Task Manager And Regedit.exe Disabled By Malware/Virus

**Douggy_dawg** · 2009-10-19, 05:37

Hey Guys,

OK recently i put a USB into my computer to put files onto my computer. I noticed that the USB file has a folder as an icon instead of a drive. So i reformated it and it went back to normal. All was good for a couple of days. I have recently downloaded MalwareBytes Anti-Malware, Lavasoft Ad-Aware, and have Norton Anti-Virus installed. All of these are up-to-date. I ran full system scans got errors which showed the names of the malware/virus as:
Hijack.TaskMgr and HiJack.RegistryTools. They blocked me from opening regedit.exe from run:/ and also my taskmanager. I downloaded Autorun eater to re-enable my taskmanger and regedit. It found a file called
:2009-10-14 21:02:52 : Suspicious autorun.inf file deleted from (e.
I thought this got rid of it. But 15 seconds later i got the same problem. When i try open task manager i get the error :"Task Manager has been disabled by administration" But i am admin. i downloaded SpyBot S&D and updated it all. It ran a scan and found these:

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2000478354-1425521274-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Microsoft.WindowsSecurityCenter.RegistryTools: [SBI $D60CD1E3] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2000478354-1425521274-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

These are the two files that keep appearing when i scan each time.
There seems to be nothing harming my computer since i removed the autorun.inf file except that it keeps disabling my regedit and task manager. Please help.

Also i can access them when i use auto run eater to fix the problem which then i have about 10 seconds to open them and then the problem comes back but i can still use them until i close them.

Sorry, this is also My Hijack File.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:06 PM, on 10/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Autorun Eater\billy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Owen\Desktop\Utilities\Spyware\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: (no name) - {78D48D53-58D1-4614-B47B-4AA5CEDBF0EA} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1254927297723
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7637 bytes

**Blade81** · 2009-10-20, 18:42

Hi,

Generate an Uninstall List

* Open HijackThis
* Click on Open Misc Tools Section
* Click on Open Uninstall Manager
* Click on Save list
* Save it to your Desktop
* Post it on your next reply.

**Douggy_dawg** · 2009-10-20, 22:39

Thanks Blade81, Heres the log.

@BIOS
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AMD Processor Driver
AML Free Registry Cleaner 4.19
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Autorun Eater v2.4
Belarc Advisor 7.2
Bonjour
Catalyst Control Center - Branding
DMIView B7.0108.01
EasyTune5
Face_Wizard B07.0509.01
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iTunes
Java(TM) 6 Update 16
Join ME
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
Nero Suite
NETGEAR WG111v2 wireless USB 2.0 adapter
Norton Internet Security
NVIDIA Drivers
PowerDVD
QuickTime
Realtek High Definition Audio Driver
RegAlyzer
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Spyware Doctor 6.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951978)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Ventrilo Client
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3

**Blade81** · 2009-10-21, 07:10

Hi,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**Douggy_dawg** · 2009-10-21, 10:39

