Torpig Trojan, unable to remove

[michealab]

A little while ago my internet provider sent me an Email telling me I have the Torpig virus, and shortly thereafter blocked my internet port untill I could resolve the issue.

I have since gone on to many forums and websites attempting to remove the problem and have gotten no results. I also ran the SPYBOT S&D, Registry mechanic, malwarebytes anti-malware, tune-up utilities registry cleanup, as well as AVG antivirus and Antirootkit. and that also did not solve the issue. Would greatly appreciate any form of feedback.

This is my DDS log

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Asus at 16:18:26 on 2011-07-11
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.3583.2665 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
uStart Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
uSearch Page = hxxp://search.live.com
mDefault_Page_URL = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
mLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
mStart Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
uRun: [SRS Premium Sound] "c:\program files\srs labs\srs premium sound\SRSPremiumSoundBig_Small.exe" /hideme
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [Google Update] "c:\documents and settings\asus\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [MsgTranAgt] c:\program files\asus\atk hotkey\MsgTranAgt.exe
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKHOTKEY] c:\program files\asus\atk hotkey\HControl.exe
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe
mRun: [Power4Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Net4Switch] c:\program files\asus\net4switch\Net4Switch.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.0"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\4.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\asus\startm~1\programs\startup\hottno~1.lnk - c:\program files\hott notes 4\hottnotes.exe
StartupFolder: c:\docume~1\asus\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 141.241.6.4 141.241.107.2
TCP: Interfaces\{BC895CE4-5BA6-4DE0-9FBE-82A647F3E9D7} : DhcpNameServer = 141.241.6.4 141.241.107.2
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: Aspwdflt - c:\program files\asus\asus data security manager\ASPWDFLT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\asus\application data\mozilla\firefox\profiles\53eoowcb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dd1ad0f&i=23&tp=ab&nt=1&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\asus\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-6-27 583640]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\srs labs\srs premium sound\SRS_VolSync.exe [2009-4-7 70880]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-3-4 1523008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-11-16 89856]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-11-16 233128]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 pwdcrhh;pwdcrhh;c:\windows\system32\drivers\hpmke.sys --> c:\windows\system32\drivers\hpmke.sys [?]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2009-11-16 86784]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-16 1684736]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\d:\i386\asprocob.sys --> d:\i386\AsProcOb.sys [?]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2009-11-16 29056]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-8-7 6528]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-4-19 13224]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [2009-11-16 41656]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-4-19 150528]
.
=============== Created Last 30 ================
.
2011-07-11 13:33:34 -------- d-----w- c:\documents and settings\asus\application data\Xfire
2011-07-11 13:33:32 -------- d-s---w- c:\program files\Xfire
2011-07-11 13:15:12 -------- d-----w- c:\documents and settings\asus\application data\My Games
2011-07-04 16:47:10 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-07-04 16:45:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-04 16:45:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-27 09:14:44 -------- d-----w- c:\program files\MSN Toolbar
2011-06-27 09:06:42 -------- d-----w- c:\program files\Bing Bar Installer
2011-06-27 09:06:26 -------- d-----w- c:\program files\Unlocker
2011-06-27 02:12:10 -------- d-----w- c:\documents and settings\asus\application data\Registry Mechanic
2011-06-27 01:08:40 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-06-27 01:08:40 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-06-27 01:08:40 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-06-27 01:08:40 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-06-27 01:08:40 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-06-27 01:08:37 -------- d-----w- c:\program files\common files\PC Tools
2011-06-27 00:51:01 -------- d-----w- c:\program files\WiseFixer
2011-06-27 00:48:00 -------- d-----w- c:\documents and settings\asus\application data\ElevatedDiagnostics
2011-06-26 23:36:14 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-26 23:26:01 -------- d-----w- c:\program files\Bonjour
2011-06-22 16:48:16 -------- d-----w- c:\program files\common files\SpeedBit
2011-06-22 16:48:15 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2011-06-22 16:41:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 16:39:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-22 16:39:42 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-22 16:04:11 388096 ----a-r- c:\documents and settings\asus\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-22 16:04:11 -------- d-----w- c:\program files\Trend Micro
2011-06-22 15:54:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-22 15:54:41 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2011-06-28 01:23:56 44544 ----a-w- c:\windows\system32\agremove.exe
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 10:47:35 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-04-19 10:47:35 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-04-14 20:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
.
============= FINISH: 16:20:05.10 ===============


