Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zlob.dnschanger


  • This topic is locked This topic is locked
49 replies to this topic

#1 varney2613

varney2613

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:10:01 PM

Posted 23 November 2008 - 06:06 PM

I have been trying to get rid of zlob.dnschanger and I don't know what to do. Every time i run S&D it detects it and then removes it. When I run it again it comes back. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:18 PM, on 4/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Joseph\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Player Codec - {54202673-BD70-423C-AE57-5B2354567629} -

C:\Windows\dsaip32b.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program

Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program

Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program

Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -

c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch

Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP

Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless

Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless

Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05

\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVDtoiPodConverter_upgrade] "C:\Program Files\E-

Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" /upgrade
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software

Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Joseph\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program

Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3

\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} -

http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E}

- http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program

Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec

Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program

Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common

Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-

Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program

Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program

Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -

C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-

LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32

\DRIVERS\xaudio.exe

--
End of file - 9411 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 29 November 2008 - 07:29 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...

Please open Notepad >> Go to Format tab >> untick Word Wrap


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



NEXT


Download DDS and save it to your desktop.

Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
-----------------------------------------------------

Please include the following logs in your thread:
  • Contents of the DDS.txt posted as text in your reply
  • Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.


Please post these logs in your next reply..

1. Malwarebytes'
2. DDS.txt
3. Attach.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 varney2613

varney2613
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:10:01 PM

Posted 29 November 2008 - 05:47 PM

Malwarebytes' Anti-Malware 1.30
Database version: 1434
Windows 6.0.6001 Service Pack 1

11/29/2008 4:22:20 PM
mbam-log-2008-11-29 (16-22-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 205968
Time elapsed: 1 hour(s), 59 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2e08b751-9bd8-47c1-969d-9bc3c2ed5699}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2e08b751-9bd8-47c1-969d-9bc3c2ed5699}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2e08b751-9bd8-47c1-969d-9bc3c2ed5699}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.135 85.255.112.131 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\$RECYCLE.BIN\S-1-5-21-491152621-1190200472-4122381296-1000\$RE4FY2C\Adobe Dreamweaver CS3 + 150 Dreamweaver Templates\Keygens\Adobe Dreamweaver CS3 Kg SSG.exe (Trojan.Crax) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.











DDS (Version 1.0) - NTFSx86
Run by Joseph at 16:43:58.18 on Sat 11/29/2008
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1090 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Joseph\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Joseph\Documents\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BitTorrent DNA] "c:\users\joseph\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [DVDtoiPodConverter_upgrade] "c:\program files\e-zsoft\dvdtoipodconverter\DVDtoiPodConverter.exe" /upgrade
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\joseph\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-23 97928]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\cyberlink\powerdvd\000.fcl [2007-11-2 41456]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-23 231704]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R2 vmci;VMware vmci;\??\c:\windows\system32\drivers\vmci.sys [2008-10-28 54960]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-15 29192]