Heres the ComboFix

ComboFix 09-10-20.03 - Owen 10/21/2009 18:27.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1590 [GMT 10:00]
Running from: c:\documents and settings\Owen\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-19 04:04 . 2009-10-19 04:18 -------- d-----w- c:\documents and settings\Owen\Application Data\Ventrilo
2009-10-19 04:04 . 2009-10-19 04:04 -------- d-----w- c:\program files\Ventrilo
2009-10-19 02:37 . 2009-10-19 02:37 -------- d-----w- c:\documents and settings\Owen\Application Data\Safer Networking
2009-10-19 02:36 . 2009-10-19 02:36 -------- d-----w- c:\program files\Safer Networking
2009-10-18 23:52 . 2001-08-17 03:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-10-18 23:51 . 2001-08-17 03:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2009-10-18 23:50 . 2001-08-17 03:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-10-18 23:49 . 2001-08-17 02:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-10-18 23:48 . 2001-08-17 12:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2009-10-18 23:47 . 2001-08-17 02:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-10-18 23:46 . 2001-08-17 04:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2009-10-18 23:46 . 2001-08-17 02:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-10-18 23:46 . 2001-08-17 04:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-10-18 23:46 . 2001-08-17 02:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-10-18 23:46 . 2001-07-21 04:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-10-18 23:46 . 2001-07-21 04:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-10-18 23:46 . 2001-08-17 02:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-10-18 23:46 . 2001-08-17 12:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-10-18 23:46 . 2001-08-17 02:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-10-18 23:46 . 2001-08-17 03:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-10-18 23:46 . 2001-08-17 03:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-10-18 23:46 . 2001-08-17 03:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-10-18 23:44 . 2001-08-17 12:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2009-10-18 23:43 . 2001-08-17 03:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2009-10-18 23:42 . 2001-08-17 12:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2009-10-18 23:41 . 2001-08-17 12:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2009-10-18 23:40 . 2001-08-17 03:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-10-18 23:40 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-10-18 23:40 . 2001-08-17 03:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-10-18 23:40 . 2001-08-17 02:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-10-18 23:40 . 2001-08-17 02:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-10-18 23:40 . 2001-08-17 02:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-10-18 23:40 . 2004-08-03 12:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-10-18 23:39 . 2001-08-17 02:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2009-10-18 23:39 . 2001-08-17 02:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2009-10-18 23:39 . 2001-08-17 12:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2009-10-18 23:39 . 2001-08-17 03:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2009-10-18 23:39 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-10-18 23:37 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-10-18 23:37 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-10-18 23:37 . 2001-08-17 03:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-10-18 23:37 . 2001-08-17 04:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-10-18 23:37 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2009-10-18 23:36 . 2001-08-17 04:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-10-18 23:36 . 2001-08-17 03:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-10-18 23:36 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-10-18 23:36 . 2001-08-17 03:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-10-18 23:36 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-10-18 23:36 . 2001-08-17 03:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-10-18 23:35 . 2001-08-17 03:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-10-18 23:35 . 2001-08-17 02:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-10-18 23:35 . 2001-08-17 04:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-10-18 23:35 . 2008-04-13 18:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-10-18 23:35 . 2001-08-17 12:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-10-18 23:35 . 2001-08-17 03:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-10-18 23:35 . 2001-08-17 02:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2009-10-18 23:33 . 2001-08-17 02:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2009-10-18 23:33 . 2001-08-17 02:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2009-10-18 23:33 . 2001-08-17 02:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2009-10-18 23:33 . 2001-08-17 03:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2009-10-18 23:33 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-10-18 23:33 . 2001-08-17 02:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2009-10-18 23:33 . 2001-08-17 02:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2009-10-18 23:33 . 2001-08-17 12:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-10-18 23:33 . 2008-04-14 00:11 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2009-10-18 23:33 . 2008-04-14 00:11 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2009-10-18 23:32 . 2001-08-17 12:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-10-18 23:32 . 2001-08-17 12:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-10-18 23:32 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-10-18 23:32 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-10-18 23:30 . 2001-08-17 12:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-10-18 23:30 . 2001-08-17 04:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2009-10-18 23:30 . 2001-08-17 12:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2009-10-18 23:28 . 2001-08-17 03:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2009-10-18 23:27 . 2001-08-17 03:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2009-10-18 23:26 . 2001-08-17 03:51 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2009-10-18 23:25 . 2001-08-17 02:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2009-10-18 23:24 . 2001-08-17 12:36 51200 -c--a-w- c:\windows\system32\dllcache\eqnlogr.exe
2009-10-18 23:23 . 2001-08-17 04:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2009-10-18 23:22 . 2001-08-17 12:36 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll
2009-10-18 23:21 . 2001-08-17 12:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2009-10-18 23:20 . 2001-08-17 03:52 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
