PDA

View Full Version : Cant run spybot,redirected search issues



MrMeredith
2009-07-23, 23:36
I have some sort of virus that has caused issues like not being able to run or reinstall spybot, cant get to the "safer-networking" site, hijack this wouldn't run at first( I saw the trick on here to rename it skanneri and now I am able to run it), I also can not access other sites like microsoft update sites. I have also notcied that the icons on my taskbar at the bottom of the screen are much larger than they used to be, also all of my restore points are gone. Here is my hijack this log and thanks in advance for all of the help you give everyone!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:13 PM, on 7/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehshell.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Comcast Install 1.0; .NET CLR 1.0.3705; Media Center PC 2.8; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 3.0.lnk.disabled
O8 - Extra context menu item: &Search - ?p=ZJ
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: www.youtube.com
O15 - Trusted Zone: http://www.youtube.com
O15 - Trusted Zone: http://*.youtube.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229573415156
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229573399812
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5612/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{970DACF7-48C9-41E2-82D2-8101C53BA1BF}: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 15214 bytes

Shaba
2009-07-24, 07:10
Hi MrMeredith

Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download at your desktop DDS from one of the links below:

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.


Post:

- mbam log
- dds logs (taken after mbam run)

MrMeredith
2009-07-24, 10:48
Hello shaba and thank you for taking on my case! I downloaded mbam as you said and installed it,, the prob now is that I am not able to run it. I left the "launch mbam " checked and it didnt run,,I now have the desktop icon for "malwarebites" but when I click on the icon it does nothing... waiting for your next instructions! and tyvm

Shaba
2009-07-24, 15:47
Please rename malwarebytes executable, mbam.exe, to something else. It is located in C:\Program Files\Malwarebytes' Anti-Malware.

MrMeredith
2009-07-24, 19:06
I renamed the exe and was able to get it to open, I am not able to update the rules because I am not able to access the update site, I tried the link you posted and was unable to manually update the rules since I can not access the malwarebites website. I have not run the scan yet and will wait to hear what you want me to do. Thank you!

Shaba
2009-07-24, 19:37
That is ok, please run it then without updating next :)

MrMeredith
2009-07-24, 20:48
Here is the mbam log:
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/24/2009 12:36:43 PM
mbam-log-2009-07-24 (12-36-43).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 197659
Time elapsed: 55 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.209,85.255.112.191 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{970dacf7-48c9-41e2-82d2-8101c53ba1bf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.209,85.255.112.191 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.209,85.255.112.191 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{970dacf7-48c9-41e2-82d2-8101c53ba1bf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.209,85.255.112.191 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.209,85.255.112.191 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{970dacf7-48c9-41e2-82d2-8101c53ba1bf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.209,85.255.112.191 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.


dds log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Admin at 12:42:41.40 on Fri 07/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.429 [GMT -5:00]

FW: Norton Internet Security *disabled* {E641AC2D-955F-4A05-ABE7-F9C534ABDB46}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
svchost.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehshell.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Comcast Install 1.0; .NET CLR 1.0.3705; Media Center PC 2.8; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [BtcMaestro] "c:\program files\hp usb multimedia keyboard\KMaestro.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccRegVfy] "c:\program files\common files\symantec shared\ccRegVfy.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [AGRSMMSG] AGRSMMSG.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\admin\start menu\programs\startup\OpenOffice.org 3.0.lnk.disabled
IE: &Search - ?p=ZJ
IE: &Yahoo! Search
IE: Yahoo! &Dictionary
IE: Yahoo! &Maps
IE: Yahoo! &SMS
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\admin\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: adobe.com\www
Trusted Zone: google.com\www
Trusted Zone: youtube.com
Trusted Zone: youtube.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: Yahoo! Chinese Checkers - hxxp://download.games.yahoo.com/games/clients/y/cct0_x.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229573415156
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229573399812
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/mail/ymmapi.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5612/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\wdn86iot.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-14 64160]
R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [2003-9-16 4736]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-2-21 316672]
R2 ccPxySvc;Symantec Proxy Service;c:\program files\norton internet security\ccPxySvc.exe [2003-3-3 34040]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
RUnknown uxet;uxet; [x]
S2 mrtRate;mrtRate; [x]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-8-24 99352]
S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2005-12-25 116078]

