26 22:09 -------- d-----w- c:\program files\Nobilis
2009-06-26 16:15 . 2009-06-25 21:36 1291640 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-26 16:15 . 2009-06-25 21:36 729088 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-25 18:24 . 2009-07-15 15:13 -------- d-----w- c:\program files\Steam2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 15:49 . 2009-01-21 22:14 -------- d-----w- c:\program files\System
2009-07-15 15:12 . 2004-10-27 21:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-15 04:28 . 2009-04-14 02:25 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Xfire
2009-07-15 03:05 . 2007-04-14 16:54 -------- d-----w- c:\program files\Warcraft III
2009-07-14 02:07 . 2008-06-10 21:04 -------- d-----w- c:\program files\Diablo II
2009-07-13 19:22 . 2009-01-25 16:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 19:15 . 2005-02-19 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 18:26 . 2005-02-19 17:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-10 16:36 . 2009-06-10 03:01 -------- d-----w- c:\program files\Altitude
2009-07-09 00:18 . 2006-07-08 23:45 -------- d-s---w- c:\program files\Xfire
2009-07-08 06:12 . 2009-04-17 02:58 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2009-07-06 23:39 . 2009-01-19 01:08 -------- d-----w- c:\program files\Electronic Arts
2009-07-01 18:27 . 2009-04-19 18:08 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\mIRC
2009-07-01 18:20 . 2009-03-21 04:26 -------- d-----w- c:\program files\mIRC
2009-06-28 23:55 . 2009-04-14 02:55 137736 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-28 23:55 . 2009-04-14 02:55 189568 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-27 19:46 . 2004-10-27 02:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 22:14 . 2008-03-27 23:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-25 18:28 . 2009-01-09 21:15 -------- d-----w- c:\program files\fail
2009-06-11 19:26 . 2009-06-11 19:26 139152 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\PnkBstrK.sys
2009-06-11 19:26 . 2009-06-11 19:26 139152 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\PnkBstrK.sys
2009-06-11 19:25 . 2009-06-11 19:25 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-11 19:25 . 2009-04-14 02:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-09 21:16 . 2009-06-09 21:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\fretsonfire
2009-06-07 21:13 . 2009-04-26 07:23 -------- d-----w- c:\program files\Dyson
2009-06-04 03:36 . 2009-06-04 03:36 8854 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-06-04 03:36 . 2009-06-04 03:36 40960 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-06-04 03:36 . 2009-06-04 03:36 40960 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-06-02 15:52 . 2009-04-14 02:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-28 01:25 . 2009-05-28 01:25 6063 ----a-w- c:\windows\DiabUnin.dat
2009-05-28 01:25 . 2009-05-28 01:25 2829 ----a-w- c:\windows\DiabUnin.pif
2009-05-28 01:25 . 2009-05-28 01:25 118784 ----a-w- c:\windows\DiabUnin.exe
2009-05-28 01:18 . 2009-05-28 00:47 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\HP
2009-05-28 00:47 . 2009-05-28 00:40 124018 ----a-w- c:\windows\HPHins12.dat
2009-05-28 00:47 . 2009-05-28 00:41 -------- d-----w- c:\program files\HP
2009-05-28 00:47 . 2009-05-28 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-05-28 00:45 . 2009-05-28 00:45 -------- d-----w- c:\program files\Common Files\HP
2009-05-28 00:43 . 2009-05-28 00:43 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-28 00:28 . 2009-05-28 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-28 00:28 . 2009-05-28 00:10 -------- d-----w- c:\program files\NOS
2009-05-28 00:23 . 2009-05-28 00:23 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-28 00:23 . 2009-06-11 20:37 38200 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-28 00:22 . 2005-02-21 15:26 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-27 19:53 . 2004-11-17 10:48 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-05-26 05:26 . 2009-05-26 05:03 -------- d--h--w- c:\documents and settings\Compaq_Owner\Application Data\ijjigame
2009-05-26 05:02 . 2007-12-08 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\IJJIGame
2009-05-25 13:30 . 2009-05-25 13:30 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Template
2009-05-25 13:30 . 2009-05-25 13:30 0 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-05-13 01:48 . 2009-05-26 05:00 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-07 15:44 . 2004-11-17 11:09 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 01:58 . 2009-04-14 02:11 29632 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 01:29 . 2005-04-10 15:44 82 -c--a-w- c:\windows\popcinfo.dat
2009-05-03 18:23 . 2009-05-03 18:23 207872 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-05-03 18:23 . 2009-05-03 18:23 207872 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-05-03 18:23 . 2009-05-03 18:23 207872 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-05-03 18:23 . 2009-05-03 18:23 207872 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-04-30 00:11 . 2009-05-26 05:00 66992 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-04-29 04:52 . 2004-11-17 10:49 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-11-17 11:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-21 21:10 . 2009-04-21 21:10 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-04-17 22:20 . 2009-04-17 22:20 104784 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-17 09:58 . 2004-11-17 10:49 1846656 ----a-w- c:\windows\system32\win32k.sys
2003-12-18 17:33 . 2006-12-10 22:26 20102 -c--a-w- c:\program files\Readme.txt
2003-09-03 13:46 . 2006-12-10 22:26 10960 -c--a-w- c:\program files\EULA.txt
2009-06-13 02:14 . 2008-06-17 23:25 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"Steam"="c:\program files\Steam2\Steam.exe" [2009-06-25 1217784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-10-27 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-05 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 58488]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-06 218240]
"NAV CfgWiz"="c:\program files\Norton AntiVirus\CfgWiz.exe" [2004-08-18 132248]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\cfgwiz.exe" [2003-11-05 124096]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-31 344064]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-04-21 2802688]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-10-27 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-08 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-10-26 45056]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\Garena.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Xfire\\dppm_source.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Altitude\\altitude.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam2\\steamapps\\videogamefreak812\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Altitude\\map_editor.exe"=
"c:\\Program Files\\Steam2\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\APCA2.tmp --> c:\docume~1\COMPAQ~1\LOCALS~1\Temp\APCA2.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder

2004-10-27 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-27 07:26]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-net - c:\windows\system32\net.net
HKLM-Run-VTTimer - VTTimer.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\
FF - component: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 10:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\COMPAQ~1\LOCALS~1\Temp\APCA2.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1002040335-676650474-2013391731-1008\Software\SecuROM\License information*]
"datasecu"=hex:f4,6c,f6,a0,12,a4,ee,03,8f,7a,1f,34,87,8f,16,6c,7f,e8,a3,75,fd,
6a,d2,c8,07,14,d2,95,dd,0d,9c,08,70,8b,8b,60,9d,a6,70,b5,b1,85,05,61,42,38,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-15 10:53
ComboFix-quarantined-files.txt 2009-07-15 15:53

Pre-Run: 11,271,585,792 bytes free
Post-Run: 11,245,121,536 bytes free

314 --- E O F --- 2009-06-11 03:34



HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:53 AM, on 7/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7580 bytes



Again, thanks for all the help!

VanHalenRock
2009-07-15, 19:08
Oh, I forgot to add that it said Nortan Antivirus whatever was still on... even though I dont even have it installed... So I don't think it caused any problems.

km2357
2009-07-15, 21:15
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent

I'd like you to read the Guidelines for P2P Programs (http://spywarewarrior.com/viewtopic.php?t=26216) where we explain why it's not a good idea to have them.

Also available here (http://forum.malwareremoval.com/viewtopic.php?t=23812&sid=a609c56441d8a2e5dc8d24e3e96420cc).

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



Step # 1: Run CFScript


Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


KILLALL::

Folder::

c:\documents and settings\Compaq_Owner\Application Data\uTorrent
c:\Program Files\uTorrent

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif


Note: This CFScript is for use on VanHalenRock's computer only! Do not use it on your computer.


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh HiJackThis Log taken after Step 1 has been completed.

VanHalenRock
2009-07-15, 21:45
The ComboFix did not produce a log, where does it get saved to so I can retrieve it?