2009-10-18 23:19 . 2001-08-17 03:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-10-18 23:18 . 2001-08-17 02:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2009-10-18 23:17 . 2001-08-17 04:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-10-18 23:17 . 2001-08-17 02:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2009-10-18 22:52 . 2008-12-10 22:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-18 22:52 . 2009-08-24 04:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-18 22:52 . 2009-08-19 01:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-18 22:52 . 2009-10-18 23:04 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-18 22:52 . 2008-12-10 01:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-18 22:51 . 2009-10-20 07:52 -------- d-----w- c:\program files\Spyware Doctor
2009-10-18 22:51 . 2009-10-18 22:51 -------- d-----w- c:\documents and settings\Owen\Application Data\PC Tools
2009-10-18 22:51 . 2009-10-18 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-18 22:51 . 2009-10-21 08:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-18 22:44 . 2009-10-18 22:45 -------- d-----w- c:\documents and settings\Owen\Application Data\GetRightToGo
2009-10-18 13:07 . 2009-10-18 13:07 -------- d--h--w- c:\windows\PIF
2009-10-18 12:49 . 2002-01-05 01:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-10-18 12:49 . 2002-01-04 19:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-10-18 12:49 . 2009-10-18 12:49 -------- d-----w- c:\program files\AML Products
2009-10-18 12:49 . 2002-01-04 20:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-10-18 12:39 . 2009-10-18 12:48 -------- d-----w- c:\program files\Registry Convoy 2009
2009-10-18 04:46 . 2009-10-18 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-18 04:46 . 2009-10-18 04:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-18 04:02 . 2009-10-18 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-18 04:02 . 2009-10-18 04:02 -------- d-----w- c:\program files\Lavasoft
2009-10-18 04:02 . 2009-10-19 04:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-18 03:53 . 2009-10-18 03:53 -------- d-----w- c:\documents and settings\Owen\Local Settings\Application Data\Downloaded Installations
2009-10-18 03:10 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-10-18 03:10 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-18 03:08 . 2008-08-15 03:27 105216 ----a-w- c:\windows\system32\drivers\zgwhsmdm.sys
2009-10-18 03:08 . 2008-08-15 03:27 105216 ----a-w- c:\windows\system32\drivers\zgwhsdiag.sys
2009-10-18 03:08 . 2009-10-18 03:12 -------- d-----w- c:\program files\Join ME
2009-10-18 02:35 . 2009-10-18 02:35 -------- d-----w- c:\documents and settings\Owen\Local Settings\Application Data\Ahead
2009-10-18 01:18 . 2009-10-18 01:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-18 00:54 . 2009-10-18 00:54 -------- d-----w- c:\windows\Sun
2009-10-13 10:44 . 2009-10-14 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2009-10-13 10:44 . 2009-10-13 10:44 -------- d-----w- c:\program files\Autorun Eater
2009-10-12 11:46 . 2009-08-26 00:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-10-12 11:46 . 2008-10-12 13:01 -------- d-----w- c:\program files\Symantec
2009-10-12 11:46 . 2008-10-12 13:01 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-12 11:46 . 2008-10-12 13:01 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-12 11:46 . 2008-10-12 11:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-12 11:45 . 2008-10-12 13:13 -------- d-----w- c:\windows\system32\drivers\NIS
2009-10-12 11:45 . 2009-10-12 11:45 -------- d-----w- c:\program files\Norton Internet Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 02:18 . 2009-10-11 02:18 -------- d-----w- c:\program files\iTunes
2009-10-11 02:18 . 2009-10-11 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-11 02:18 . 2009-10-11 02:18 -------- d-----w- c:\program files\iPod
2009-10-11 02:18 . 2009-10-11 02:16 -------- d-----w- c:\program files\Common Files\Apple
2009-10-11 02:18 . 2009-10-11 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-11 02:17 . 2009-10-11 02:17 -------- d-----w- c:\program files\Bonjour
2009-10-11 02:17 . 2009-10-11 02:17 -------- d-----w- c:\program files\QuickTime
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 04:27 . 2008-09-06 04:52 4485632 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-08-14 02:27 . 2008-09-06 04:05 345600 ----a-w- c:\windows\system32\ati2dvag.dll
2009-08-14 02:10 . 2008-09-06 03:56 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-14 02:10 . 2008-09-06 03:56 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-14 02:09 . 2008-09-06 03:56 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-08-14 02:09 . 2008-09-06 03:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-08-14 02:09 . 2008-09-06 03:55 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-08-14 02:08 . 2008-09-06 03:54 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-08-14 02:06 . 2008-09-06 03:52 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-08-14 01:58 . 2008-09-06 03:43 3492576 ----a-w- c:\windows\system32\ati3duag.dll
2009-08-14 01:47 . 2008-09-06 03:09 12959744 ----a-w- c:\windows\system32\atioglxx.dll
2009-08-14 01:42 . 2008-09-06 03:25 2081920 ----a-w- c:\windows\system32\ativvaxx.dll
2009-08-14 01:25 . 2009-08-14 01:25 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-08-14 01:25 . 2008-09-06 03:09 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-14 01:21 . 2008-09-06 03:05 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-08-14 01:21 . 2009-08-14 01:21 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-08-14 01:20 . 2009-08-14 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-08-14 01:19 . 2009-08-14 01:19 3469312 ----a-w- c:\windows\system32\aticaldd.dll
2009-08-14 01:19 . 2008-09-06 03:03 163840 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-14 01:18 . 2008-09-06 03:03 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-08-14 01:17 . 2008-09-06 03:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-08-14 01:17 . 2008-09-06 02:23 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-08-14 01:12 . 2008-09-06 02:56 614400 ----a-w- c:\windows\system32\ati2cqag.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-04 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 06:44 . 2009-07-26 06:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2009-10-10 24576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\Owen\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-10-1 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-10-13 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/19/2009 8:52 AM 206256]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [10/12/2008 11:00 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [10/12/2008 11:00 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [10/12/2008 11:00 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [10/12/2008 11:00 PM 329080]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [10/12/2008 11:00 PM 117640]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [10/13/2008 6:31 PM 194304]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/19/2009 8:51 AM 348824]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [10/18/2009 1:08 PM 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [10/18/2009 1:08 PM 105216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MARKFUN_NT
*Deregistered* - MarkFun_NT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{740D784D-1649-4A6E-AD04-B5810BF4E374}]
rundll32 spars1.dll,laspi
.
Contents of the 'Scheduled Tasks' folder