=============== Created Last 30 ================

2009-07-24 11:00 <DIR> --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-07-24 02:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 02:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-24 02:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 02:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-23 15:23 <DIR> --d----- c:\program files\Trend Micro
2009-07-23 15:02 389,120 a------- c:\windows\system32\CF14869.exe
2009-07-23 14:59 389,120 a------- c:\windows\system32\CF14138.exe
2009-07-23 14:58 389,120 a------- c:\windows\system32\CF13935.exe
2009-07-21 15:54 <DIR> --d----- c:\program files\CCleaner
2009-07-21 15:48 <DIR> --d----- c:\windows\pss
2009-07-19 10:30 <DIR> --d----- c:\program files\common files\DivX Shared
2009-07-18 23:57 <DIR> --d----- C:\tly1
2009-07-18 19:58 <DIR> --d----- c:\docume~1\admin\applic~1\uTorrent
2009-07-03 10:15 <DIR> --d----- c:\program files\Comcast
2009-07-02 16:23 <DIR> --dsh--- c:\documents and settings\admin\IECompatCache
2009-07-02 16:22 <DIR> --dsh--- c:\documents and settings\admin\PrivacIE
2009-07-02 16:20 <DIR> --dsh--- c:\documents and settings\admin\IETldCache
2009-07-02 15:55 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-02 15:54 <DIR> --d----- c:\windows\ie8updates
2009-07-02 15:53 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-02 15:53 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 15:33 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-07-02 15:33 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-07-02 15:33 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-07-02 15:33 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-07-02 15:33 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-07-02 15:33 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-07-02 15:33 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-02 15:32 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-02 15:32 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-07-02 15:32 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-02 15:32 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat

==================== Find3M ====================

2009-07-23 22:15 34 a------- c:\documents and settings\admin\jagex_runescape_preferences.dat
2009-05-28 07:38 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 16:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2005-03-17 12:42 32 a--sh--- c:\windows\{CDECCE58-583C-473C-A935-EA8A0E27B8C8}.dat
2005-03-17 12:42 32 a--sh--- c:\windows\system32\{83B80169-5D84-44D0-AC0C-70E15A5DDC4D}.dat

============= FINISH: 12:44:00.84 ===============


attach (dds) log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/17/2005 12:36:07 PM
System Uptime: 7/24/2009 12:39:05 PM (0 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VX
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 40 GiB total, 6.09 GiB free.
D: is FIXED (NTFS) - 103 GiB total, 16.4 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&35F762C4&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&35F762C4&0
Service: i8042prt

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


32 Bit HP CIO Components Installer
AAC Decoder
Aces High II
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.6
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Advanced GIF Animator 2.22
Agere Systems AC'97 Modem
AOL Instant Messenger
Apple Software Update
ATI Control Panel
ATI Display Driver
AutoUpdate
AviSynth 2.5
Babarosa Gif Animator 3.6 (Remove only)
BitLord 1.1
CCleaner (remove only)
Click to DVD 1.3.01
Codec Pack - All In 1 6.0.2.7
Comcast High-Speed Internet Install Wizard
Create and Print Greeting Cards 1.0
Creative Driver
CuteFTP 7 Home
CuteFTP 7 Professional
CuteHTML
Desktop Doctor
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
DocumentViewerQFolder
Drag'n Drop CD+DVD
DVgate Plus
ERUNT 1.1j
Google Earth
Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Install Network Printer Wizard
HP USB Multimedia Keyboard Driver V1.2
HyperCam 2
ImageMixer for Sony
Insight Broadband QIC Service Activator
Intel(R) PRO Network Adapters and Drivers
Intel® Create & Share® Software
Interactive User’s Guide
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 12
Jasc Animation Shop 3
Java(TM) 6 Update 10
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Managed DirectX (0901)
MARS MR97310 VGA
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Picture It! Express 7.0
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works 7.0
mIRC
MKV Splitter
Move Networks Media Player for Internet Explorer
Movielink eHome version 1.1
Mozilla Firefox (3.0.11)
MSN Internet Software
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Music Visualizer Library 1.4.00
Nero 6 Ultra Edition
NeroMIX
Netscape (7.02)
Norton Internet Security
Norton WMI Update
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.7.00
OpenOffice.org 3.0
Operating System Communication Components
Picasa 2
PictureGear Studio 2.0
PokerStars
QFolder
Quicken 2004
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
ShareIns
SonicStage 4.3
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony on Yahoo! Essentials
Sony TV Tuner Library 1.0
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 8
Symantec Network Drivers Update
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
The Battle for Middle-earth (tm)
TMPGEnc DVD Author 1.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO BrightColor Wallpaper
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 4.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Registration
VAIO Support
VAIO Survey Standalone
VAIO System Information
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Welcome to VAIO life
WinAce Archiver
Winamp (remove only)
WinAVI VideoConverter
WinAVIVideoConverter
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Codec
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

