8 replies to this topic

[Jimmy-b]

Well basely i can't open Norton internet security software, malwarebytes, and everything chance back into old style looking.
Can't enable sound. Cannot connect to internet, not even getting directed, No internet at all

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:17, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DrvMon.exe
D:\Program Files\LG PC Suite\LG_MobileSync_Launcher.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.mynortonaccount.com/amsweb/faq....product_lang=EN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [LGMobileSyncLauncher] D:\Program Files\LG PC Suite\LG_MobileSync_Launcher.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1224987065562
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8313 bytes



Thanks for any help
Basely i just need to be able to open malwarebytes and hopely i will be able to scan and get rid of whatever i got! If i am wrong here Please state lol
Oh i try safe mode, but still it doesn't open.
I can open adware but, nothing appears

[AdvancedSetup]

Please copy to CD and take to infected PC. Try renaming the file if you need to. Try in Safe Mode if you need to and renaming there as well.


[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Yes to allow ComboFix to continue scanning for malware.
  
• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

[/indent]

[Jimmy-b]

Ok done, one slight problem, No internet= shouldn't install the repair thing

hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:01, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1224987065562
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6448 bytes


Next log

ComboFix 09-03-10.03 - Administrator 2009-03-11 22:55:28.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.347 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-7-7-26-100010408-100016816-100005607-1397.com
c:\windows\system32\drivers\gaopdxujnvxjkciqhoewiomtawxwgrrfwbwegu.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxmltjlftywvkigbiwbsnuirykmpfqxorx.dll
D:\Autorun.inf
d:\recycler\S-0-6-95-100029442-100000497-100027091-6595.com
d:\recycler\S-2-7-24-100030819-100029035-100031815-6264.com
d:\recycler\S-7-7-26-100010408-100016816-100005607-1397.com

----- BITS: Possible infected sites -----

hxxp://sunmicro.ht.rd.llnw.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.