2009-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
.
- - - - ORPHANS REMOVED - - - -

BHO-{78D48D53-58D1-4614-B47B-4AA5CEDBF0EA} - (no file)
MSConfigStartUp-CTFMON - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 18:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,35,f6,4b,b7,df,b9,4a,b2,6e,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,35,f6,4b,b7,df,b9,4a,b2,6e,df,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\RtlGina2.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3576)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-21 18:32
ComboFix-quarantined-files.txt 2009-10-21 08:32

Pre-Run: 179,668,516,864 bytes free
Post-Run: 179,837,280,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 556D2933C09CD95DC1D4DE84D1AC75A4

*****************************************
And Heres the New HijackFile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:45 PM, on 10/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owen\Desktop\Utilities\Spyware\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: (no name) - {78D48D53-58D1-4614-B47B-4AA5CEDBF0EA} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1254927297723
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6082 bytes

**Blade81** · 2009-10-21, 15:03

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Program Files\LimeWire

Empty Recycle Bin.

After that:

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\documents and settings\Owen\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\windows\system32\spars1.dll
Folder::
c:\program files\Registry Convoy 2009
c:\program files\LimeWire
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{740D784D-1649-4A6E-AD04-B5810BF4E374}]

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Update Malwarebytes' A-M definitions and then run a full scan with it (let it remove findings). Post back the results.