7/24/2009 12:10:54 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/21/2009 2:31:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/21/2009 2:31:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/21/2009 2:30:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall Fips i8042prt intelppm SYMTDI
7/21/2009 2:30:48 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
7/19/2009 10:27:30 AM, error: Service Control Manager [7034] - The SymWMI Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2009 10:25:29 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Shaba
2009-07-24, 20:57
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent
BitLord 1.1


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new DDS scan when finished and post logs back here.

MrMeredith
2009-07-24, 21:15
I uninstalled bitlord as instructed. Utorrent is a prog that I uninstalled soon after I installed it, it did not come up on my add/remove software list, i used the search feature of xp to look for any files or folder with utorrent in them and it came back with no results. Please let me know if there is something else you would like me to do about utorrent.
Here are the logs:
dds:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Admin at 13:10:31.35 on Fri 07/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.319 [GMT -5:00]

FW: Norton Internet Security *disabled* {E641AC2D-955F-4A05-ABE7-F9C534ABDB46}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SONY\sHotKey\sHotKey.exe
svchost.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehshell.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\herbert.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\TR2LBLI3\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Comcast Install 1.0; .NET CLR 1.0.3705; Media Center PC 2.8; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [BtcMaestro] "c:\program files\hp usb multimedia keyboard\KMaestro.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccRegVfy] "c:\program files\common files\symantec shared\ccRegVfy.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [AGRSMMSG] AGRSMMSG.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\admin\start menu\programs\startup\OpenOffice.org 3.0.lnk.disabled
IE: &Search - ?p=ZJ
IE: &Yahoo! Search
IE: Yahoo! &Dictionary
IE: Yahoo! &Maps
IE: Yahoo! &SMS
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\admin\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: adobe.com\www
Trusted Zone: google.com\www
Trusted Zone: youtube.com
Trusted Zone: youtube.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: Yahoo! Chinese Checkers - hxxp://download.games.yahoo.com/games/clients/y/cct0_x.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229573415156
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229573399812
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/mail/ymmapi.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5612/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\wdn86iot.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-14 64160]
R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [2003-9-16 4736]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-2-21 316672]
R2 ccPxySvc;Symantec Proxy Service;c:\program files\norton internet security\ccPxySvc.exe [2003-3-3 34040]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
RUnknown uxet;uxet; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S2 mrtRate;mrtRate; [x]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-8-24 99352]
S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2005-12-25 116078]

=============== Created Last 30 ================

2009-07-24 11:00 <DIR> --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-07-24 02:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 02:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-24 02:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 02:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-23 15:23 <DIR> --d----- c:\program files\Trend Micro
2009-07-23 15:02 389,120 a------- c:\windows\system32\CF14869.exe
2009-07-23 14:59 389,120 a------- c:\windows\system32\CF14138.exe
2009-07-23 14:58 389,120 a------- c:\windows\system32\CF13935.exe
2009-07-21 15:54 <DIR> --d----- c:\program files\CCleaner
2009-07-21 15:48 <DIR> --d----- c:\windows\pss
2009-07-19 10:30 <DIR> --d----- c:\program files\common files\DivX Shared
2009-07-18 23:57 <DIR> --d----- C:\tly1
2009-07-18 19:58 <DIR> --d----- c:\docume~1\admin\applic~1\uTorrent
2009-07-03 10:15 <DIR> --d----- c:\program files\Comcast
2009-07-02 16:23 <DIR> --dsh--- c:\documents and settings\admin\IECompatCache
2009-07-02 16:22 <DIR> --dsh--- c:\documents and settings\admin\PrivacIE
2009-07-02 16:20 <DIR> --dsh--- c:\documents and settings\admin\IETldCache
2009-07-02 15:55 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-02 15:54 <DIR> --d----- c:\windows\ie8updates
2009-07-02 15:53 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-02 15:53 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 15:33 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-07-02 15:33 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-07-02 15:33 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-07-02 15:33 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-07-02 15:33 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-07-02 15:33 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-07-02 15:33 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-02 15:32 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-02 15:32 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-07-02 15:32 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-02 15:32 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat

==================== Find3M ====================

2009-07-23 22:15 34 a------- c:\documents and settings\admin\jagex_runescape_preferences.dat
2009-05-28 07:38 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 16:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2005-03-17 12:42 32 a--sh--- c:\windows\{CDECCE58-583C-473C-A935-EA8A0E27B8C8}.dat
2005-03-17 12:42 32 a--sh--- c:\windows\system32\{83B80169-5D84-44D0-AC0C-70E15A5DDC4D}.dat

============= FINISH: 13:11:23.07 ===============


attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/17/2005 12:36:07 PM
System Uptime: 7/24/2009 12:39:05 PM (1 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VX
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 40 GiB total, 6.064 GiB free.
D: is FIXED (NTFS) - 103 GiB total, 15.331 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&35F762C4&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&35F762C4&0
Service: i8042prt

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


32 Bit HP CIO Components Installer
AAC Decoder
Aces High II
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.6
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Advanced GIF Animator 2.22
Agere Systems AC'97 Modem
AOL Instant Messenger
Apple Software Update
ATI Control Panel
ATI Display Driver
AutoUpdate
AviSynth 2.5
Babarosa Gif Animator 3.6 (Remove only)
CCleaner (remove only)
Click to DVD 1.3.01
Codec Pack - All In 1 6.0.2.7
Comcast High-Speed Internet Install Wizard
Create and Print Greeting Cards 1.0
Creative Driver
CuteFTP 7 Home
CuteFTP 7 Professional
CuteHTML
Desktop Doctor
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
DocumentViewerQFolder
Drag'n Drop CD+DVD
DVgate Plus
ERUNT 1.1j
Google Earth
Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Install Network Printer Wizard
HP USB Multimedia Keyboard Driver V1.2
HyperCam 2
ImageMixer for Sony
Insight Broadband QIC Service Activator
Intel(R) PRO Network Adapters and Drivers
Intel® Create & Share® Software
Interactive User’s Guide
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 12
Jasc Animation Shop 3
Java(TM) 6 Update 10
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Managed DirectX (0901)
MARS MR97310 VGA
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Picture It! Express 7.0
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works 7.0
mIRC
MKV Splitter
Move Networks Media Player for Internet Explorer
Movielink eHome version 1.1
Mozilla Firefox (3.0.11)
MSN Internet Software
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Music Visualizer Library 1.4.00
Nero 6 Ultra Edition
NeroMIX
Netscape (7.02)
Norton Internet Security
Norton WMI Update
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.7.00
OpenOffice.org 3.0
Operating System Communication Components
Picasa 2
PictureGear Studio 2.0
PokerStars
QFolder
Quicken 2004
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
ShareIns
SonicStage 4.3
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony on Yahoo! Essentials
Sony TV Tuner Library 1.0
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 8
Symantec Network Drivers Update
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
The Battle for Middle-earth (tm)
TMPGEnc DVD Author 1.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO BrightColor Wallpaper
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 4.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Registration
VAIO Support
VAIO Survey Standalone
VAIO System Information
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Welcome to VAIO life
WinAce Archiver
Winamp (remove only)
WinAVI VideoConverter
WinAVIVideoConverter
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Codec
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

7/24/2009 12:10:54 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/21/2009 2:31:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/21/2009 2:31:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/21/2009 2:30:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall Fips i8042prt intelppm SYMTDI
7/21/2009 2:30:48 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
7/19/2009 10:27:30 AM, error: Service Control Manager [7034] - The SymWMI Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2009 10:25:29 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

Shaba
2009-07-25, 12:09
Delete this folder:

c:\documents and settings\admin\application data\uTorrent

Empty Recycle Bin.

Update MBAM and run full scan with it.

Rerun DDS.