2009-03-11 13:35 . 2003-08-02 13:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-03-11 13:35 . 2003-08-02 14:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterTrust
2009-03-11 13:35 . 2009-03-11 13:36 <DIR> d-------- c:\documents and settings\Administrator
2009-03-10 21:37 . 2009-02-16 13:44 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-10 19:01 . 2009-03-10 19:01 <DIR> d-------- c:\documents and settings\Derek\Application Data\ATI
2009-03-09 23:41 . 2008-10-27 17:37 4,499,280 --a------ c:\windows\system32\D3dx9d_40.dll
2009-03-09 23:41 . 2008-10-27 17:37 3,796,816 --a------ c:\windows\system32\d3dx9d_33.dll
2009-03-09 23:41 . 2008-10-27 17:37 3,084,624 --a------ c:\windows\system32\d3d9d.dll
2009-03-09 23:41 . 2008-10-27 17:37 906,576 --a------ c:\windows\system32\xaudioD2_3.dll
2009-03-09 23:41 . 2008-10-27 17:36 496,464 --a------ c:\windows\system32\D3DX10d_40.dll
2009-03-09 23:41 . 2008-10-27 17:39 360,784 --a------ c:\windows\system32\XactEngineA3_3.dll
2009-03-09 23:41 . 2008-10-27 17:39 359,760 --a------ c:\windows\system32\dinput8d.dll
2009-03-09 23:41 . 2008-10-27 17:39 349,520 --a------ c:\windows\system32\d3dref9.dll
2009-03-09 23:41 . 2008-10-27 17:39 286,032 --a------ c:\windows\system32\XactEngineD3_3.dll
2009-03-09 23:41 . 2008-10-27 17:39 123,216 --a------ c:\windows\system32\XAPOFXD1_2.dll
2009-03-09 23:41 . 2008-10-27 17:38 47,440 --a------ c:\windows\system32\X3DAudioD1_5.dll
2009-03-09 23:36 . 2009-03-09 23:40 <DIR> d-------- c:\program files\Microsoft DirectX SDK (November 2008)
2009-03-09 23:35 . 2009-03-09 23:35 119,120 --a------ c:\windows\dxsdkuninst.exe
2009-03-09 22:03 . 2009-03-09 22:18 <DIR> d-------- c:\documents and settings\James\Application Data\Sports Interactive
2009-03-09 22:03 . 2009-03-09 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-03-09 21:50 . 2009-03-09 21:57 <DIR> d--h----- c:\program files\Zero G Registry
2009-03-09 21:49 . 2009-03-09 21:49 <DIR> d--h----- c:\documents and settings\James\InstallAnywhere
2009-03-09 19:12 . 2009-03-09 19:12 <DIR> d-------- c:\documents and settings\James\Application Data\DAEMON Tools Pro
2009-03-09 19:12 . 2009-03-09 19:12 <DIR> d-------- c:\documents and settings\James\Application Data\DAEMON Tools
2009-03-09 19:09 . 2009-03-09 19:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-09 19:08 . 2009-03-09 19:08 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-09 19:01 . 2009-03-09 19:18 <DIR> d-------- c:\documents and settings\James\Application Data\DAEMON Tools Lite
2009-03-09 19:01 . 2009-03-09 19:01 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-09 18:00 . 2009-03-09 18:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-03-01 23:08 . 2009-03-01 23:08 <DIR> d-------- c:\documents and settings\James\Application Data\CyberLink
2009-02-26 22:31 . 2009-02-26 22:31 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-26 22:31 . 2009-02-26 22:31 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-26 22:31 . 2009-02-26 22:31 <DIR> d-------- c:\program files\MSBuild
2009-02-26 22:29 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-26 21:59 . 2009-02-26 21:59 <DIR> d-------- c:\documents and settings\James\Application Data\ATI
2009-02-26 21:51 . 2006-05-03 11:57 520,192 --------- c:\windows\system32\ati2sgag.exe
2009-02-26 21:50 . 2009-02-26 21:50 <DIR> d-------- C:\ATI
2009-02-26 21:44 . 2009-02-26 21:44 10 --a------ c:\windows\WININIT.INI
2009-02-25 21:14 . 2009-02-25 21:14 <DIR> d-------- c:\program files\Monitor Calibration Wizard
2009-02-25 21:14 . 2009-02-25 21:14 7 --a------ c:\windows\INI2=No
2009-02-25 21:14 . 2009-02-25 21:14 7 --a------ c:\windows\INI1=No
2009-02-25 15:45 . 2009-02-25 15:45 <DIR> d-------- c:\documents and settings\James\Application Data\AVS4YOU
2009-02-25 15:44 . 2009-02-25 15:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-02-25 15:28 . 2009-02-26 18:21 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-02-25 15:27 . 2009-02-26 18:21 <DIR> d-------- c:\program files\AVS4YOU
2009-02-25 15:27 . 2008-08-13 10:22 974,848 --a------ c:\windows\system32\mfc70.dll
2009-02-25 15:27 . 2008-08-13 10:22 487,424 --a------ c:\windows\system32\msvcp70.dll
2009-02-25 15:27 . 2008-08-13 10:22 344,064 --a------ c:\windows\system32\msvcr70.dll
2009-02-25 15:27 . 2008-08-13 10:22 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-02-23 18:24 . 2009-02-23 18:24 <DIR> d-------- c:\windows\system32\Futuremark
2009-02-23 18:24 . 2009-02-23 18:24 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2009-02-23 18:24 . 2008-09-17 15:14 27,672 -ra------ c:\windows\system32\drivers\Entech.sys
2009-02-21 18:00 . 2009-02-21 18:00 <DIR> d-------- c:\documents and settings\James\Application Data\The Creative Assembly
2009-02-21 17:59 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-02-21 17:59 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-02-21 17:59 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-02-21 17:59 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-02-21 17:59 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-02-21 17:59 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-02-21 17:59 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-02-16 20:41 . 2009-03-11 13:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 20:41 . 2009-02-16 20:41 <DIR> d-------- c:\documents and settings\James\Application Data\Malwarebytes
2009-02-16 20:41 . 2009-02-16 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-16 20:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 20:41 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-16 13:44 . 2009-02-16 13:44 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-16 13:41 . 2009-02-16 13:41 <DIR> d-------- c:\program files\Lavasoft