=============== Created Last 30 ================

2008-11-29 12:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-29 12:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-29 12:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 22:44 <DIR> --d----- c:\programdata\Macromedia
2008-11-28 22:43 <DIR> --d----- c:\program files\Macromedia
2008-11-28 22:43 <DIR> --d----- c:\program files\common files\Macromedia
2008-11-26 16:14 <DIR> --d----- c:\program files\VideoTagger_Free_2008
2008-11-26 00:15 <DIR> --d----- c:\program files\iPod
2008-11-26 00:15 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 00:15 <DIR> --d----- c:\program files\iTunes
2008-11-26 00:15 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 19:57 55,856 a------- c:\windows\system32\vnetinst.dll
2008-11-24 19:57 16,560 a------- c:\windows\system32\drivers\vmnetadapter.sys
2008-11-24 19:57 326,192 a------- c:\windows\system32\vmnetdhcp.exe
2008-11-24 19:57 399,920 a------- c:\windows\system32\vmnat.exe
2008-11-24 19:57 26,288 a------- c:\windows\system32\drivers\vmnetuserif.sys
2008-11-24 19:57 50,736 a----r-- c:\windows\system32\vmnetbridge.dll
2008-11-24 19:57 31,280 a----r-- c:\windows\system32\drivers\vmnetbridge.sys
2008-11-24 19:57 18,736 a----r-- c:\windows\system32\drivers\vmnet.sys
2008-11-24 19:56 723,504 a------- c:\windows\system32\vnetlib.dll
2008-11-24 19:56 23,216 a------- c:\windows\system32\drivers\VMkbd.sys
2008-11-24 19:56 1,024 a------- C:\.rnd
2008-11-24 19:55 <DIR> --d----- c:\programdata\VMware
2008-11-24 19:55 <DIR> --d----- c:\program files\VMware
2008-11-17 18:51 <DIR> --d----- c:\users\joseph\appdata\roaming\Final Draft
2008-11-17 18:50 <DIR> --d----- c:\program files\Final Draft 6
2008-11-16 17:42 <DIR> --d----- c:\users\joseph\appdata\roaming\Malwarebytes
2008-11-16 17:42 <DIR> --d----- c:\programdata\Malwarebytes
2008-11-16 17:42 <DIR> --d----- c:\progra~2\Malwarebytes
2008-11-16 17:33 <DIR> --d----- C:\fixwareout
2008-11-16 16:24 82,944 a------- c:\windows\system32\o4Patch.exe
2008-11-16 16:24 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-11-16 16:24 82,432 a------- c:\windows\system32\404Fix.exe
2008-11-15 00:41 29,192 a------- c:\windows\system32\drivers\ndisprot.sys
2008-11-11 17:18 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-11 17:18 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-11-11 17:18 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-11-07 20:55 <DIR> --d----- c:\program files\SilverCreekCommonFiles
2008-11-07 20:55 <DIR> --d----- c:\program files\Ruckus Buck's Dangerous Mines
2008-11-04 17:48 172,032 a------- c:\windows\system32\rixdicon.dll
2008-11-04 17:48 45,568 a------- c:\windows\system32\drivers\rimmptsk.sys
2008-11-04 17:48 43,008 a------- c:\windows\system32\drivers\rimsptsk.sys
2008-11-04 17:48 38,400 a------- c:\windows\system32\drivers\rixdptsk.sys
2008-11-04 10:30 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2008-11-29 16:40 <DIR> --d----- c:\users\joseph\appdata\roaming\DNA
2008-11-29 01:26 <DIR> --d----- c:\users\joseph\appdata\roaming\BitTorrent
2008-11-28 17:36 <DIR> --d----- c:\progra~2\avg8
2008-11-24 19:17 <DIR> --d----- c:\program files\Free Video Converter
2008-11-17 18:50 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-16 18:02 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-16 18:02 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-16 18:02 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-11-16 16:28 6,096 a------- c:\windows\system32\tmp.reg
2008-10-29 19:12 <DIR> --d----- c:\users\joseph\appdata\roaming\fretsonfire
2008-10-29 19:08 <DIR> --d----- c:\program files\Frets on Fire
2008-10-29 18:54 <DIR> --d----- c:\program files\Search Settings
2008-10-29 18:48 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2008-10-29 18:47 <DIR> --d----- c:\program files\DVDVideoSoft
2008-10-28 18:45 248,368 a------- c:\windows\system32\vmnc.dll
2008-10-27 14:57 <DIR> --d----- c:\users\joseph\appdata\roaming\Instantbird
2008-10-22 16:13 <DIR> --d----- c:\users\joseph\appdata\roaming\Wireshark
2008-10-22 16:03 <DIR> --d----- c:\program files\Wireshark
2008-10-07 17:41 <DIR> --d----- c:\program files\BitTorrent
2008-10-07 16:24 <DIR> --d----- c:\users\joseph\appdata\roaming\Acoustica
2008-10-07 16:19 <DIR> --d----- c:\progra~2\Acoustica
2008-10-01 21:49 827,392 a------- c:\windows\system32\wininet.dll
2008-10-01 18:29 <DIR> --d----- c:\program files\Replay Media Catcher
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-27 14:23 <DIR> --d----- c:\users\joseph\appdata\roaming\Amazon
2008-09-17 23:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-17 23:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-17 22:56 125,952 a------- c:\windows\system32\wersvc.dll
2008-09-17 22:56 147,456 a------- c:\windows\system32\Faultrep.dll
2008-09-17 20:16 2,032,640 a------- c:\windows\system32\win32k.sys