This is my HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:08:34 PM, on 6/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\DAP\DAP.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jookz.toolbaroptions.com/?tmp...kwbtb04ie&v=15
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://jookz.toolbaroptions.com/?tmp...kwbtb04ie&v=15
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://jookz.toolbaroptions.com/?tmp...kwbtb04ie&v=15
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://jookz.toolbaroptions.com/?tmp...kwbtb04ie&v=15
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://jookz.toolbaroptions.com/?tmp...kwbtb04ie&v=15
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [MsgTranAgt] C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [Power4Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Net4Switch] C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [SRS Premium Sound] "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10m_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Aspwdflt - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14133 bytes


Thank you in advance

http://forums.spybot.info/showthread.php?t=63162

[shelf life]

hi michealab,

Your post is a few days old. If you still need help simply reply back.

[michealab]

Yes, I still require help please.

[shelf life]

ok We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the combofix log.

Other than what your ISP is telling you, are you having and signs of malware? See link below.

Guide to using Combofix

[michealab]

I have benn trying to get combofix to work for the past few days to no avail, it says that it cannot work with AVG, despite the fact that I primarily disabled AVG as the guide instructed, and have now even uninstalled it, but still get the same error saying it cannot function with AVG running.

I have no problems whatsoever other than my ISP's waning about Torpig.

[shelf life]

ok. sometimes a uninstall may be incomplete. AVG makes a tool that you can run that should help. Run the tool, reboot your machine then run combofix. See if that does the trick.
Post the combofix log. You want the first one on the list (2011.1322 32bit)
AVG uninstaller tool

After combofix is finished--> reinstall AVG or some other AV because its something you dont want to be without for long. Some other free choices for AV are;

Avast
MS Security Essentials
Panda Cloud

[michealab]

Right so I finally got Combofix to work thanks to the uninstaller. While I was doing that, I also ran Kaspersky and Dr Webcureit, which found quite a few threats on my computer, so I'm going to attach their reports just in case you want to see them
Here's the combofix log:

ComboFix 11-07-25.02 - Asus 07/25/2011 14:52:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.3583.2909 [GMT 1:00]
Running from: c:\documents and settings\Asus\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ResultUrl
c:\program files\filesubmit
c:\program files\filesubmit\1989\1989.zip
c:\program files\filesubmit\1989\internal-flame-ws.zip
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\program files\Jookz Toolbar
c:\program files\ResultUrl
c:\windows\jestertb.dll
.
Infected copy of c:\windows\system32\autochk.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\autochk.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-25 13:58 . 2011-07-25 13:58 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-07-22 15:22 . 2011-07-22 19:48 -------- d-----w- c:\documents and settings\Asus\DoctorWeb
2011-07-22 15:01 . 2001-08-17 13:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-07-22 15:01 . 2001-08-17 11:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2011-07-22 14:42 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-07-18 20:57 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-18 20:57 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-18 20:57 . 2011-07-18 20:57 -------- d-----w- c:\program files\iPod
2011-07-18 20:57 . 2011-07-18 20:57 -------- d-----w- c:\program files\iTunes
2011-07-18 20:57 . 2011-07-18 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-18 16:47 . 2011-07-18 16:47 -------- d-----w- c:\windows\ServicePackFiles
2011-07-11 13:33 . 2011-07-11 13:33 -------- d-----w- c:\documents and settings\Asus\Application Data\Xfire
2011-07-11 13:33 . 2011-07-11 13:33 -------- d-s---w- c:\program files\Xfire
2011-07-11 13:15 . 2011-07-11 15:44 -------- d-----w- c:\documents and settings\Asus\Application Data\My Games
2011-07-08 15:51 . 2011-07-08 15:51 -------- d--h--r- c:\documents and settings\Asus\Application Data\SecuROM
2011-07-04 16:45 . 2011-07-04 16:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-04 16:43 . 2011-07-04 16:43 -------- d-----w- c:\program files\Common Files\Skype
2011-06-30 11:03 . 2011-06-30 11:03 -------- d-----w- c:\documents and settings\Asus\Application Data\Leadertech
2011-06-27 09:14 . 2011-06-27 09:14 -------- d-----w- c:\program files\MSN Toolbar
2011-06-27 09:14 . 2011-06-27 09:14 -------- d-----w- c:\program files\Microsoft Silverlight
2011-06-27 09:06 . 2011-06-27 09:14 -------- d-----w- c:\program files\Bing Bar Installer
2011-06-27 09:06 . 2011-06-27 09:09 -------- d-----w- c:\program files\Unlocker
2011-06-27 02:12 . 2011-06-27 16:49 -------- d-----w- c:\documents and settings\Asus\Application Data\Registry Mechanic
2011-06-27 01:08 . 2010-08-05 07:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-06-27 01:08 . 2008-09-17 20:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-06-27 01:08 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-06-27 01:08 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-06-27 01:08 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-06-27 01:08 . 2011-06-27 01:08 -------- d-----w- c:\program files\Common Files\PC Tools
2011-06-27 00:51 . 2011-06-27 00:51 -------- d-----w- c:\program files\WiseFixer
2011-06-27 00:48 . 2011-06-27 00:48 -------- d-----w- c:\documents and settings\Asus\Application Data\ElevatedDiagnostics
2011-06-27 00:30 . 2011-07-04 16:45 -------- d-----w- c:\documents and settings\Administrator
2011-06-26 23:36 . 2011-06-26 23:45 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-26 23:26 . 2011-06-26 23:26 -------- d-----w- c:\program files\Apple Software Update
2011-06-26 23:26 . 2011-06-26 23:26 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-25 13:43 . 2010-08-11 17:37 44544 ----a-w- c:\windows\system32\agremove.exe
2011-06-22 16:48 . 2011-06-22 16:48 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2011-06-22 16:41 . 2011-06-22 16:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 16:04 . 2011-06-22 16:04 388096 ----a-r- c:\documents and settings\Asus\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-02 15:31 . 2009-11-16 14:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 02:42 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-13 21:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-22 16:39 . 2011-05-16 23:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 13:38 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3405048]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2011-06-22 2918576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-15 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-15 86016]
"nwiz"="nwiz.exe" [2009-04-15 1657376]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 534528]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-03-20 174648]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-04-17 1593344]
"Power4Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2009-03-03 92728]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Net4Switch"="c:\program files\ASUS\Net4Switch\Net4Switch.exe" [2007-11-20 1145400]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-03-31 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-09-30 851968]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-22 210216]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Asus\Start Menu\Programs\Startup\
hott notes 4.lnk - c:\program files\hott notes 4\hottnotes.exe [2007-5-16 1249280]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-4-6 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Aspwdflt]
2009-02-10 17:03 1556480 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FancyStart daemon.lnk]
backup=c:\windows\pss\FancyStart daemon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Asus^Start Menu^Programs^Startup^CurseClientStartup.ccip]