2009-02-16 13:41 . 2009-02-16 13:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-16 13:41 . 2009-02-16 13:41 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 13:39 . 2009-02-18 10:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-16 12:13 . 2009-02-16 12:12 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-02-16 12:11 . 2009-02-16 12:11 <DIR> d-------- c:\windows\Sun
2009-02-16 12:11 . 2009-02-16 13:37 <DIR> d-------- c:\documents and settings\James\.housecall6.6
2009-02-16 12:06 . 2009-02-16 12:06 <DIR> d-------- C:\HJT
2009-02-16 12:02 . 2009-02-16 12:02 <DIR> d-------- c:\program files\Trend Micro
2009-02-16 11:43 . 2009-02-16 11:54 63,589,060 --a------ C:\SYM_REGISTRY_BACKUP.reg
2009-02-15 23:21 . 2009-02-15 23:21 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-02-15 13:02 . 2009-02-26 16:43 <DIR> d-------- C:\divx
2009-02-15 12:56 . 2008-11-06 16:37 129,784 --------- c:\windows\system32\pxafs.dll
2009-02-15 12:56 . 2008-11-06 16:37 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-02-15 12:56 . 2008-11-06 16:37 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-02-15 12:56 . 2008-11-06 16:37 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-15 12:56 . 2008-11-06 16:37 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-15 12:10 . 2009-02-15 12:10 <DIR> d-------- c:\program files\Cucusoft
2009-02-15 12:10 . 2004-10-12 14:40 2,255,360 --a------ c:\windows\system32\libavcodec.dll
2009-02-15 12:10 . 2004-10-12 14:46 1,761,280 --a------ c:\windows\system32\ffdshow.ax
2009-02-15 12:10 . 2004-10-05 16:16 395,776 --a------ c:\windows\system32\libmplayer.dll
2009-02-15 12:10 . 2004-10-12 14:42 262,144 --a------ c:\windows\system32\TomsMoComp_ff.dll
2009-02-15 12:10 . 2003-04-03 00:17 172,032 --a------ c:\windows\system32\ac3filter.ax
2009-02-15 12:10 . 2004-10-04 01:50 112,640 --a------ c:\windows\system32\libmpeg2_ff.dll
2009-02-15 00:35 . 2009-02-15 00:35 <DIR> d-------- c:\program files\GustoSoft
2009-02-14 22:56 . 2009-02-15 13:41 3,532 --a------ C:\drmHeader.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 20:41 --------- d-----w c:\documents and settings\James\Application Data\LimeWire
2009-03-09 18:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 21:53 --------- d-----w c:\program files\ATI Technologies
2009-02-26 18:17 --------- d-----w c:\program files\Combined Community Codec Pack
2009-02-15 12:59 --------- d-----w c:\documents and settings\James\Application Data\DivX
2009-02-15 12:56 --------- d-----w c:\program files\DivX
2009-02-08 20:12 --------- d-----w c:\documents and settings\Derek\Application Data\Apple Computer
2009-02-08 00:54 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-08 00:54 --------- d-----w c:\program files\Java
2009-01-31 16:06 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-29 23:05 --------- d-----w c:\documents and settings\James\Application Data\CopyTransControlCenter
2009-01-29 20:59 --------- d-----w c:\program files\GamersFirst
2009-01-28 16:09 --------- d-----w c:\documents and settings\James\Application Data\Media Player Classic
2009-01-21 13:45 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-20 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-20 22:33 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-20 22:33 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-20 22:33 36,272 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-01-20 22:33 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-20 22:33 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-20 22:33 --------- d-----w c:\program files\Symantec
2009-01-20 22:33 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-01-20 22:32 --------- d-----w c:\program files\Windows Sidebar
2009-01-20 22:32 --------- d-----w c:\program files\Norton Internet Security
2009-01-20 22:26 --------- d-----w c:\program files\NortonInstaller
2009-01-20 22:26 --------- d-----w c:\documents and settings\All Users\Application Data\PCSettings
2009-01-20 22:26 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-16 12:30 --------- d-----w c:\documents and settings\Christine\Application Data\U3
2009-01-13 08:57 --------- d-----w c:\documents and settings\James\Application Data\Uniblue
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-12-10 929224]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-02 4616192]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 509784]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"nwiz"="nwiz.exe" [2003-04-02 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\World of Warcraft\\Wow.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\empire total war demo\\Empire.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-16 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys [2009-01-20 309296]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-20 255536]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-20 362544]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090309.001\IDSxpx86.sys [2009-03-10 276344]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-20 115560]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-11-29 20608]
S3 cpuz130;cpuz130;\??\c:\docume~1\James\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\James\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-28 101936]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2008-12-10 29184]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-16 38496]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-11-30 36928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-7-7-26-100010408-100016816-100005607-1397.com c:\
\Shell\Open\command - c:\recycler\S-7-7-26-100010408-100016816-100005607-1397.com c:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-7-7-26-100010408-100016816-100005607-1397.com d:\
\Shell\Open\command - d:\recycler\S-7-7-26-100010408-100016816-100005607-1397.com d:\
.
Contents of the 'Scheduled Tasks' folder