Post:

- fresh DDS logs
- fresh MBAM log

MrMeredith
2009-07-25, 17:42
Deleted the folder that you refered to as well as another I found there named "bittorrent".
Here are the logs:
Malwarebytes' Anti-Malware 1.39
Database version: 2498
Windows 5.1.2600 Service Pack 3

7/25/2009 9:23:16 AM
mbam-log-2009-07-25 (09-23-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 190259
Time elapsed: 44 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




DDS (Ver_09-06-26.01) - NTFSx86
Run by Admin at 9:38:47.81 on Sat 07/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.407 [GMT -5:00]

FW: Norton Internet Security *disabled* {E641AC2D-955F-4A05-ABE7-F9C534ABDB46}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehshell.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\herbert.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GQ4TFG82\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Comcast Install 1.0; .NET CLR 1.0.3705; Media Center PC 2.8; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [BtcMaestro] "c:\program files\hp usb multimedia keyboard\KMaestro.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccRegVfy] "c:\program files\common files\symantec shared\ccRegVfy.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [AGRSMMSG] AGRSMMSG.exe
mRunOnce: [Uninstall Adobe Download Manager] "c:\docume~1\admin\locals~1\temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: &Search - ?p=ZJ
IE: &Yahoo! Search
IE: Yahoo! &Dictionary
IE: Yahoo! &Maps
IE: Yahoo! &SMS
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\admin\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: adobe.com\www
Trusted Zone: google.com\www
Trusted Zone: youtube.com
Trusted Zone: youtube.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: Yahoo! Chinese Checkers - hxxp://download.games.yahoo.com/games/clients/y/cct0_x.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229573415156
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229573399812
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/mail/ymmapi.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5612/mcfscan.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\wdn86iot.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-14 64160]
R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [2003-9-16 4736]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-2-21 316672]
R2 ccPxySvc;Symantec Proxy Service;c:\program files\norton internet security\ccPxySvc.exe [2003-3-3 34040]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 mrtRate;mrtRate; [x]
S3 ccPwdSvc;Symantec Password Validation Service;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-8-24 99352]
S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2005-12-25 116078]

=============== Created Last 30 ================

2009-07-24 11:00 <DIR> --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-07-24 02:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 02:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-24 02:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 02:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-23 15:23 <DIR> --d----- c:\program files\Trend Micro
2009-07-23 15:02 389,120 a------- c:\windows\system32\CF14869.exe
2009-07-23 14:59 389,120 a------- c:\windows\system32\CF14138.exe
2009-07-23 14:58 389,120 a------- c:\windows\system32\CF13935.exe
2009-07-21 15:54 <DIR> --d----- c:\program files\CCleaner
2009-07-21 15:48 <DIR> --d----- c:\windows\pss
2009-07-19 10:30 <DIR> --d----- c:\program files\common files\DivX Shared
2009-07-18 23:57 <DIR> --d----- C:\tly1
2009-07-03 10:15 <DIR> --d----- c:\program files\Comcast
2009-07-02 16:23 <DIR> --dsh--- c:\documents and settings\admin\IECompatCache
2009-07-02 16:22 <DIR> --dsh--- c:\documents and settings\admin\PrivacIE
2009-07-02 16:20 <DIR> --dsh--- c:\documents and settings\admin\IETldCache
2009-07-02 15:55 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-02 15:54 <DIR> --d----- c:\windows\ie8updates
2009-07-02 15:53 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-02 15:53 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-02 15:33 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-07-02 15:33 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-07-02 15:33 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-07-02 15:33 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-07-02 15:33 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-07-02 15:33 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-07-02 15:33 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-02 15:32 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-02 15:32 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-07-02 15:32 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-02 15:32 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat

==================== Find3M ====================

2009-07-23 22:15 34 a------- c:\documents and settings\admin\jagex_runescape_preferences.dat
2009-05-28 07:38 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 16:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2005-03-17 12:42 32 a--sh--- c:\windows\{CDECCE58-583C-473C-A935-EA8A0E27B8C8}.dat
2005-03-17 12:42 32 a--sh--- c:\windows\system32\{83B80169-5D84-44D0-AC0C-70E15A5DDC4D}.dat

============= FINISH: 9:40:09.78 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/17/2005 12:36:07 PM
System Uptime: 7/25/2009 9:24:34 AM (0 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VX
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 40 GiB total, 6.652 GiB free.
D: is FIXED (NTFS) - 103 GiB total, 16.4 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&35F762C4&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&35F762C4&0
Service: i8042prt