Oh and here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:37 PM, on 7/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8469 bytes

km2357
2009-07-15, 21:51
The ComboFix did not produce a log, where does it get saved to so I can retrieve it?

Look for ComboFix.txt in either the C:\ComboFix or C:\Qoobox folders.

VanHalenRock
2009-07-15, 21:53
Found it!



ComboFix 09-07-14.08 - Compaq_Owner 07/15/2009 13:26:14.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.462 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix02.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
AV: Norton AntiVirus 2005 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Application Data\uTorrent
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\Boston - Greatest Hits (1997) KompletlyWyred DHZ Inc Release.torrent
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\Braid.torrent
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\dht.dat
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\resume.dat
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\rss.dat
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\settings.dat
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Compaq_Owner\Application Data\uTorrent\utorrent.lng

.
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-14 19:06:14 . 2009-07-14 19:06:22 0 d-----w- C:\rsit
2009-07-13 19:22:28 . 2009-06-17 16:27:56 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-07-13 19:22:25 . 2009-06-17 16:27:44 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-07-07 20:23:02 . 2009-07-01 22:53:22 52224 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
2009-07-07 20:23:01 . 2009-07-01 22:53:22 114688 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\npmozax.dll
2009-07-07 03:34:15 . 2009-07-07 03:40:32 0 d-----w- C:\Program Files\InterActual
2009-07-04 04:10:00 . 2009-07-04 04:12:46 0 d-----w- C:\Program Files\Trine
2009-07-02 18:55:52 . 2009-07-02 18:55:52 41808 ----a-w- C:\WINDOWS\system32\xfcodec.dll
2009-06-28 19:46:04 . 2009-06-28 19:46:04 0 d-----w- C:\CrashReport
2009-06-27 21:12:59 . 2009-06-27 21:12:59 0 d-----w- C:\games
2009-06-26 22:15:25 . 2009-06-26 22:15:25 0 d-----w- C:\WINDOWS\system32\AGEIA
2009-06-26 22:15:25 . 2009-06-26 22:15:25 0 d-----w- C:\Program Files\AGEIA Technologies
2009-06-26 22:09:56 . 2009-06-26 22:09:56 0 d-----w- C:\Program Files\Nobilis
2009-06-26 16:15:29 . 2009-06-25 21:36:16 1291640 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-26 16:15:29 . 2009-06-25 21:36:14 729088 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0nikklbx.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-25 18:24:29 . 2009-07-15 18:36:42 0 d-----w- C:\Program Files\Steam2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 18:36:59 . 2004-10-27 21:37:27 0 d-----w- C:\Program Files\Common Files\Symantec Shared
2009-07-15 18:25:36 . 2009-04-14 02:25:15 0 d-----w- C:\Documents and Settings\Compaq_Owner\Application Data\Xfire
2009-07-15 15:49:50 . 2009-01-21 22:14:08 0 d-----w- C:\Program Files\System
2009-07-15 03:05:34 . 2007-04-14 16:54:41 0 d-----w- C:\Program Files\Warcraft III
2009-07-14 02:07:24 . 2008-06-10 21:04:12 0 d-----w- C:\Program Files\Diablo II
2009-07-13 19:22:32 . 2009-01-25 16:29:16 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-13 19:15:14 . 2005-02-19 17:34:07 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-13 18:26:30 . 2005-02-19 17:34:05 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-07-10 16:36:06 . 2009-06-10 03:01:41 0 d-----w- C:\Program Files\Altitude
2009-07-09 00:18:10 . 2006-07-08 23:45:41 0 d-s---w- C:\Program Files\Xfire
2009-07-06 23:39:26 . 2009-01-19 01:08:45 0 d-----w- C:\Program Files\Electronic Arts
2009-07-01 18:27:42 . 2009-04-19 18:08:24 0 d-----w- C:\Documents and Settings\Compaq_Owner\Application Data\mIRC
2009-07-01 18:20:53 . 2009-03-21 04:26:56 0 d-----w- C:\Program Files\mIRC
2009-06-28 23:55:35 . 2009-04-14 02:55:45 137736 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2009-06-28 23:55:12 . 2009-04-14 02:55:31 189568 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2009-06-27 19:46:12 . 2004-10-27 02:36:58 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-06-26 22:14:50 . 2008-03-27 23:41:34 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-25 18:28:20 . 2009-01-09 21:15:34 0 d-----w- C:\Program Files\fail