2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 13:44]

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.club-vaio.sony-europe.com/
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 22:58:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-11 23:00:25
ComboFix-quarantined-files.txt 2009-03-11 23:00:22

Pre-Run: 10,094,993,408 bytes free
Post-Run: 10,169,335,808 bytes free

263 --- E O F --- 2009-02-25 08:30:35

[AdvancedSetup]

STEP 01
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines

KILLALL::

Registry::
[-HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]


Driver::
cpuz130

File::
c:\docume~1\James\LOCALS~1\Temp\cpuz130\cpuz_x32.sys

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  
• Disconnect from the Internet.
  
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  
• It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02

Download and install CCleaner

• CCleaner
  
• Double-click on the downloaded file "ccsetup217.exe" and install the application.
  
• Keep the default installation folder "C:\Program Files\CCleaner"
  
• Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"
  
• Click finish when done and close ALL PROGRAMS
  
• Start the CCleaner program.
  
• Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  
• Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  
• Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  
• Click on Run Cleaner button on the bottom right side of the program.
  
• Click OK to any prompts

STEP 03
Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Update
• When the update is complete, select the Scanner tab
  
• Select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

STEP 04
[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

• DDS.txt
  
• Attach.txt

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt

[/indent]

[Jimmy-b]

ComboFix 09-03-10.03 - Administrator 2009-03-12 8:49:51.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.370 [GMT 0:00]
Running from: N:\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\docume~1\James\LOCALS~1\Temp\cpuz130\cpuz_x32.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Service_cpuz130