2008-09-15 18:41 <DIR> --d----- c:\users\joseph\appdata\roaming\.purple
2008-09-02 21:59 468,992 a------- c:\windows\system32\newdev.dll
2008-09-02 21:58 74,752 a------- c:\windows\system32\newdev.exe
2008-08-12 16:42 <DIR> --d----- c:\users\joseph\appdata\roaming\Qtrax2
2008-07-31 23:37 <DIR> --d----- c:\users\joseph\appdata\roaming\Publish Providers
2008-07-31 23:36 <DIR> --d----- c:\users\joseph\appdata\roaming\Sony
2008-07-12 20:52 <DIR> --d----- c:\users\joseph\appdata\roaming\SharePod
2008-07-06 10:48 <DIR> --d----- c:\progra~2\Viewpoint
2008-07-03 17:34 <DIR> --d----- c:\users\joseph\appdata\roaming\GARMIN
2008-06-26 16:35 <DIR> --d----- c:\users\joseph\appdata\roaming\PC Suite
2008-06-23 20:55 <DIR> --d----- c:\progra~2\Symantec
2008-06-08 14:04 <DIR> --d----- c:\users\joseph\appdata\roaming\Nokia
2008-06-08 13:13 <DIR> --d----- c:\progra~2\PC Suite
2008-06-08 12:53 <DIR> --d----- c:\progra~2\Installations
2008-05-22 15:09 <DIR> --d----- c:\progra~2\NCH Swift Sound
2008-05-22 15:09 <DIR> --d----- c:\users\joseph\appdata\roaming\NCH Swift Sound
2008-05-14 15:48 <DIR> --d----- c:\users\joseph\appdata\roaming\App Launcher Gadget
2008-04-01 16:36 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2008-04-01 16:36 <DIR> --d----- c:\users\joseph\appdata\roaming\SUPERAntiSpyware.com
2008-03-31 16:01 <DIR> --d----- c:\progra~2\Lavasoft
2008-03-23 04:34 <DIR> --d----- c:\users\joseph\appdata\roaming\Vso
2008-02-28 19:07 <DIR> --d----- c:\users\joseph\appdata\roaming\LimeWire
2008-02-06 18:45 <DIR> --d----- c:\users\joseph\appdata\roaming\AVSMedia
2008-02-06 18:45 <DIR> --d----- c:\progra~2\AVS4YOU
2008-02-05 19:07 <DIR> --d----- c:\users\joseph\appdata\roaming\Download Manager
2008-01-30 15:55 <DIR> --d----- c:\users\joseph\appdata\roaming\Qtrax1
2008-01-30 15:54 <DIR> --d----- c:\progra~2\SongbirdVLC
2008-01-25 18:37 <DIR> --d----- c:\progra~2\WildTangent
2008-01-24 21:09 <DIR> --d----- c:\progra~2\Electronic Arts
2007-12-22 06:46 <DIR> --d----- c:\progra~2\Atheros

============= FINISH: 16:44:32.37 ===============

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 29 November 2008 - 07:12 PM

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.



Also tell me, how is your computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 varney2613

varney2613
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:10:01 PM

Posted 29 November 2008 - 07:19 PM

I tried to do that but when I do I get the message:

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.
You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Failed to resolve source DNS name]


I did what it said and I get the same message every time I try to run it.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 29 November 2008 - 07:25 PM

Hello, are you behind a router?.. If yes, please reset your router and then do below.. Refer below webpage on how to reset your router..

http://www.ehow.com/how_2110924_router-bac...t-settings.html


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Post me ESET Online report in your next reply..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 varney2613

varney2613
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:10:01 PM

Posted 29 November 2008 - 07:44 PM

I did everything you said, but the same thing happened again. It all went great until it went to update, where it failed. In the past week, programs such as AVG, S&D, SUPERAntiSpyware, and Ad-Aware have been unable to update.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 29 November 2008 - 07:58 PM

Please post a fresh HijackThis log :thumbsup:

Edited by fenzodahl512, 29 November 2008 - 07:59 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 varney2613

varney2613
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:10:01 PM

Posted 29 November 2008 - 08:03 PM

Alright here is a fresh HijackThis log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:18 PM, on 4/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Joseph\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Player Codec - {54202673-BD70-423C-AE57-5B2354567629} - C:\Windows\dsaip32b.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVDtoiPodConverter_upgrade] "C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" /upgrade
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Joseph\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9411 bytes

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 29 November 2008 - 08:10 PM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 varney2613

varney2613
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:10:01 PM

Posted 29 November 2008 - 09:11 PM

When I did a system scan only neither

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

came up. Should I just continue with what you said the rest of what you said?