2009-06-11 19:26:22 . 2009-06-11 19:26:22 139152 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\PnkBstrK.sys
2009-06-11 19:26:22 . 2009-06-11 19:26:22 139152 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\PnkBstrK.sys
2009-06-11 19:25:57 . 2009-06-11 19:25:56 794408 ----a-w- C:\WINDOWS\system32\pbsvc.exe
2009-06-11 19:25:57 . 2009-04-14 02:53:39 75064 ----a-w- C:\WINDOWS\system32\PnkBstrA.exe
2009-06-09 21:16:45 . 2009-06-09 21:12:22 0 d-----w- C:\Documents and Settings\Compaq_Owner\Application Data\fretsonfire
2009-06-07 21:13:42 . 2009-04-26 07:23:36 0 d-----w- C:\Program Files\Dyson
2009-06-04 03:36:38 . 2009-06-04 03:36:38 8854 ----a-r- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-06-04 03:36:38 . 2009-06-04 03:36:38 40960 ----a-r- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-06-04 03:36:38 . 2009-06-04 03:36:38 40960 ----a-r- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-06-02 15:52:30 . 2009-04-14 02:43:58 107888 ----a-w- C:\WINDOWS\system32\CmdLineExt.dll
2009-05-28 01:25:46 . 2009-05-28 01:25:04 6063 ----a-w- C:\WINDOWS\DiabUnin.dat
2009-05-28 01:25:08 . 2009-05-28 01:25:08 2829 ----a-w- C:\WINDOWS\DiabUnin.pif
2009-05-28 01:25:08 . 2009-05-28 01:25:08 118784 ----a-w- C:\WINDOWS\DiabUnin.exe
2009-05-28 01:18:34 . 2009-05-28 00:47:22 0 d-----w- C:\Documents and Settings\Compaq_Owner\Application Data\HP
2009-05-28 00:47:36 . 2009-05-28 00:40:22 124018 ----a-w- C:\WINDOWS\HPHins12.dat
2009-05-28 00:47:09 . 2009-05-28 00:41:06 0 d-----w- C:\Program Files\HP
2009-05-28 00:47:08 . 2009-05-28 00:47:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\HP
2009-05-28 00:45:25 . 2009-05-28 00:45:25 0 d-----w- C:\Program Files\Common Files\HP
2009-05-28 00:43:53 . 2009-05-28 00:43:53 0 d-----w- C:\Program Files\Hewlett-Packard
2009-05-28 00:28:56 . 2009-05-28 00:10:06 0 d-----w- C:\Documents and Settings\All Users\Application Data\NOS
2009-05-28 00:28:56 . 2009-05-28 00:10:05 0 d-----w- C:\Program Files\NOS
2009-05-28 00:23:44 . 2009-05-28 00:23:44 0 d-----w- C:\Program Files\Common Files\Adobe AIR
2009-05-28 00:23:38 . 2009-06-11 20:37:05 38200 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-28 00:22:24 . 2005-02-21 15:26:42 0 d-----w- C:\Program Files\Common Files\Adobe
2009-05-27 19:53:17 . 2004-11-17 10:48:10 163644 ----a-w- C:\WINDOWS\system32\drivers\secdrv.sys
2009-05-26 05:26:06 . 2009-05-26 05:03:06 0 d--h--w- C:\Documents and Settings\Compaq_Owner\Application Data\ijjigame
2009-05-26 05:02:13 . 2007-12-08 17:20:18 0 d-----w- C:\Documents and Settings\All Users\Application Data\IJJIGame
2009-05-25 13:30:07 . 2009-05-25 13:30:07 0 d-----w- C:\Documents and Settings\Compaq_Owner\Application Data\Template
2009-05-25 13:30:06 . 2009-05-25 13:30:06 0 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2009-05-13 01:48:28 . 2009-05-26 05:00:21 710064 ----a-w- C:\WINDOWS\system32\ijjiSetup.exe
2009-05-07 15:44:00 . 2004-11-17 11:09:54 344064 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-05-04 01:58:05 . 2009-04-14 02:11:51 29632 ----a-w- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 01:29:53 . 2005-04-10 15:44:16 82 -c--a-w- C:\WINDOWS\popcinfo.dat
2009-05-03 18:23:26 . 2009-05-03 18:23:26 207872 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-05-03 18:23:26 . 2009-05-03 18:23:26 207872 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-05-03 18:23:26 . 2009-05-03 18:23:26 207872 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-05-03 18:23:26 . 2009-05-03 18:23:26 207872 ----a-w- C:\Documents and Settings\Compaq_Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-04-30 00:11:12 . 2009-05-26 05:00:21 66992 ----a-w- C:\WINDOWS\system32\ijjiProcessRestarter.exe
2009-04-29 04:52:40 . 2004-11-17 10:49:11 659456 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-04-29 04:52:38 . 2004-11-17 11:09:15 81920 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-04-21 21:10:47 . 2009-04-21 21:10:47 50688 ----a-w- C:\WINDOWS\system32\wbhelp2.dll
2009-04-17 22:20:40 . 2009-04-17 22:20:40 104784 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-17 09:58:57 . 2004-11-17 10:49:10 1846656 ----a-w- C:\WINDOWS\system32\win32k.sys
2003-12-18 17:33:46 . 2006-12-10 22:26:15 20102 -c--a-w- C:\Program Files\Readme.txt
2003-09-03 13:46:54 . 2006-12-10 22:26:15 10960 -c--a-w- C:\Program Files\EULA.txt
2009-06-13 02:14:46 . 2008-06-17 23:25:48 134648 ----a-w- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
.