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Asus^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 00:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-18 16:22 104936 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2011-06-22 16:48 2918576 ----a-w- c:\program files\DAP\DAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 07:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-02-22 07:49 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 12:10 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-02 15:39 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 13:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-06 16:07 1242448 ----a-w- d:\steam\steam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"d:\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"d:\\Assassin's Creed 2\\AssassinsCreedIIGame.exe"=
"d:\\Assassin's Creed 2\\AssassinsCreedII.exe"=
"d:\\Assassin's Creed 2\\UPlayBrowser.exe"=
"d:\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"d:\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Steam\\SteamApps\\phagocyt3\\counter-strike\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Steam\\SteamApps\\common\\assassins creed brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"d:\\League of Legends\\lol.launcher.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\Asus\\Local Settings\\Apps\\2.0\\ZJ0M0XPP.HHH\\4J022H90.OAB\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"56108:TCP"= 56108:TCP:Pando Media Booster
"56108:UDP"= 56108:UDP:Pando Media Booster
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"58755:TCP"= 58755:TCP:Pando Media Booster
"58755:UDP"= 58755:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:Services
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2451:TCP"= 2451:TCP:Services
"3402:TCP"= 3402:TCP:Services
"5126:TCP"= 5126:TCP:Services
"6039:TCP"= 6039:TCP:Services
"5342:TCP"= 5342:TCP:Services
"8009:TCP"= 8009:TCP:Services
"8976:TCP"= 8976:TCP:Services
"4091:TCP"= 4091:TCP:Services
"4777:TCP"= 4777:TCP:Services
"3616:TCP"= 3616:TCP:Services
"5819:TCP"= 5819:TCP:Services
"4272:TCP"= 4272:TCP:Services
"7538:TCP"= 7538:TCP:Services
"3507:TCP"= 3507:TCP:Services
"5635:TCP"= 5635:TCP:Services
"6791:TCP"= 6791:TCP:Services
"4085:TCP"= 4085:TCP:Services
"4553:TCP"= 4553:TCP:Services
"3868:TCP"= 3868:TCP:Services
"2694:TCP"= 2694:TCP:Services
"4819:TCP"= 4819:TCP:Services
"5077:TCP"= 5077:TCP:Services
"5626:TCP"= 5626:TCP:Services
"6727:TCP"= 6727:TCP:Services
"9090:TCP"= 9090:TCP:Services
"7177:TCP"= 7177:TCP:Services
"9943:TCP"= 9943:TCP:Services
"8427:TCP"= 8427:TCP:Services
"2881:TCP"= 2881:TCP:Services
"1849:TCP"= 1849:TCP:Services
"3677:TCP"= 3677:TCP:Services
"5350:TCP"= 5350:TCP:Services
"8942:TCP"= 8942:TCP:Services
"4319:TCP"= 4319:TCP:Services
"6902:TCP"= 6902:TCP:League of Legends Launcher
"6902:UDP"= 6902:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6929:TCP"= 6929:TCP:League of Legends Launcher
"6929:UDP"= 6929:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [6/27/2011 2:08 AM 583640]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [4/7/2009 7:34 AM 70880]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [3/4/2011 5:30 PM 1523008]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [11/16/2009 3:36 PM 89856]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [11/16/2009 3:50 PM 233128]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 4:27 PM 10064]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
RUnknown rpcnetp;rpcnetp; [x]
S0 pwdcrhh;pwdcrhh;c:\windows\system32\drivers\hpmke.sys --> c:\windows\system32\drivers\hpmke.sys [?]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [11/16/2009 5:28 PM 86784]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/16/2009 3:41 PM 1684736]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\d:\i386\AsProcOb.sys --> d:\i386\AsProcOb.sys [?]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [11/16/2009 5:28 PM 29056]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [8/7/2003 1:42 PM 6528]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/19/2011 11:47 AM 13224]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [11/16/2009 3:47 PM 41656]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [4/19/2011 11:42 AM 150528]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RPCNETP
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-1801674531-1003Core.job
- c:\documents and settings\Asus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-26 23:15]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-1801674531-1003UA.job
- c:\documents and settings\Asus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-26 23:15]
.
2011-07-25 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-06-27 07:46]
.
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
uStart Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
mLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
mStart Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Asus\Application Data\Mozilla\Firefox\Profiles\53eoowcb.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e29927b&i=23&tp=ab&nt=1&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-25 15:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\ADSM_PData_0150
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1256)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'lsass.exe'(1812)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'explorer.exe'(1684)
c:\windows\system32\WININET.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\windows\RTHDCPL.EXE
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\rpcnetp.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-25 15:03:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-25 14:03
.
Pre-Run: 72,331,808,768 bytes free
Post-Run: 72,652,451,840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5F3D2A9F7F7679BF2F1ACABBF8AE600E