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 29 November 2008 - 09:12 PM

yup.. continue with ComboFix step please :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 varney2613

varney2613
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:10:01 PM

Posted 29 November 2008 - 09:38 PM

ComboFix 08-11-29.03 - Joseph 2008-11-29 20:26:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.962 [GMT -6:00]
Running from: c:\users\Joseph\Documents\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Joseph\AppData\Roaming\inst.exe
c:\windows\system32\KBL.LOG
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-29 18:46 . 2008-11-29 18:49 <DIR> d-------- c:\users\Joseph\AppData\Roaming\BitTorrent
2008-11-29 18:41 . 2008-11-29 18:41 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-29 18:39 . 2008-11-29 18:39 <DIR> d-------- C:\nup
2008-11-29 18:02 . 2008-11-29 18:51 118,784 --a------ c:\windows\System32\baloon.exe
2008-11-29 12:23 . 2008-11-29 12:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 12:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-29 12:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-28 22:44 . 2008-11-28 22:44 <DIR> d-------- c:\users\All Users\Macromedia
2008-11-28 22:43 . 2008-11-28 22:44 <DIR> d-------- c:\program files\Macromedia
2008-11-28 22:43 . 2008-11-28 22:46 <DIR> d-------- c:\program files\Common Files\Macromedia
2008-11-26 16:14 . 2008-11-26 16:15 <DIR> d-------- c:\program files\VideoTagger_Free_2008
2008-11-26 00:15 . 2008-11-26 00:15 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 00:15 . 2008-11-26 00:15 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 00:15 . 2008-11-26 00:15 <DIR> d-------- c:\program files\iTunes
2008-11-26 00:15 . 2008-11-26 00:15 <DIR> d-------- c:\program files\iPod
2008-11-26 00:13 . 2008-11-26 00:14 <DIR> d-------- c:\program files\QuickTime
2008-11-24 20:02 . 2008-11-24 20:02 <DIR> d-------- c:\users\Joseph\AppData\Roaming\VMware
2008-11-24 19:57 . 2008-10-28 23:00 399,920 --a------ c:\windows\System32\vmnat.exe
2008-11-24 19:57 . 2008-10-28 23:01 326,192 --a------ c:\windows\System32\vmnetdhcp.exe
2008-11-24 19:57 . 2008-10-28 17:03 55,856 --a------ c:\windows\System32\vnetinst.dll
2008-11-24 19:57 . 2008-10-28 17:03 50,736 -ra------ c:\windows\System32\vmnetbridge.dll
2008-11-24 19:57 . 2008-10-28 17:03 31,280 -ra------ c:\windows\System32\drivers\vmnetbridge.sys
2008-11-24 19:57 . 2008-10-28 23:01 26,288 --a------ c:\windows\System32\drivers\vmnetuserif.sys
2008-11-24 19:57 . 2008-10-28 17:03 18,736 -ra------ c:\windows\System32\drivers\vmnet.sys
2008-11-24 19:57 . 2008-10-28 17:03 16,560 --a------ c:\windows\System32\drivers\vmnetadapter.sys
2008-11-24 19:56 . 2008-10-28 23:00 723,504 --a------ c:\windows\System32\vnetlib.dll
2008-11-24 19:56 . 2008-10-28 23:01 23,216 --a------ c:\windows\System32\drivers\VMkbd.sys
2008-11-24 19:56 . 2008-11-24 19:56 1,024 --a------ C:\.rnd
2008-11-24 19:55 . 2008-11-29 18:55 <DIR> d-------- c:\users\All Users\VMware
2008-11-24 19:55 . 2008-11-29 18:55 <DIR> d-------- c:\programdata\VMware
2008-11-24 19:55 . 2008-11-24 19:55 <DIR> d-------- c:\program files\VMware
2008-11-17 18:51 . 2008-11-17 18:51 <DIR> d-------- c:\users\Joseph\AppData\Roaming\Final Draft
2008-11-17 18:50 . 2008-11-17 18:53 <DIR> d-------- c:\program files\Final Draft 6
2008-11-16 17:42 . 2008-11-16 17:42 <DIR> d-------- c:\users\Joseph\AppData\Roaming\Malwarebytes
2008-11-16 17:42 . 2008-11-16 17:42 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-16 17:42 . 2008-11-16 17:42 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-16 17:33 . 2008-11-16 17:33 <DIR> d-------- C:\fixwareout
2008-11-16 16:24 . 2008-10-10 07:58 82,944 --a------ c:\windows\System32\o4Patch.exe
2008-11-16 16:24 . 2008-10-10 07:58 82,944 --a------ c:\windows\System32\IEDFix.C.exe
2008-11-16 16:24 . 2008-08-18 11:19 82,432 --a------ c:\windows\System32\404Fix.exe
2008-11-15 00:41 . 2008-11-15 00:41 29,192 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-11 17:18 . 2008-09-09 21:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 17:18 . 2008-09-04 23:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 17:18 . 2008-08-26 19:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-07 20:55 . 2008-11-07 20:55 <DIR> d-------- c:\program files\SilverCreekCommonFiles
2008-11-07 20:55 . 2008-11-17 20:18 <DIR> d-------- c:\program files\Ruckus Buck's Dangerous Mines
2008-11-04 17:48 . 2007-07-25 12:48 172,032 --a------ c:\windows\System32\rixdicon.dll
2008-11-04 17:48 . 2007-08-08 20:42 45,568 --a------ c:\windows\System32\drivers\rimmptsk.sys
2008-11-04 17:48 . 2007-07-30 10:42 43,008 --a------ c:\windows\System32\drivers\rimsptsk.sys
2008-11-04 17:48 . 2007-07-30 11:54 38,400 --a------ c:\windows\System32\drivers\rixdptsk.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-10-29 19:08 . 2008-10-29 19:12 <DIR> d-------- c:\users\Joseph\AppData\Roaming\fretsonfire
2008-10-29 19:08 . 2008-10-29 19:08 <DIR> d-------- c:\program files\Frets on Fire
2008-10-29 18:54 . 2008-10-29 18:54 <DIR> d-------- c:\program files\Search Settings
2008-10-28 23:01 . 2008-10-28 23:01 857,392 --a------ c:\windows\System32\drivers\vmx86.sys
2008-10-28 23:01 . 2008-10-28 23:01 54,960 --a------ c:\windows\System32\drivers\vmci.sys
2008-10-28 23:01 . 2008-10-28 23:01 32,304 --a------ c:\windows\System32\drivers\hcmon.sys
2008-10-28 18:45 . 2008-10-28 18:45 248,368 --a------ c:\windows\System32\vmnc.dll
2008-10-28 15:00 . 2008-08-05 03:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-28 15:00 . 2008-08-05 03:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-28 15:00 . 2008-08-05 03:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-28 15:00 . 2008-08-05 03:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-28 15:00 . 2008-08-05 03:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-28 14:35 . 2008-08-11 21:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 14:35 . 2008-09-17 22:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 14:35 . 2008-09-17 22:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 14:57 . 2008-10-27 14:57 <DIR> d-------- c:\users\Joseph\AppData\Roaming\Instantbird
2008-10-22 16:13 . 2008-10-22 16:13 <DIR> d-------- c:\users\Joseph\AppData\Roaming\Wireshark
2008-10-22 16:03 . 2008-10-22 16:03 <DIR> d-------- c:\program files\Wireshark
2008-10-22 16:01 . 2008-10-22 16:01 <DIR> d-------- c:\users\Joseph\Temp
2008-10-15 22:40 . 2008-09-02 21:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-10-15 22:40 . 2008-09-02 21:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-10-15 22:39 . 2008-09-17 23:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-15 22:39 . 2008-09-17 23:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-15 22:39 . 2008-09-17 20:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-15 22:39 . 2008-10-01 19:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-15 22:39 . 2008-10-01 21:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-15 22:39 . 2008-08-26 19:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-07 17:41 . 2008-10-07 17:41 <DIR> d-------- c:\program files\BitTorrent
2008-10-07 16:24 . 2008-10-07 16:24 <DIR> d-------- c:\users\Joseph\AppData\Roaming\Acoustica
2008-10-07 16:24 . 2007-08-07 10:32 57,344 --a------ c:\windows\System32\Wnaspint.dll
2008-10-07 16:19 . 2008-10-07 16:19 <DIR> d-------- c:\users\All Users\Acoustica
2008-10-07 16:19 . 2008-10-07 16:19 <DIR> d-------- c:\programdata\Acoustica
2008-10-02 18:26 . 2008-10-02 18:26 64,960 --a------ c:\windows\System32\drivers\stcp2v30.sys
2008-10-01 18:29 . 2008-10-01 18:29 <DIR> d-------- c:\program files\Replay Media Catcher