km2357
2009-07-16, 08:09
Step # 1: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleanerİ by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Step # 2 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u14 (http://www.java.com/en/download/manual.jsp).
Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Remove the following old versions of Java:


Java 2 Runtime Environment, SE v1.4.2_03


Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.

From your desktop double-click on the download to install the newest version.



Step # 3 Run Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware.
Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
Next click the Scanner tab and select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
You can also access the log by doing the following:

Click on the Malwarebytes' Anti-Malware icon to launch the program.
Click on the Logs tab.
Click on the log at the bottom of those listed to highlight it.
Click Open.


In your next post/reply, I need to see the following:

1. MalwareBytes' Log
2. A fresh HiJackThis Log

VanHalenRock
2009-07-17, 06:20
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

7/16/2009 10:18:32 PM
mbam-log-2009-07-16 (22-18-32).txt

Scan type: Quick Scan
Objects scanned: 94605
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:58 PM, on 7/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Steam2\Steam.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8630 bytes

km2357
2009-07-17, 21:13
Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)


First, go to Add/Remove Programs and uninstall all previous versions.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

Note: Adobe 9.1.2 is a large program and if you prefer a smaller program you can get Foxit 3.0 instead from http://www.foxitsoftware.com/pdf/rd_intro.php

If you decide to install Foxit 3.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay



Step # 2: Run Kaspersky Online Scan

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.


In your next post/reply, I need to see the following:

1. Kaspersky Log
2. A fresh HiJackThis Log
3. How is your computer doing, any problems?

VanHalenRock
2009-07-18, 01:14
I only have a few moments to be on my computer right now so ill just answer to number 3. My computer is doing great, I do not think there are any more problems. I will get the Adobe update as soon as I can.

Is it really necessary to run the Kapersky scan?

km2357
2009-07-18, 07:17
Is it really necessary to run the Kapersky scan?

Yes, please do the Kaspersky scan. It will tell us if there are any leftover bad files/folders on your computer that we need to take care of.

km2357
2009-07-20, 21:37
VanHalenRock? How are things coming along?

km2357
2009-07-23, 21:08
This topic has been archived due to inactivity.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start a new topic.