((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-11 13:35 . 2003-08-02 13:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-03-11 13:35 . 2003-08-02 14:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterTrust
2009-03-11 13:35 . 2009-03-11 13:36 <DIR> d-------- c:\documents and settings\Administrator
2009-03-10 21:37 . 2009-02-16 13:44 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-10 19:01 . 2009-03-10 19:01 <DIR> d-------- c:\documents and settings\Derek\Application Data\ATI
2009-03-09 23:41 . 2008-10-27 17:37 4,499,280 --a------ c:\windows\system32\D3dx9d_40.dll
2009-03-09 23:41 . 2008-10-27 17:37 3,796,816 --a------ c:\windows\system32\d3dx9d_33.dll
2009-03-09 23:41 . 2008-10-27 17:37 3,084,624 --a------ c:\windows\system32\d3d9d.dll
2009-03-09 23:41 . 2008-10-27 17:37 906,576 --a------ c:\windows\system32\xaudioD2_3.dll
2009-03-09 23:41 . 2008-10-27 17:36 496,464 --a------ c:\windows\system32\D3DX10d_40.dll
2009-03-09 23:41 . 2008-10-27 17:39 360,784 --a------ c:\windows\system32\XactEngineA3_3.dll
2009-03-09 23:41 . 2008-10-27 17:39 359,760 --a------ c:\windows\system32\dinput8d.dll
2009-03-09 23:41 . 2008-10-27 17:39 349,520 --a------ c:\windows\system32\d3dref9.dll
2009-03-09 23:41 . 2008-10-27 17:39 286,032 --a------ c:\windows\system32\XactEngineD3_3.dll
2009-03-09 23:41 . 2008-10-27 17:39 123,216 --a------ c:\windows\system32\XAPOFXD1_2.dll
2009-03-09 23:41 . 2008-10-27 17:38 47,440 --a------ c:\windows\system32\X3DAudioD1_5.dll
2009-03-09 23:36 . 2009-03-09 23:40 <DIR> d-------- c:\program files\Microsoft DirectX SDK (November 2008)
2009-03-09 23:35 . 2009-03-09 23:35 119,120 --a------ c:\windows\dxsdkuninst.exe
2009-03-09 22:03 . 2009-03-09 22:18 <DIR> d-------- c:\documents and settings\James\Application Data\Sports Interactive
2009-03-09 22:03 . 2009-03-09 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-03-09 21:50 . 2009-03-09 21:57 <DIR> d--h----- c:\program files\Zero G Registry
2009-03-09 21:49 . 2009-03-09 21:49 <DIR> d--h----- c:\documents and settings\James\InstallAnywhere
2009-03-09 19:12 . 2009-03-09 19:12 <DIR> d-------- c:\documents and settings\James\Application Data\DAEMON Tools Pro
2009-03-09 19:12 . 2009-03-09 19:12 <DIR> d-------- c:\documents and settings\James\Application Data\DAEMON Tools
2009-03-09 19:09 . 2009-03-09 19:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-09 19:08 . 2009-03-09 19:08 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-09 19:01 . 2009-03-09 19:18 <DIR> d-------- c:\documents and settings\James\Application Data\DAEMON Tools Lite
2009-03-09 19:01 . 2009-03-09 19:01 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-09 18:00 . 2009-03-09 18:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-03-01 23:08 . 2009-03-01 23:08 <DIR> d-------- c:\documents and settings\James\Application Data\CyberLink
2009-02-26 22:31 . 2009-02-26 22:31 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-26 22:31 . 2009-02-26 22:31 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-26 22:31 . 2009-02-26 22:31 <DIR> d-------- c:\program files\MSBuild
2009-02-26 22:29 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-02-26 21:59 . 2009-02-26 21:59 <DIR> d-------- c:\documents and settings\James\Application Data\ATI
2009-02-26 21:51 . 2006-05-03 11:57 520,192 --------- c:\windows\system32\ati2sgag.exe
2009-02-26 21:50 . 2009-02-26 21:50 <DIR> d-------- C:\ATI
2009-02-26 21:44 . 2009-02-26 21:44 10 --a------ c:\windows\WININIT.INI
2009-02-25 21:14 . 2009-02-25 21:14 <DIR> d-------- c:\program files\Monitor Calibration Wizard
2009-02-25 21:14 . 2009-02-25 21:14 7 --a------ c:\windows\INI2=No
2009-02-25 21:14 . 2009-02-25 21:14 7 --a------ c:\windows\INI1=No
2009-02-25 15:45 . 2009-02-25 15:45 <DIR> d-------- c:\documents and settings\James\Application Data\AVS4YOU
2009-02-25 15:44 . 2009-02-25 15:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-02-25 15:28 . 2009-02-26 18:21 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-02-25 15:27 . 2009-02-26 18:21 <DIR> d-------- c:\program files\AVS4YOU
2009-02-25 15:27 . 2008-08-13 10:22 974,848 --a------ c:\windows\system32\mfc70.dll
2009-02-25 15:27 . 2008-08-13 10:22 487,424 --a------ c:\windows\system32\msvcp70.dll
2009-02-25 15:27 . 2008-08-13 10:22 344,064 --a------ c:\windows\system32\msvcr70.dll
2009-02-25 15:27 . 2008-08-13 10:22 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-02-23 18:24 . 2009-02-23 18:24 <DIR> d-------- c:\windows\system32\Futuremark
2009-02-23 18:24 . 2009-02-23 18:24 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2009-02-23 18:24 . 2008-09-17 15:14 27,672 -ra------ c:\windows\system32\drivers\Entech.sys
2009-02-21 18:00 . 2009-02-21 18:00 <DIR> d-------- c:\documents and settings\James\Application Data\The Creative Assembly