2008-10-01 12:01 . 2008-10-01 12:01 32,000 --a------ c:\windows\System32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 02:25 --------- d-----w c:\users\Joseph\AppData\Roaming\DNA
2008-11-28 23:36 --------- d-----w c:\programdata\avg8
2008-11-26 06:15 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 01:17 --------- d-----w c:\program files\Free Video Converter
2008-11-20 00:57 --------- d-----w c:\program files\Common Files\Adobe
2008-11-19 21:50 --------- d-----w c:\program files\Java
2008-11-18 00:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-17 00:02 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-17 00:02 --------- d-----w c:\program files\SUPERAntiSpyware
2008-11-17 00:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-16 22:28 691 ----a-w c:\users\Joseph\AppData\Roaming\GetValue.vbs
2008-11-16 22:28 6,096 ----a-w c:\windows\System32\tmp.reg
2008-11-16 22:28 35 ----a-w c:\users\Joseph\AppData\Roaming\SetValue.bat
2008-11-16 01:48 80,982 ----a-w c:\users\Joseph\AppData\Roaming\nvModes.dat
2008-10-30 00:48 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-10-30 00:47 --------- d-----w c:\program files\DVDVideoSoft
2008-10-16 08:15 --------- d-----w c:\program files\Windows Mail
2008-09-30 22:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-08-29 15:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-08-19 22:50 2,196 ----a-w c:\users\Joseph\AppData\Roaming\wklnhst.dat
2008-08-02 03:26 36,864 ----a-w c:\windows\System32\cdd.dll
2008-07-06 03:20 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-06 03:20 56 ---ha-w c:\programdata\ezsidmv.dat
2008-06-16 01:32 174 --sha-w c:\program files\desktop.ini
2008-03-23 10:34 47,360 ----a-w c:\users\Joseph\AppData\Roaming\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BitTorrent DNA"="c:\users\Joseph\Program Files\DNA\btdna.exe" [2008-11-11 342336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-02 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"DVDtoiPodConverter_upgrade"="c:\program files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" [2008-06-16 842240]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-17 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-28 64048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB196BDF-4D50-4B68-BD55-10E9173EF3AB}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CA6C467C-F80C-4393-A684-1A757088196E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1AE562DA-7309-453A-9981-14754F331E8B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{215A0E8B-F3B1-4142-9EDC-67844C866781}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FB8AC562-E60F-4011-B998-AC91AD9AB9A9}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BAF2F0A3-BD92-4F8F-BE0A-268C5AF5A2E8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D012D9F6-2140-435A-84C2-5468FCAFA85A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CCB39148-7984-4B64-B9C3-C4136001128B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3AB9E897-EFD5-46F8-A8FD-92524044A185}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4630CE96-7C84-4111-9852-86D38C21972F}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1DE49F4F-BDD8-4A96-BAC9-0AC8E6F7F4D7}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{FCD31A58-FE76-4B6B-AC45-834CD7C61567}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{62729D1F-DDC3-4146-90D7-7FF646A1DD49}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{62F059B4-5BEA-4E7B-99B5-179BACE7FF59}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{749529C2-0B77-4641-A32D-6CCFDD5DE21D}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{558385CE-C769-46FD-BE47-B4CB53A7E748}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{8F60680F-E754-4158-BB50-AA0221347D39}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{541F77DF-7080-47DE-B7DA-76FDE4906B2E}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{D5E09E17-2EC2-4C70-B326-249EDBD3558D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{06270978-4F63-4415-94AE-8EA252CCBB1C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{02BBBE0D-FCC6-4DDB-9112-3296A8F6B3C4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0573DBD7-8B56-4654-8C2B-EDDB2CD50BA0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{C59D8F73-97B8-44F6-BA4B-E01B1495B74F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{CB12C1FD-A9B8-4359-8C0A-CA2FE60731A0}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{518F5A67-5B2C-45B9-ACBE-9244DD8F6DBA}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{BBCEEA7B-6D71-4D56-B642-6682474ABACE}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{0EEAD5F3-1267-42AF-AFED-7ADF4C1405DB}c:\\program files\\vongo\\vongo.exe"= Disabled:UDP:c:\program files\vongo\vongo.exe:Vongo
"UDP Query User{57CB106B-4468-4738-8ED3-EFD3505C1322}c:\\program files\\vongo\\vongo.exe"= Disabled:TCP:c:\program files\vongo\vongo.exe:Vongo
"{EE082EB7-4E97-4C12-A8EE-200BCDEBD9C0}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{AD67B736-BE51-4CE6-8EF9-35756E60E356}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{BA96E193-40A2-4B72-9FCF-A9C519D7C7BD}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{773CFEA6-1BC1-4599-A7DD-37B00B112288}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6FF4B3DA-76A2-46FB-B2A5-43F38E77756E}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{7094DD72-8417-43C0-A133-A3F2958029AB}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{26A8EED8-E304-4E40-95F3-11A5A9B6A507}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{FEF08E05-03EF-4414-A24B-EB12F0E4A73F}c:\\users\\joseph\\program files\\dna\\btdna.exe"= UDP:c:\users\joseph\program files\dna\btdna.exe:btdna.exe
"UDP Query User{3E665AF0-C819-4FC1-8577-351ADBA60E21}c:\\users\\joseph\\program files\\dna\\btdna.exe"= TCP:c:\users\joseph\program files\dna\btdna.exe:btdna.exe
"{B0A01112-6F3B-4FE9-824E-4CF29B8729D3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDB8E227-C998-4212-AD41-6B9BAD23BE57}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6B883066-2239-4E47-95A3-954F7BCE77AE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4A0B5134-A4A6-4531-A6B7-0D0C30B06023}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E7F74EF4-DA22-4DF2-9075-803C875C3F01}"= UDP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
"{A43D05CB-B205-4609-8005-0F4C0BFAA494}"= TCP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
"{1D7D27D3-271C-4C88-AFAC-21D87EC00089}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A8E85072-5955-4D55-A47F-7F437BAC621A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{93084950-2FE8-451F-920D-4F33D3E7059A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{09D4BE4B-666E-4F20-8DC8-83DF8A3F217E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-23 97928]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 23:12:32 41456]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-23 231704]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R2 vmci;VMware vmci;\??\c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-15 29192]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Joseph.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-11-29 c:\windows\Tasks\User_Feed_Synchronization-{4F400403-B0BC-4B58-BA69-DE059B31A6F2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 01:33]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\q7rtj2oz.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1919967&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/firefox
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - c:\users\Joseph\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\windows\system32\npmirage.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 20:30:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-11-29 20:32:53
ComboFix-quarantined-files.txt 2008-11-30 02:32:51