Thanks again for all your help.

[michealab]

The Kaspersky report was far too big to atach, so I'll just copypaste it if need be

[shelf life]

Ok, We will get another download to use:

Download Mbr.exe to your desktop and double click it to run. It will produce a txt file on your desktop. Please post the file.

We will also use combofix to remove a file.

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad

Code:

File::
c:\windows\system32\drivers\hpmke.sys
Driver::
pwdcrhh

Name the Notepad file CFScript.txt and Save it to your desktop.
Now locate the file you just saved and the combofix icon, both on your desktop.
Using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log.
Please post the new combofix log.

[michealab]

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9500325AS rev.0002SDM1 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK



ComboFix 11-07-25.02 - Asus 07/26/2011 13:50:21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.1.1033.18.3583.3028 [GMT 1:00]
Running from: c:\documents and settings\Asus\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Asus\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\hpmke.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pwdcrhh
.
.
((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-25 14:00 . 2011-07-25 14:00 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2011-07-25 13:58 . 2011-07-26 12:58 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-07-22 15:22 . 2011-07-22 19:48 -------- d-----w- c:\documents and settings\Asus\DoctorWeb
2011-07-22 15:01 . 2001-08-17 13:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-07-22 15:01 . 2001-08-17 11:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2011-07-22 14:42 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-07-18 20:57 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-18 20:57 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-18 20:57 . 2011-07-18 20:57 -------- d-----w- c:\program files\iPod
2011-07-18 20:57 . 2011-07-18 20:57 -------- d-----w- c:\program files\iTunes
2011-07-18 20:57 . 2011-07-18 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-18 16:47 . 2011-07-18 16:47 -------- d-----w- c:\windows\ServicePackFiles
2011-07-11 13:33 . 2011-07-11 13:33 -------- d-----w- c:\documents and settings\Asus\Application Data\Xfire
2011-07-11 13:33 . 2011-07-11 13:33 -------- d-s---w- c:\program files\Xfire
2011-07-11 13:15 . 2011-07-11 15:44 -------- d-----w- c:\documents and settings\Asus\Application Data\My Games
2011-07-08 15:51 . 2011-07-08 15:51 -------- d--h--r- c:\documents and settings\Asus\Application Data\SecuROM
2011-07-04 16:45 . 2011-07-04 16:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-04 16:43 . 2011-07-04 16:43 -------- d-----w- c:\program files\Common Files\Skype
2011-06-30 11:03 . 2011-06-30 11:03 -------- d-----w- c:\documents and settings\Asus\Application Data\Leadertech
2011-06-27 09:14 . 2011-06-27 09:14 -------- d-----w- c:\program files\MSN Toolbar
2011-06-27 09:14 . 2011-06-27 09:14 -------- d-----w- c:\program files\Microsoft Silverlight
2011-06-27 09:06 . 2011-06-27 09:14 -------- d-----w- c:\program files\Bing Bar Installer
2011-06-27 09:06 . 2011-06-27 09:09 -------- d-----w- c:\program files\Unlocker
2011-06-27 02:12 . 2011-06-27 16:49 -------- d-----w- c:\documents and settings\Asus\Application Data\Registry Mechanic
2011-06-27 01:08 . 2010-08-05 07:46 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-06-27 01:08 . 2008-09-17 20:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-06-27 01:08 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-06-27 01:08 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-06-27 01:08 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-06-27 01:08 . 2011-06-27 01:08 -------- d-----w- c:\program files\Common Files\PC Tools
2011-06-27 00:51 . 2011-06-27 00:51 -------- d-----w- c:\program files\WiseFixer
2011-06-27 00:48 . 2011-06-27 00:48 -------- d-----w- c:\documents and settings\Asus\Application Data\ElevatedDiagnostics
2011-06-27 00:30 . 2011-07-04 16:45 -------- d-----w- c:\documents and settings\Administrator
2011-06-26 23:36 . 2011-06-26 23:45 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-26 23:26 . 2011-06-26 23:26 -------- d-----w- c:\program files\Apple Software Update
2011-06-26 23:26 . 2011-06-26 23:26 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-25 13:43 . 2010-08-11 17:37 44544 ----a-w- c:\windows\system32\agremove.exe
2011-06-22 16:48 . 2011-06-22 16:48 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2011-06-22 16:41 . 2011-06-22 16:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 16:04 . 2011-06-22 16:04 388096 ----a-r- c:\documents and settings\Asus\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-02 15:31 . 2009-11-16 14:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 02:42 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-13 21:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-22 16:39 . 2011-05-16 23:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-25_13.59.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-26 13:00 . 2011-07-26 13:00 16384 c:\windows\Temp\Perflib_Perfdata_e88.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 13:38 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-04-07 3405048]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2011-06-22 2918576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-15 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-15 86016]
"nwiz"="nwiz.exe" [2009-04-15 1657376]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 534528]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"MsgTranAgt"="c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe" [2008-08-18 117304]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKHOTKEY"="c:\program files\ASUS\ATK Hotkey\HControl.exe" [2009-03-20 174648]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-04-17 1593344]
"Power4Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2009-03-03 92728]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Net4Switch"="c:\program files\ASUS\Net4Switch\Net4Switch.exe" [2007-11-20 1145400]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-03-31 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-09-30 851968]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-09-24 210216]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-22 210216]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Asus\Start Menu\Programs\Startup\