2009-02-21 17:59 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-02-21 17:59 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-02-21 17:59 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-02-21 17:59 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-02-21 17:59 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-02-21 17:59 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-02-21 17:59 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-02-16 20:41 . 2009-03-11 13:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-16 20:41 . 2009-02-16 20:41 <DIR> d-------- c:\documents and settings\James\Application Data\Malwarebytes
2009-02-16 20:41 . 2009-02-16 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-16 20:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 20:41 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-16 13:44 . 2009-02-16 13:44 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-16 13:41 . 2009-02-16 13:41 <DIR> d-------- c:\program files\Lavasoft
2009-02-16 13:41 . 2009-02-16 13:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-16 13:41 . 2009-02-16 13:41 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 13:39 . 2009-02-18 10:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-16 12:13 . 2009-02-16 12:12 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-02-16 12:11 . 2009-02-16 12:11 <DIR> d-------- c:\windows\Sun
2009-02-16 12:11 . 2009-02-16 13:37 <DIR> d-------- c:\documents and settings\James\.housecall6.6
2009-02-16 12:06 . 2009-02-16 12:06 <DIR> d-------- C:\HJT
2009-02-16 12:02 . 2009-02-16 12:02 <DIR> d-------- c:\program files\Trend Micro
2009-02-16 11:43 . 2009-02-16 11:54 63,589,060 --a------ C:\SYM_REGISTRY_BACKUP.reg
2009-02-15 23:21 . 2009-02-15 23:21 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-02-15 13:02 . 2009-02-26 16:43 <DIR> d-------- C:\divx
2009-02-15 12:56 . 2008-11-06 16:37 129,784 --------- c:\windows\system32\pxafs.dll
2009-02-15 12:56 . 2008-11-06 16:37 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-02-15 12:56 . 2008-11-06 16:37 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-02-15 12:56 . 2008-11-06 16:37 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-15 12:56 . 2008-11-06 16:37 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-15 12:10 . 2009-02-15 12:10 <DIR> d-------- c:\program files\Cucusoft
2009-02-15 12:10 . 2004-10-12 14:40 2,255,360 --a------ c:\windows\system32\libavcodec.dll
2009-02-15 12:10 . 2004-10-12 14:46 1,761,280 --a------ c:\windows\system32\ffdshow.ax
2009-02-15 12:10 . 2004-10-05 16:16 395,776 --a------ c:\windows\system32\libmplayer.dll
2009-02-15 12:10 . 2004-10-12 14:42 262,144 --a------ c:\windows\system32\TomsMoComp_ff.dll
2009-02-15 12:10 . 2003-04-03 00:17 172,032 --a------ c:\windows\system32\ac3filter.ax
2009-02-15 12:10 . 2004-10-04 01:50 112,640 --a------ c:\windows\system32\libmpeg2_ff.dll
2009-02-15 00:35 . 2009-02-15 00:35 <DIR> d-------- c:\program files\GustoSoft
2009-02-14 22:56 . 2009-02-15 13:41 3,532 --a------ C:\drmHeader.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 20:41 --------- d-----w c:\documents and settings\James\Application Data\LimeWire
2009-03-09 18:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 21:53 --------- d-----w c:\program files\ATI Technologies
2009-02-26 18:17 --------- d-----w c:\program files\Combined Community Codec Pack
2009-02-15 12:59 --------- d-----w c:\documents and settings\James\Application Data\DivX
2009-02-15 12:56 --------- d-----w c:\program files\DivX
2009-02-08 20:12 --------- d-----w c:\documents and settings\Derek\Application Data\Apple Computer
2009-02-08 00:54 --------- d-----w c:\program files\Java
2009-01-31 16:06 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-29 23:05 --------- d-----w c:\documents and settings\James\Application Data\CopyTransControlCenter
2009-01-29 20:59 --------- d-----w c:\program files\GamersFirst
2009-01-28 16:09 --------- d-----w c:\documents and settings\James\Application Data\Media Player Classic
2009-01-21 13:45 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-20 22:34 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-20 22:33 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-20 22:33 36,272 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-01-20 22:33 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-20 22:33 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-20 22:33 --------- d-----w c:\program files\Symantec
2009-01-20 22:33 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-01-20 22:32 --------- d-----w c:\program files\Windows Sidebar
2009-01-20 22:32 --------- d-----w c:\program files\Norton Internet Security
2009-01-20 22:26 --------- d-----w c:\program files\NortonInstaller
2009-01-20 22:26 --------- d-----w c:\documents and settings\All Users\Application Data\PCSettings
2009-01-20 22:26 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-16 12:30 --------- d-----w c:\documents and settings\Christine\Application Data\U3
2009-01-13 08:57 --------- d-----w c:\documents and settings\James\Application Data\Uniblue
.