Pre-Run: 40,547,909,632 bytes free
Post-Run: 40,514,379,776 bytes free

305 --- E O F --- 2008-11-12 03:04:15

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:18 PM, on 4/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Joseph\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Player Codec - {54202673-BD70-423C-AE57-5B2354567629} - C:\Windows\dsaip32b.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVDtoiPodConverter_upgrade] "C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" /upgrade
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Joseph\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9411 bytes

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 29 November 2008 - 10:14 PM

Please show hidden files and folders. Please visit HERE if you don't know how.
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\System32\baloon.exe
      c:\windows\system32\drivers\Ndisprot.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.



NEXT


Go to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and rename it as anything.exe and then do below..


Please re-open HijackThis (via anything.exe) and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Media Player Codec - {54202673-BD70-423C-AE57-5B2354567629} - C:\Windows\dsaip32b.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\Windows\dsaip32b.dll

Folder::
c:\program files\Search Settings
C:\Program Files\NetProject
c:\program files\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

SysRst::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 varney2613

varney2613
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:10:01 PM

Posted 29 November 2008 - 11:02 PM

When i tried with baloon.exe I was told that I do not have permission to open the file.
For Ndisprot.sys

Scanner ? Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.26 20081127213325 2008-11-27
-
3.055
AhnLab V3 2008.11.30.00 2008.11.30 2008-11-30
-
1.008
AntiVir 7.9.0.36 7.1.0.159 2008-11-29
TR/Agent.aqu.156672
1.578
Antiy 2.0.18 20081129.1772504 2008-11-29
-
0.120
Arcavir 1.0.5 200811291125 2008-11-29
-
1.202
Authentium 5.1.1 200811292253 2008-11-29
-
1.046
AVAST! 3.0.1 081129-0 2008-11-29
-
0.737
AVG 7.5.52.442 270.9.11/1820 2008-11-29
-
1.784
BitDefender 7.81008.2288713 7.22187 2008-11-30
-
2.087
CA (VET) 9.0.0.143 31.6.6234 2008-11-28
-
5.359
ClamAV 0.94.1 8696 2008-11-29
-
0.004
Comodo 2.11 2.0.0.712 2008-11-20
-
0.404
CP Secure 1.1.0.715 2008.11.30 2008-11-30
-
6.451
Dr.Web 4.44.0.9170 2008.11.29 2008-11-29
-
3.609
ewido 4.0.0.2 2008.11.29 2008-11-29
-
3.106
F-Prot 4.4.4.56 20081129 2008-11-29
-
1.042
F-Secure 5.51.6100 2008.11.29.01 2008-11-29
-
3.761
Fortinet 2.81-3.117 9.758 2008-11-29
-
0.171
GData 19.1733/19.128 20081130 2008-11-30
-
2.905
Ikarus T3.1.01.45 2008.11.30.71933 2008-11-30
-
3.511
JiangMin 11.0.706 2008.11.29 2008-11-29
-
1.336
Kaspersky 5.5.10 2008.11.30 2008-11-30
-
0.019
KingSoft 2008.9.8.18 2008.11.29.22 2008-11-29
-
0.674
McAfee 5.3.00 5449 2008-11-29
-
2.508
Microsoft 1.4104 2008.11.29 2008-11-29
-
4.009
mks_vir 2.01 2008.11.30 2008-11-30
-
2.557
Norman 5.93.01 5.93.00 2008-11-28
-
5.316
nProtect 2008-11-28.00 2630992 2008-11-28
-
3.473
Panda 9.05.01 2008.11.29 2008-11-29
-
2.357
Quick Heal 10.00 2008.11.29 2008-11-29
-
0.856
Rising 20.0 21.05.52.00 2008-11-29
-
0.250
Sophos 2.81.2 4.36 2008-11-30
-
1.885
Sunbelt 4674 4674 2008-11-04
-
0.502
Symantec 1.3.0.24 20081129.002 2008-11-29
-
0.186
The Hacker 6.3.1.1 v00169 2008-11-29
-
0.475
Trend Micro 8.700-1004 5.682.30 2008-11-29
-
0.023
VBA32 3.12.8.9 20081129.1054 2008-11-29
-
1.353
ViRobot 20081129 2008.11.29 2008-11-29
-
0.398
VirusBuster 4.5.11.10 10.94.10/729492 2008-11-29
-
0.925
NOTICE: It may be false positive by some scanners when they found a malware, so you should judge it by yourself.
Copy to clipboard


When I did a system scan I could not find
O2 - BHO: Media Player Codec - {54202673-BD70-423C-AE57-5B2354567629} - C:\Windows\dsaip32b.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

my Combofix log:

ComboFix 08-11-29.03 - Joseph 2008-11-29 21:43:58.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1004 [GMT -6:00]
Running from: c:\users\Joseph\Documents\Desktop\ComboFix.exe
Command switches used :: c:\users\Joseph\Documents\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\dsaip32b.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-29 18:46 . 2008-11-29 18:49 <DIR> d-------- c:\users\Joseph\AppData\Roaming\BitTorrent
2008-11-29 18:41 . 2008-11-29 18:41 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-29 18:39 . 2008-11-29 18:39 <DIR> d-------- C:\nup
2008-11-29 18:02 . 2008-11-29 18:51 118,784 --a------ c:\windows\System32\baloon.exe
2008-11-29 12:23 . 2008-11-29 12:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 12:23 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-29 12:23 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-28 22:44 . 2008-11-28 22:44 <DIR> d-------- c:\users\All Users\Macromedia
2008-11-28 22:43 . 2008-11-28 22:44 <DIR> d-------- c:\program files\Macromedia
2008-11-28 22:43 . 2008-11-28 22:46 <DIR> d-------- c:\program files\Common Files\Macromedia
2008-11-26 16:14 . 2008-11-26 16:15 <DIR> d-------- c:\program files\VideoTagger_Free_2008
2008-11-26 00:15 . 2008-11-26 00:15 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 00:15 . 2008-11-26 00:15 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-26 00:15 . 2008-11-26 00:15 <DIR> d-------- c:\program files\iTunes
2008-11-26 00:15 . 2008-11-26 00:15 <DIR> d-------- c:\program files\iPod
2008-11-26 00:13 . 2008-11-26 00:14 <DIR> d-------- c:\program files\QuickTime
2008-11-24 20:02 . 2008-11-24 20:02 <DIR> d-------- c:\users\Joseph\AppData\Roaming\VMware
2008-11-24 19:57 . 2008-10-28 23:00 399,920 --a------ c:\windows\System32\vmnat.exe
2008-11-24 19:57 . 2008-10-28 23:01 326,192 --a------ c:\windows\System32\vmnetdhcp.exe
2008-11-24 19:57 . 2008-10-28 17:03 55,856 --a------ c:\windows\System32\vnetinst.dll
2008-11-24 19:57 . 2008-10-28 17:03 50,736 -ra------ c:\windows\System32\vmnetbridge.dll
2008-11-24 19:57 . 2008-10-28 17:03 31,280 -ra------ c:\windows\System32\drivers\vmnetbridge.sys
2008-11-24 19:57 . 2008-10-28 23:01 26,288 --a------ c:\windows\System32\drivers\vmnetuserif.sys
2008-11-24 19:57 . 2008-10-28 17:03 18,736 -ra------ c:\windows\System32\drivers\vmnet.sys
2008-11-24 19:57 . 2008-10-28 17:03 16,560 --a------ c:\windows\System32\drivers\vmnetadapter.sys
2008-11-24 19:56 . 2008-10-28 23:00 723,504 --a------ c:\windows\System32\vnetlib.dll
2008-11-24 19:56 . 2008-10-28 23:01 23,216 --a------ c:\windows\System32\drivers\VMkbd.sys
2008-11-24 19:56 . 2008-11-24 19:56 1,024 --a------ C:\.rnd
2008-11-24 19:55 . 2008-11-29 21:49 <DIR> d-------- c:\users\All Users\VMware
2008-11-24 19:55 . 2008-11-29 21:49 <DIR> d-------- c:\programdata\VMware
2008-11-24 19:55 . 2008-11-24 19:55 <DIR> d-------- c:\program files\VMware
2008-11-17 18:51 . 2008-11-17 18:51 <DIR> d-------- c:\users\Joseph\AppData\Roaming\Final Draft
2008-11-17 18:50 . 2008-11-17 18:53 <DIR> d-------- c:\program files\Final Draft 6
2008-11-16 17:42 . 2008-11-16 17:42 <DIR> d-------- c:\users\Joseph\AppData\Roaming\Malwarebytes
2008-11-16 17:42 . 2008-11-16 17:42 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-16 17:42 . 2008-11-16 17:42 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-16 17:33 . 2008-11-16 17:33 <DIR> d-------- C:\fixwareout
2008-11-16 16:24 . 2008-10-10 07:58 82,944 --a------ c:\windows\System32\o4Patch.exe
2008-11-16 16:24 . 2008-10-10 07:58 82,944 --a------ c:\windows\System32\IEDFix.C.exe
2008-11-16 16:24 . 2008-08-18 11:19 82,432 --a------ c:\windows\System32\404Fix.exe
2008-11-15 00:41 . 2008-11-15 00:41 29,192 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-11 17:18 . 2008-09-09 21:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 17:18 . 2008-09-04 23:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 17:18 . 2008-08-26 19:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-07 20:55 . 2008-11-07 20:55 <DIR> d-------- c:\program files\SilverCreekCommonFiles
2008-11-07 20:55 . 2008-11-17 20:18 <DIR> d-------- c:\program files\Ruckus Buck's Dangerous Mines
2008-11-04 17:48 . 2007-07-25 12:48 172,032 --a------ c:\windows\System32\rixdicon.dll
2008-11-04 17:48 . 2007-08-08 20:42 45,568 --a------ c:\windows\System32\drivers\rimmptsk.sys
2008-11-04 17:48 . 2007-07-30 10:42 43,008 --a------ c:\windows\System32\drivers\rimsptsk.sys
2008-11-04 17:48 . 2007-07-30 11:54 38,400 --a------ c:\windows\System32\drivers\rixdptsk.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-10-29 19:08 . 2008-10-29 19:12 <DIR> d-------- c:\users\Joseph\AppData\Roaming\fretsonfire
2008-10-29 19:08 . 2008-10-29 19:08 <DIR> d-------- c:\program files\Frets on Fire
2008-10-28 23:01 . 2008-10-28 23:01 857,392 --a------ c:\windows\System32\drivers\vmx86.sys
2008-10-28 23:01 . 2008-10-28 23:01 54,960 --a------ c:\windows\System32\drivers\vmci.sys
2008-10-28 23:01 . 2008-10-28 23:01 32,304 --a------ c:\windows\System32\drivers\hcmon.sys
2008-10-28 18:45 . 2008-10-28 18:45 248,368 --a------ c:\windows\System32\vmnc.dll
2008-10-28 15:00 . 2008-08-05 03:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-28 15:00 . 2008-08-05 03:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-28 15:00 . 2008-08-05 03:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-28 15:00 . 2008-08-05 03:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-28 15:00 . 2008-08-05 03:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-28 14:35 . 2008-08-11 21:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-28 14:35 . 2008-09-17 22:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-28 14:35 . 2008-09-17 22:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 14:57 . 2008-10-27 14:57 <DIR> d-------- c:\users\Joseph\AppData\Roaming\Instantbird
2008-10-22 16:13 . 2008-10-22 16:13 <DIR> d-------- c:\users\Joseph\AppData\Roaming\Wireshark
2008-10-22 16:03 . 2008-10-22 16:03 <DIR> d-------- c:\program files\Wireshark
2008-10-22 16:01 . 2008-10-22 16:01 <DIR> d-------- c:\users\Joseph\Temp
2008-10-15 22:40 . 2008-09-02 21:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-10-15 22:40 . 2008-09-02 21:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-10-15 22:39 . 2008-09-17 23:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-15 22:39 . 2008-09-17 23:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-15 22:39 . 2008-09-17 20:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-15 22:39 . 2008-10-01 19:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-15 22:39 . 2008-10-01 21:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-15 22:39 . 2008-08-26 19:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-07 17:41 . 2008-10-07 17:41 <DIR> d-------- c:\program files\BitTorrent
2008-10-07 16:24 . 2008-10-07 16:24 <DIR> d-------- c:\users\Joseph\AppData\Roaming\Acoustica
2008-10-07 16:24 . 2007-08-07 10:32 57,344 --a------ c:\windows\System32\Wnaspint.dll
2008-10-07 16:19 . 2008-10-07 16:19 <DIR> d-------- c:\users\All Users\Acoustica
2008-10-07 16:19 . 2008-10-07 16:19 <DIR> d-------- c:\programdata\Acoustica
2008-10-02 18:26 . 2008-10-02 18:26 64,960 --a------ c:\windows\System32\drivers\stcp2v30.sys
2008-10-01 18:29 . 2008-10-01 18:29 <DIR> d-------- c:\program files\Replay Media Catcher
2008-10-01 12:01 . 2008-10-01 12:01 32,000 --a------ c:\windows\System32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 03:50 --------- d-----w c:\users\Joseph\AppData\Roaming\DNA
2008-11-28 23:36 --------- d-----w c:\programdata\avg8
2008-11-26 06:15 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 01:17 --------- d-----w c:\program files\Free Video Converter
2008-11-20 00:57 --------- d-----w c:\program files\Common Files\Adobe
2008-11-19 21:50 --------- d-----w c:\program files\Java
2008-11-18 00:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-17 00:02 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-17 00:02 --------- d-----w c:\program files\SUPERAntiSpyware
2008-11-17 00:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-16 22:28 691 ----a-w c:\users\Joseph\AppData\Roaming\GetValue.vbs
2008-11-16 22:28 35 ----a-w c:\users\Joseph\AppData\Roaming\SetValue.bat
2008-11-16 01:48 80,982 ----a-w c:\users\Joseph\AppData\Roaming\nvModes.dat
2008-10-30 00:48 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-10-30 00:47 --------- d-----w c:\program files\DVDVideoSoft