**Douggy_dawg** · 2009-10-22, 10:57

Ok, heres my ComboFix log...
Sorry bout the wait

ComboFix 09-10-20.03 - Owen 10/22/2009 18:33.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1425 [GMT 10:00]
Running from: c:\documents and settings\Owen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owen\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\documents and settings\Owen\Start Menu\Programs\Startup\LimeWire On Startup.lnk"
"c:\windows\system32\spars1.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Registry Convoy 2009
c:\windows\system32\spars1.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-21 21:18 . 2009-10-21 21:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-21 20:56 . 2009-10-22 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-19 04:04 . 2009-10-19 04:18 -------- d-----w- c:\documents and settings\Owen\Application Data\Ventrilo
2009-10-19 04:04 . 2009-10-19 04:04 -------- d-----w- c:\program files\Ventrilo
2009-10-19 02:37 . 2009-10-19 02:37 -------- d-----w- c:\documents and settings\Owen\Application Data\Safer Networking
2009-10-19 02:36 . 2009-10-19 02:36 -------- d-----w- c:\program files\Safer Networking
2009-10-18 23:52 . 2001-08-17 03:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-10-18 23:51 . 2001-08-17 03:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2009-10-18 23:50 . 2001-08-17 03:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2009-10-18 23:49 . 2001-08-17 02:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-10-18 23:48 . 2001-08-17 12:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2009-10-18 23:47 . 2001-08-17 02:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-10-18 23:46 . 2001-08-17 04:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2009-10-18 23:46 . 2001-08-17 02:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2009-10-18 23:46 . 2001-08-17 04:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-10-18 23:46 . 2001-08-17 02:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2009-10-18 23:46 . 2001-07-21 04:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2009-10-18 23:46 . 2001-07-21 04:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2009-10-18 23:46 . 2001-08-17 02:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2009-10-18 23:46 . 2001-08-17 12:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-10-18 23:46 . 2001-08-17 02:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-10-18 23:46 . 2001-08-17 03:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-10-18 23:46 . 2001-08-17 03:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-10-18 23:46 . 2001-08-17 03:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-10-18 23:44 . 2001-08-17 12:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2009-10-18 23:43 . 2001-08-17 03:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2009-10-18 23:42 . 2001-08-17 12:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2009-10-18 23:41 . 2001-08-17 12:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2009-10-18 23:40 . 2001-08-17 03:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-10-18 23:40 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-10-18 23:40 . 2001-08-17 03:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-10-18 23:40 . 2001-08-17 02:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-10-18 23:40 . 2001-08-17 02:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-10-18 23:40 . 2001-08-17 02:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-10-18 23:40 . 2004-08-03 12:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-10-18 23:39 . 2001-08-17 02:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2009-10-18 23:39 . 2001-08-17 02:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2009-10-18 23:39 . 2001-08-17 12:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2009-10-18 23:39 . 2001-08-17 03:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2009-10-18 23:39 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-10-18 23:37 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-10-18 23:37 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-10-18 23:37 . 2001-08-17 03:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2009-10-18 23:37 . 2001-08-17 04:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-10-18 23:37 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2009-10-18 23:36 . 2001-08-17 04:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-10-18 23:36 . 2001-08-17 03:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2009-10-18 23:36 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-10-18 23:36 . 2001-08-17 03:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-10-18 23:36 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-10-18 23:36 . 2001-08-17 03:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-10-18 23:35 . 2001-08-17 03:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2009-10-18 23:35 . 2001-08-17 02:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-10-18 23:35 . 2001-08-17 04:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2009-10-18 23:35 . 2008-04-13 18:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2009-10-18 23:35 . 2001-08-17 12:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2009-10-18 23:35 . 2001-08-17 03:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-10-18 23:35 . 2001-08-17 02:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2009-10-18 23:33 . 2001-08-17 02:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2009-10-18 23:33 . 2001-08-17 02:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2009-10-18 23:33 . 2001-08-17 02:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2009-10-18 23:33 . 2001-08-17 03:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2009-10-18 23:33 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2009-10-18 23:33 . 2001-08-17 02:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2009-10-18 23:33 . 2001-08-17 02:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2009-10-18 23:33 . 2001-08-17 12:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2009-10-18 23:33 . 2008-04-14 00:11 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2009-10-18 23:33 . 2008-04-14 00:11 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2009-10-18 23:32 . 2001-08-17 12:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-10-18 23:32 . 2001-08-17 12:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-10-18 23:32 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-10-18 23:32 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-10-18 23:30 . 2001-08-17 12:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-10-18 23:30 . 2001-08-17 04:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2009-10-18 23:30 . 2001-08-17 12:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2009-10-18 23:28 . 2001-08-17 03:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2009-10-18 23:27 . 2001-08-17 03:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2009-10-18 23:26 . 2001-08-17 03:51 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2009-10-18 23:25 . 2001-08-17 02:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2009-10-18 23:24 . 2001-08-17 12:36 51200 -c--a-w- c:\windows\system32\dllcache\eqnlogr.exe
2009-10-18 23:23 . 2001-08-17 04:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2009-10-18 23:22 . 2001-08-17 12:36 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll
2009-10-18 23:21 . 2001-08-17 12:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2009-10-18 23:20 . 2001-08-17 03:52 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