((((((((((((((((((((((((((((( SnapShot@2009-03-11_22.59.12.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 20:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-04-02 4616192]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 509784]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"nwiz"="nwiz.exe" [2003-04-02 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\World of Warcraft\\Wow.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\empire total war demo\\Empire.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-16 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys [2009-01-20 309296]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-20 255536]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-20 362544]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090309.001\IDSxpx86.sys [2009-03-10 276344]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-20 115560]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-11-29 20608]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-28 101936]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2008-12-10 29184]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-16 38496]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-11-30 36928]
.
Contents of the 'Scheduled Tasks' folder

2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 13:44]

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.club-vaio.sony-europe.com/
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 08:53:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-03-12 8:57:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 08:57:56
ComboFix2.txt 2009-03-11 23:00:26

Pre-Run: 10,179,592,192 bytes free
Post-Run: 10,090,553,344 bytes free

249 --- E O F --- 2009-02-25 08:30:35






Malwarebytes' Anti-Malware 1.34
Database version: 1840
Windows 5.1.2600 Service Pack 3

12/03/2009 15:55:07
mbam-log-2009-03-12 (15-55-07).txt

Scan type: Quick Scan
Objects scanned: 77103
Time elapsed: 13 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.






DDS (Ver_09-02-01.01) - NTFSx86
Run by James at 15:56:19.92 on 12/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.279 [GMT 0:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DrvMon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\James\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com
uInternet Connection Wizard,ShellNext = https://www.mynortonaccount.com/amsweb/faq....product_lang=EN
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
uRun: [LGMobileSyncLauncher] d:\program files\lg pc suite\LG_MobileSync_Launcher.exe
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.update
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224987065562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\james\applic~1\mozilla\firefox\profiles\urn5idxt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-16 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1002000.007\SymEFA.sys [2009-1-20 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2009-1-20 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2009-1-20 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090310.003\IDSxpx86.sys [2009-3-12 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2009-1-20 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-28 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090311.049\NAVENG.SYS [2009-3-12 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090311.049\NAVEX15.SYS [2009-3-12 876144]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-11-29 20608]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2008-12-10 29184]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-11-30 36928]

=============== Created Last 30 ================


==================== Find3M ====================

2009-02-26 21:34 3,580 a------- c:\windows\system32\d3d9caps.dat
2009-02-08 00:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-20 22:33 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-20 22:33 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-20 22:33 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-20 22:33 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-20 22:33 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-20 23:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 15:57:17.46 ===============





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:01, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1224987065562
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6448 bytes


DDS (Ver_09-02-01.01) - NTFSx86
Run by James at 15:56:19.92 on 12/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.279 [GMT 0:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DrvMon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\James\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com
uInternet Connection Wizard,ShellNext = https://www.mynortonaccount.com/amsweb/faq....product_lang=EN
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
uRun: [LGMobileSyncLauncher] d:\program files\lg pc suite\LG_MobileSync_Launcher.exe
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.update
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224987065562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\james\applic~1\mozilla\firefox\profiles\urn5idxt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-16 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1002000.007\SymEFA.sys [2009-1-20 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2009-1-20 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2009-1-20 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090310.003\IDSxpx86.sys [2009-3-12 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2009-1-20 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-28 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090311.049\NAVENG.SYS [2009-3-12 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090311.049\NAVEX15.SYS [2009-3-12 876144]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-11-29 20608]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2008-12-10 29184]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-11-30 36928]

=============== Created Last 30 ================


==================== Find3M ====================

2009-02-26 21:34 3,580 a------- c:\windows\system32\d3d9caps.dat
2009-02-08 00:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-20 22:33 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-20 22:33 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-20 22:33 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-20 22:33 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-20 22:33 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-20 23:15 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 15:57:17.46 ===============