hott notes 4.lnk - c:\program files\hott notes 4\hottnotes.exe [2007-5-16 1249280]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-4-6 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Aspwdflt]
2009-02-10 17:03 1556480 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FancyStart daemon.lnk]
backup=c:\windows\pss\FancyStart daemon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Asus^Start Menu^Programs^Startup^CurseClientStartup.ccip]
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Asus^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 00:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-18 16:22 104936 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2011-06-22 16:48 2918576 ----a-w- c:\program files\DAP\DAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 07:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2008-02-22 07:49 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 12:10 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2008-04-02 15:39 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 13:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-06 16:07 1242448 ----a-w- d:\steam\steam.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ASUS Camera ScreenSaver"=c:\windows\AsScrProlog.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"d:\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"d:\\Assassin's Creed 2\\AssassinsCreedIIGame.exe"=
"d:\\Assassin's Creed 2\\AssassinsCreedII.exe"=
"d:\\Assassin's Creed 2\\UPlayBrowser.exe"=
"d:\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"d:\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"d:\\Steam\\SteamApps\\phagocyt3\\counter-strike\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\Steam\\SteamApps\\common\\assassins creed brotherhood\\ACBSP.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"d:\\League of Legends\\lol.launcher.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\Asus\\Local Settings\\Apps\\2.0\\ZJ0M0XPP.HHH\\4J022H90.OAB\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"56108:TCP"= 56108:TCP:Pando Media Booster
"56108:UDP"= 56108:UDP:Pando Media Booster
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"58755:TCP"= 58755:TCP:Pando Media Booster
"58755:UDP"= 58755:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:Services
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2451:TCP"= 2451:TCP:Services
"3402:TCP"= 3402:TCP:Services
"5126:TCP"= 5126:TCP:Services
"6039:TCP"= 6039:TCP:Services
"5342:TCP"= 5342:TCP:Services
"8009:TCP"= 8009:TCP:Services
"8976:TCP"= 8976:TCP:Services
"4091:TCP"= 4091:TCP:Services
"4777:TCP"= 4777:TCP:Services
"3616:TCP"= 3616:TCP:Services
"5819:TCP"= 5819:TCP:Services
"4272:TCP"= 4272:TCP:Services
"7538:TCP"= 7538:TCP:Services
"3507:TCP"= 3507:TCP:Services
"5635:TCP"= 5635:TCP:Services
"6791:TCP"= 6791:TCP:Services
"4085:TCP"= 4085:TCP:Services
"4553:TCP"= 4553:TCP:Services
"3868:TCP"= 3868:TCP:Services
"2694:TCP"= 2694:TCP:Services
"4819:TCP"= 4819:TCP:Services
"5077:TCP"= 5077:TCP:Services
"5626:TCP"= 5626:TCP:Services
"6727:TCP"= 6727:TCP:Services
"9090:TCP"= 9090:TCP:Services
"7177:TCP"= 7177:TCP:Services
"9943:TCP"= 9943:TCP:Services
"8427:TCP"= 8427:TCP:Services
"2881:TCP"= 2881:TCP:Services
"1849:TCP"= 1849:TCP:Services
"3677:TCP"= 3677:TCP:Services
"5350:TCP"= 5350:TCP:Services
"8942:TCP"= 8942:TCP:Services
"4319:TCP"= 4319:TCP:Services
"6902:TCP"= 6902:TCP:League of Legends Launcher
"6902:UDP"= 6902:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6929:TCP"= 6929:TCP:League of Legends Launcher
"6929:UDP"= 6929:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [6/27/2011 2:08 AM 583640]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [4/7/2009 7:34 AM 70880]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [3/4/2011 5:30 PM 1523008]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [11/16/2009 3:36 PM 89856]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [11/16/2009 3:50 PM 233128]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 4:27 PM 10064]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
RUnknown rpcnetp;rpcnetp; [x]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [11/16/2009 5:28 PM 86784]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/16/2009 3:41 PM 1684736]
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;\??\d:\i386\AsProcOb.sys --> d:\i386\AsProcOb.sys [?]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [11/16/2009 5:28 PM 29056]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [8/7/2003 1:42 PM 6528]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/19/2011 11:47 AM 13224]
S3 ipswuio;ipswuio;c:\windows\system32\drivers\ipswuio.sys [11/16/2009 3:47 PM 41656]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [4/19/2011 11:42 AM 150528]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-1801674531-1003Core.job
- c:\documents and settings\Asus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-26 23:15]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1450960922-1801674531-1003UA.job
- c:\documents and settings\Asus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-26 23:15]
.
2011-07-26 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-06-27 07:46]
.
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
uStart Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
mLocal Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
mStart Page = hxxp://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 141.241.6.4 141.241.107.2
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Asus\Application Data\Mozilla\Firefox\Profiles\53eoowcb.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e29927b&i=23&tp=ab&nt=1&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 14:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'lsass.exe'(1708)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'explorer.exe'(3552)
c:\windows\system32\WININET.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Elantech\ETDApix.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\rpcnetp.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2011-07-26 14:03:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-26 13:03
ComboFix2.txt 2011-07-25 14:03
.
Pre-Run: 72,600,371,200 bytes free
Post-Run: 72,476,483,584 bytes free
.
- - End Of File - - CD3900D6B8F062F6473405A9E052A221