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


32 Bit HP CIO Components Installer
AAC Decoder
Aces High II
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.6
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Advanced GIF Animator 2.22
Agere Systems AC'97 Modem
AOL Instant Messenger
Apple Software Update
ATI Control Panel
ATI Display Driver
AutoUpdate
AviSynth 2.5
Babarosa Gif Animator 3.6 (Remove only)
CCleaner (remove only)
Click to DVD 1.3.01
Codec Pack - All In 1 6.0.2.7
Comcast High-Speed Internet Install Wizard
Create and Print Greeting Cards 1.0
Creative Driver
CuteFTP 7 Home
CuteFTP 7 Professional
CuteHTML
Desktop Doctor
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
DocumentViewerQFolder
Drag'n Drop CD+DVD
DVgate Plus
ERUNT 1.1j
Google Earth
Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Install Network Printer Wizard
HP USB Multimedia Keyboard Driver V1.2
HyperCam 2
ImageMixer for Sony
Insight Broadband QIC Service Activator
Intel(R) PRO Network Adapters and Drivers
Intel® Create & Share® Software
Interactive User’s Guide
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 12
Jasc Animation Shop 3
Java(TM) 6 Update 10
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Managed DirectX (0901)
MARS MR97310 VGA
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Picture It! Express 7.0
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works 7.0
mIRC
MKV Splitter
Move Networks Media Player for Internet Explorer
Movielink eHome version 1.1
Mozilla Firefox (3.0.11)
MSN Internet Software
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Music Visualizer Library 1.4.00
Nero 6 Ultra Edition
NeroMIX
Netscape (7.02)
Norton Internet Security
Norton WMI Update
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.7.00
Operating System Communication Components
Picasa 2
PictureGear Studio 2.0
PokerStars
QFolder
Quicken 2004
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
ShareIns
SonicStage 4.3
Sony Certificate PCH
Sony Download Taxi 1.5.0.0
Sony on Yahoo! Essentials
Sony TV Tuner Library 1.0
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 8
Symantec Network Drivers Update
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
The Battle for Middle-earth (tm)
TMPGEnc DVD Author 1.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO BrightColor Wallpaper
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 4.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Registration
VAIO Support
VAIO Survey Standalone
VAIO System Information
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Welcome to VAIO life
WinAce Archiver
Winamp (remove only)
WinAVI VideoConverter
WinAVIVideoConverter
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Codec
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

7/24/2009 12:10:54 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/21/2009 2:31:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/21/2009 2:31:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/21/2009 2:30:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall Fips i8042prt intelppm SYMTDI
7/21/2009 2:30:48 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
7/21/2009 12:02:22 PM, error: Service Control Manager [7034] - The SymWMI Service service terminated unexpectedly. It has done this 1 time(s).
7/21/2009 12:02:09 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================


Thanks!

Shaba
2009-07-25, 19:11
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

MrMeredith
2009-07-26, 01:07
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, July 25, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, July 25, 2009 18:09:55
Records in database: 2531589
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan statistics:
Files scanned: 94423
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 05:21:20


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\gaopdx961296 Infected: Packed.Win32.Tdss.w 1

The selected area was scanned.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:25 PM, on 7/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehshell.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\DOCUME~1\Admin\LOCALS~1\Temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Comcast Install 1.0; .NET CLR 1.0.3705; Media Center PC 2.8; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Search - ?p=ZJ
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: www.youtube.com
O15 - Trusted Zone: http://www.youtube.com
O15 - Trusted Zone: http://*.youtube.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229573415156
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229573399812
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5612/mcfscan.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14824 bytes

Shaba
2009-07-26, 12:31
Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Still problems?

MrMeredith
2009-07-26, 17:05
Still having some redirecting of web search results. My computer is still freezing randomly (not often, but randomly). My icons on my task bar are still oversized(quick launch and the ones next to the clock). Kaspersky came back with 2 hits but offered no way to remove them so I did nothing with the results except post the log here, should I have done some to remove them? I am now able to download and install spybot and the tea timer runs but I am not able to actually open spybot s&d.

Shaba
2009-07-26, 18:00
"Still having some redirecting of web search results"

In which browser that takes place?

"Kaspersky came back with 2 hits but offered no way to remove them so I did nothing with the results except post the log here, should I have done some to remove them?"

First one doesn't require removal, second one should gone after ATF Cleaner.

"I am now able to download and install spybot and the tea timer runs but I am not able to actually open spybot s&d. "

Then that might not be malware related at all but some other problem.

Shaba
2009-08-02, 10:56
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.