2008-10-16 08:15 --------- d-----w c:\program files\Windows Mail
2008-08-19 22:50 2,196 ----a-w c:\users\Joseph\AppData\Roaming\wklnhst.dat
2008-07-06 03:20 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-06 03:20 56 ---ha-w c:\programdata\ezsidmv.dat
2008-06-16 01:32 174 --sha-w c:\program files\desktop.ini
2008-03-23 10:34 47,360 ----a-w c:\users\Joseph\AppData\Roaming\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-29_20.31.18.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-30 00:54:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-30 03:49:20 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-30 00:56:07 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-11-30 03:50:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-11-30 02:30:42 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-30 03:50:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-11-30 03:50:02 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-30 00:57:00 10,066 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-491152621-1190200472-4122381296-1000_UserData.bin
+ 2008-11-30 03:51:24 10,328 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-491152621-1190200472-4122381296-1000_UserData.bin
- 2008-11-30 00:56:59 73,482 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-30 03:51:24 73,648 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-29 22:31:59 55,186 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-30 03:51:19 55,580 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BitTorrent DNA"="c:\users\Joseph\Program Files\DNA\btdna.exe" [2008-11-11 342336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-06-18 2142032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-02 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"DVDtoiPodConverter_upgrade"="c:\program files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" [2008-06-16 842240]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-17 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-28 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-28 64048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"c:\\Program Files\\Vongo\\VongoService.exe"= c:\program files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB196BDF-4D50-4B68-BD55-10E9173EF3AB}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CA6C467C-F80C-4393-A684-1A757088196E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1AE562DA-7309-453A-9981-14754F331E8B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{215A0E8B-F3B1-4142-9EDC-67844C866781}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FB8AC562-E60F-4011-B998-AC91AD9AB9A9}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BAF2F0A3-BD92-4F8F-BE0A-268C5AF5A2E8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D012D9F6-2140-435A-84C2-5468FCAFA85A}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CCB39148-7984-4B64-B9C3-C4136001128B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3AB9E897-EFD5-46F8-A8FD-92524044A185}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4630CE96-7C84-4111-9852-86D38C21972F}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1DE49F4F-BDD8-4A96-BAC9-0AC8E6F7F4D7}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{FCD31A58-FE76-4B6B-AC45-834CD7C61567}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{62729D1F-DDC3-4146-90D7-7FF646A1DD49}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{62F059B4-5BEA-4E7B-99B5-179BACE7FF59}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{749529C2-0B77-4641-A32D-6CCFDD5DE21D}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{558385CE-C769-46FD-BE47-B4CB53A7E748}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{8F60680F-E754-4158-BB50-AA0221347D39}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{541F77DF-7080-47DE-B7DA-76FDE4906B2E}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{D5E09E17-2EC2-4C70-B326-249EDBD3558D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{06270978-4F63-4415-94AE-8EA252CCBB1C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{02BBBE0D-FCC6-4DDB-9112-3296A8F6B3C4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0573DBD7-8B56-4654-8C2B-EDDB2CD50BA0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{C59D8F73-97B8-44F6-BA4B-E01B1495B74F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{CB12C1FD-A9B8-4359-8C0A-CA2FE60731A0}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{518F5A67-5B2C-45B9-ACBE-9244DD8F6DBA}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{BBCEEA7B-6D71-4D56-B642-6682474ABACE}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{0EEAD5F3-1267-42AF-AFED-7ADF4C1405DB}c:\\program files\\vongo\\vongo.exe"= Disabled:UDP:c:\program files\vongo\vongo.exe:Vongo
"UDP Query User{57CB106B-4468-4738-8ED3-EFD3505C1322}c:\\program files\\vongo\\vongo.exe"= Disabled:TCP:c:\program files\vongo\vongo.exe:Vongo
"{EE082EB7-4E97-4C12-A8EE-200BCDEBD9C0}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{AD67B736-BE51-4CE6-8EF9-35756E60E356}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{BA96E193-40A2-4B72-9FCF-A9C519D7C7BD}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{773CFEA6-1BC1-4599-A7DD-37B00B112288}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6FF4B3DA-76A2-46FB-B2A5-43F38E77756E}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{7094DD72-8417-43C0-A133-A3F2958029AB}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{26A8EED8-E304-4E40-95F3-11A5A9B6A507}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{FEF08E05-03EF-4414-A24B-EB12F0E4A73F}c:\\users\\joseph\\program files\\dna\\btdna.exe"= UDP:c:\users\joseph\program files\dna\btdna.exe:btdna.exe
"UDP Query User{3E665AF0-C819-4FC1-8577-351ADBA60E21}c:\\users\\joseph\\program files\\dna\\btdna.exe"= TCP:c:\users\joseph\program files\dna\btdna.exe:btdna.exe
"{B0A01112-6F3B-4FE9-824E-4CF29B8729D3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDB8E227-C998-4212-AD41-6B9BAD23BE57}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6B883066-2239-4E47-95A3-954F7BCE77AE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4A0B5134-A4A6-4531-A6B7-0D0C30B06023}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E7F74EF4-DA22-4DF2-9075-803C875C3F01}"= UDP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
"{A43D05CB-B205-4609-8005-0F4C0BFAA494}"= TCP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
"{1D7D27D3-271C-4C88-AFAC-21D87EC00089}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A8E85072-5955-4D55-A47F-7F437BAC621A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{93084950-2FE8-451F-920D-4F33D3E7059A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{09D4BE4B-666E-4F20-8DC8-83DF8A3F217E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-23 97928]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-02 23:12:32 41456]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-23 231704]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R2 vmci;VMware vmci;\??\c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-15 29192]
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Joseph.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-11-29 c:\windows\Tasks\User_Feed_Synchronization-{4F400403-B0BC-4B58-BA69-DE059B31A6F2}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 01:33]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 21:50:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\vmnat.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\System32\vmnetdhcp.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-11-29 21:58:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-30 03:58:22
ComboFix2.txt 2008-11-30 02:32:54

Pre-Run: 39,635,304,448 bytes free
Post-Run: 39,517,081,600 bytes free

315 --- E O F --- 2008-11-12 03:04:15



My HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:18 PM, on 4/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Joseph\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Player Codec - {54202673-BD70-423C-AE57-5B2354567629} - C:\Windows\dsaip32b.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVDtoiPodConverter_upgrade] "C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" /upgrade
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Joseph\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9411 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users