2009-10-18 23:19 . 2001-08-17 03:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-10-18 23:18 . 2001-08-17 02:49 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2009-10-18 23:17 . 2001-08-17 04:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-10-18 23:17 . 2001-08-17 02:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2009-10-18 22:52 . 2008-12-10 22:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-18 22:52 . 2009-08-24 04:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-18 22:52 . 2009-08-19 01:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-18 22:52 . 2009-10-18 23:04 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-18 22:52 . 2008-12-10 01:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-18 22:51 . 2009-10-20 07:52 -------- d-----w- c:\program files\Spyware Doctor
2009-10-18 22:51 . 2009-10-18 22:51 -------- d-----w- c:\documents and settings\Owen\Application Data\PC Tools
2009-10-18 22:51 . 2009-10-18 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-18 22:51 . 2009-10-21 08:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-18 22:44 . 2009-10-18 22:45 -------- d-----w- c:\documents and settings\Owen\Application Data\GetRightToGo
2009-10-18 13:07 . 2009-10-18 13:07 -------- d--h--w- c:\windows\PIF
2009-10-18 12:49 . 2002-01-05 01:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-10-18 12:49 . 2002-01-04 19:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-10-18 12:49 . 2009-10-18 12:49 -------- d-----w- c:\program files\AML Products
2009-10-18 12:49 . 2002-01-04 20:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-10-18 04:46 . 2009-10-18 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-18 04:46 . 2009-10-18 04:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-18 04:02 . 2009-10-18 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-18 04:02 . 2009-10-18 04:02 -------- d-----w- c:\program files\Lavasoft
2009-10-18 04:02 . 2009-10-19 04:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-18 03:53 . 2009-10-18 03:53 -------- d-----w- c:\documents and settings\Owen\Local Settings\Application Data\Downloaded Installations
2009-10-18 03:10 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-10-18 03:10 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-18 03:08 . 2008-08-15 03:27 105216 ----a-w- c:\windows\system32\drivers\zgwhsmdm.sys
2009-10-18 03:08 . 2008-08-15 03:27 105216 ----a-w- c:\windows\system32\drivers\zgwhsdiag.sys
2009-10-18 03:08 . 2009-10-18 03:12 -------- d-----w- c:\program files\Join ME
2009-10-18 02:35 . 2009-10-18 02:35 -------- d-----w- c:\documents and settings\Owen\Local Settings\Application Data\Ahead
2009-10-18 01:18 . 2009-10-18 01:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-18 00:54 . 2009-10-18 00:54 -------- d-----w- c:\windows\Sun
2009-10-13 10:44 . 2009-10-14 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2009-10-13 10:44 . 2009-10-13 10:44 -------- d-----w- c:\program files\Autorun Eater
2009-10-12 11:46 . 2009-08-26 00:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-10-12 11:46 . 2008-10-12 13:01 -------- d-----w- c:\program files\Symantec
2009-10-12 11:46 . 2008-10-12 13:01 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-12 11:46 . 2008-10-12 13:01 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-12 11:46 . 2008-10-12 11:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-12 11:45 . 2008-10-12 13:13 -------- d-----w- c:\windows\system32\drivers\NIS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 02:18 . 2009-10-11 02:18 -------- d-----w- c:\program files\iTunes
2009-10-11 02:18 . 2009-10-11 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-11 02:18 . 2009-10-11 02:18 -------- d-----w- c:\program files\iPod
2009-10-11 02:18 . 2009-10-11 02:16 -------- d-----w- c:\program files\Common Files\Apple
2009-10-11 02:18 . 2009-10-11 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-11 02:17 . 2009-10-11 02:17 -------- d-----w- c:\program files\Bonjour
2009-10-11 02:17 . 2009-10-11 02:17 -------- d-----w- c:\program files\QuickTime
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 04:27 . 2008-09-06 04:52 4485632 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-08-14 02:27 . 2008-09-06 04:05 345600 ----a-w- c:\windows\system32\ati2dvag.dll
2009-08-14 02:10 . 2008-09-06 03:56 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-14 02:10 . 2008-09-06 03:56 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-14 02:09 . 2008-09-06 03:56 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-08-14 02:09 . 2008-09-06 03:56 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-08-14 02:09 . 2008-09-06 03:55 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-08-14 02:08 . 2008-09-06 03:54 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-08-14 02:06 . 2008-09-06 03:52 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-08-14 01:58 . 2008-09-06 03:43 3492576 ----a-w- c:\windows\system32\ati3duag.dll
2009-08-14 01:47 . 2008-09-06 03:09 12959744 ----a-w- c:\windows\system32\atioglxx.dll
2009-08-14 01:42 . 2008-09-06 03:25 2081920 ----a-w- c:\windows\system32\ativvaxx.dll
2009-08-14 01:25 . 2009-08-14 01:25 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-08-14 01:25 . 2008-09-06 03:09 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-14 01:21 . 2008-09-06 03:05 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-08-14 01:21 . 2009-08-14 01:21 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-08-14 01:20 . 2009-08-14 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-08-14 01:19 . 2009-08-14 01:19 3469312 ----a-w- c:\windows\system32\aticaldd.dll
2009-08-14 01:19 . 2008-09-06 03:03 163840 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-14 01:18 . 2008-09-06 03:03 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-08-14 01:17 . 2008-09-06 03:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-08-14 01:17 . 2008-09-06 02:23 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-08-14 01:12 . 2008-09-06 02:56 614400 ----a-w- c:\windows\system32\ati2cqag.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-08-04 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 06:44 . 2009-07-26 06:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-21_08.31.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-22 07:15 . 2009-10-22 07:15 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_730.dat
+ 2009-10-22 07:15 . 2009-10-22 07:15 16384 c:\windows\Temp\Perflib_Perfdata_494.dat
+ 2009-10-21 21:18 . 2009-10-21 21:18 21504 c:\windows\Installer\190e38.msi
+ 2009-10-21 21:18 . 2009-10-21 21:18 27648 c:\windows\Installer\190e33.msi
+ 2009-10-21 21:28 . 2009-10-21 21:28 3940352 c:\windows\Installer\190e3d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2009-10-10 24576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2008-10-13 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/19/2009 8:52 AM 206256]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [10/12/2008 11:00 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [10/12/2008 11:00 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [10/12/2008 11:00 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [10/12/2008 11:00 PM 329080]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [10/12/2008 11:00 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/21/2009 6:23 PM 102448]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [10/13/2008 6:31 PM 194304]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/19/2009 8:51 AM 348824]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [10/18/2009 1:08 PM 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [10/18/2009 1:08 PM 105216]

--- Other Services/Drivers In Memory ---

*Deregistered* - MarkFun_NT
.
Contents of the 'Scheduled Tasks' folder

2009-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
.
- - - - ORPHANS REMOVED - - - -

BHO-{78D48D53-58D1-4614-B47B-4AA5CEDBF0EA} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 18:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,35,f6,4b,b7,df,b9,4a,b2,6e,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,35,f6,4b,b7,df,b9,4a,b2,6e,df,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\windows\system32\RtlGina2.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-10-22 18:38
ComboFix-quarantined-files.txt 2009-10-22 08:38
ComboFix2.txt 2009-10-21 08:32

Pre-Run: 179,529,711,616 bytes free
Post-Run: 179,483,717,632 bytes free

- - End Of File - - 63BDAA5FCD735C32DD128D86BB99038B

**Douggy_dawg** · 2009-10-22, 11:21

And Here's my Malware Log. it appears the virus has dissapeared. i can now use the task manager and run regedit. Im going to restart the computer to confirm this.

Malwarebytes' Anti-Malware 1.41
Database version: 3006
Windows 5.1.2600 Service Pack 3

10/22/2009 7:20:25 PM
mbam-log-2009-10-22 (19-20-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 146095
Time elapsed: 39 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**Douggy_dawg** · 2009-10-22, 11:42

THANK YOU SO MUCH!!!!

I ran all scans with anti-malware and Spybot S&D and all results came back clean. I can now access Task manager and Regedit.exe. I have one problem though, ive noticed since ive had the virus, that my start-up has slowed... When i log in, the computer loads the screen and i can see my desktop with all the folders, and it loads the programs. THen about 20 seconds afterwards it plays the background log-in sound. Is there anything i can do to fix this problem?

Thank-you so much for your help. You guys have given me good and easy support to follow. Ill recommend you to friends/family next time a problem arises. Cheers Blade18.

**Blade81** · 2009-10-22, 15:00

Hi,

Have you installed much new software while trying to get rid of the infection? I see that a few program has pretty fresh timestamp there. If there's too much protection software installed then that may slow startup down too. As a thumb of rule it's recommended to have one antivirus and firewall installed + one or two antispyware protection programs.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK

Please download OTC and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

hosts file:
- Every version of windows has a hosts file as part of them.
- In a very basic sense, they are used to locate webpages.
- We can customize a hosts file so that it blocks certain webpages.
- However, it can slow down certain computers.
- This is why using a hosts file is optional!!
Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
2. Click the start button (at the lower left hand corner of your screen)
3. Click run
4. In the dialog box, type services.msc
5. hit enter, then locate dns client
6. Highlight it, then double-click it.
7. On the dropdown box, change the setting from automatic to manual.
8. Click ok
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

Thread: Task Manager And Regedit.exe Disabled By Malware/Virus

Thread Tools

Display

Task Manager And Regedit.exe Disabled By Malware/Virus

Posting Permissions