Thanks

[Jimmy-b]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 26/10/2008 01:35:02
System Uptime: 03/12/2009 13:59:02 (-6382 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VX
Processor: Intel® Pentium® 4 CPU 2.60GHz | CPU 1 | 2593/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 8.842 GiB free.
D: is FIXED (NTFS) - 84 GiB total, 22.439 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()
N: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP99: 12/02/2009 14:37:12 - Software Distribution Service 3.0
RP100: 15/02/2009 14:23:55 - System Checkpoint
RP101: 17/02/2009 15:43:54 - System Checkpoint
RP102: 19/02/2009 00:05:22 - System Checkpoint
RP103: 20/02/2009 16:13:11 - System Checkpoint
RP104: 21/02/2009 17:57:21 - Installed DirectX
RP105: 22/02/2009 19:31:56 - System Checkpoint
RP106: 23/02/2009 18:24:36 - Installed Futuremark SystemInfo
RP107: 24/02/2009 19:30:55 - System Checkpoint
RP108: 25/02/2009 08:30:08 - Software Distribution Service 3.0
RP109: 26/02/2009 17:32:10 - System Checkpoint
RP110: 26/02/2009 21:14:47 - Installed Rome - Total War™
RP111: 26/02/2009 21:52:50 - Installed ATI Catalyst Control Center
RP112: 26/02/2009 22:29:29 - Installed %1 %2.
RP113: 26/02/2009 22:30:09 - Printer Driver Microsoft XPS Document Writer Installed
RP114: 28/02/2009 11:19:34 - System Checkpoint
RP115: 01/03/2009 23:00:11 - System Checkpoint
RP116: 02/03/2009 18:27:30 - Installed Barbarian Invasion
RP117: 04/03/2009 19:22:47 - System Checkpoint
RP118: 05/03/2009 16:19:33 - Installed Rome - Total War - Barbarian Invasion - patch 1.6
RP119: 05/03/2009 16:43:10 - Installed Rome - Total War - patch 1.5
RP120: 07/03/2009 00:59:14 - Removed Rome - Total War™
RP121: 07/03/2009 12:57:28 - Installed Rome - Total War™
RP122: 08/03/2009 14:35:42 - Installed Rome - Total War - Alexander
RP123: 08/03/2009 14:41:36 - Installed Rome: Total War - Barbarian Invasion
RP124: 08/03/2009 14:42:17 - Removed Rome: Total War - Barbarian Invasion
RP125: 08/03/2009 14:44:36 - Removed Rome - Total War™
RP126: 08/03/2009 15:52:04 - Removed Rome - Total War™
RP127: 08/03/2009 20:22:55 - Removed Rome - Total War - Alexander
RP128: 09/03/2009 17:59:49 - Installed WinZip 12.0
RP129: 09/03/2009 18:13:51 - Removed Rome - Total War™
RP130: 09/03/2009 18:53:08 - Removed WinZip 12.0
RP131: 09/03/2009 18:56:31 - Install Virtual CloneDrive
RP132: 09/03/2009 18:58:37 - Remove Virtual CloneDrive
RP133: 09/03/2009 19:01:34 - SPTD setup V1.56
RP134: 09/03/2009 21:58:01 - Installed DirectX
RP135: 09/03/2009 23:37:35 - Installed DirectX
RP136: 12/03/2009 10:00:46 - System Checkpoint

==== Installed Programs ======================


AAC Decoder
Ace DivX Player v2.1
Acrobat.com
Ad-Aware
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9
Agere Systems AC'97 Modem
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
Bonjour
BroadJump Client Foundation
CCleaner (remove only)
Combined Community Codec Pack 2008-09-21 16:18
DAEMON Tools Toolbar
Dawn Of War
Dawn of War - Dark Crusade
Dawn Of War - Winter Assault
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Empire: Total War Demo
Football Manager 2009
Futuremark SystemInfo
H.264 Decoder
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel® PRO Network Adapters and Drivers
ISP Selector
ISP Selector (English)
iTunes
Java™ 6 Update 11
LG PC Suite
LG USB Modem driver
Malwarebytes' Anti-Malware
Matroska Pack - Lazy Man's MKV 0.9.9
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (November 2008)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Monitor Calibration Wizard 1.0
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB925673)
Norton Internet Security
NVIDIA Windows 2000/XP Display Drivers
PowerDVD
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sony DV Shared Library
Steam
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Online Registration (English)
VAIO System Information
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VOR
War Rock
Warhammer 40,000: Dawn of War II - Beta
WebFldrs XP
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XLink Kai
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Toolbar
ZyDAS IEEE 802.11 b+g Wireless LAN - USB

==== Event Viewer Messages From Past Week ========

09/03/2009 18:53:52, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
10/03/2009 09:40:09, error: System Error [1003] - Error code 100000d1, parameter1 feb2f158, parameter2 00000002, parameter3 00000000, parameter4 f8a38d5d.
10/03/2009 18:41:29, error: DCOM [10005] - DCOM got error "%109" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
10/03/2009 18:42:07, error: Service Control Manager [7000] - The Network Location Awareness (NLA) service failed to start due to the following error: The pipe state is invalid.
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Windows Time service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Automatic Updates service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 2 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 3 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 2 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 3 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 3 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 4 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 4 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 5 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 5 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 3 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 6 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 6 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 7 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 7 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 8 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 8 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 9 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 9 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 10 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 10 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 4 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 11 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 11 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The pipe has been ended.
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 12 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 12 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 4 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 13 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 13 time(s).
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2009 18:42:07, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/03/2009 19:50:13, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 15 time(s).
10/03/2009 19:50:13, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 3 time(s).
10/03/2009 19:50:13, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 10 time(s).
10/03/2009 19:50:13, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 40 time(s).
10/03/2009 20:41:24, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 21 time(s).
10/03/2009 20:41:24, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 60 time(s).
10/03/2009 20:41:24, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 16 time(s).
10/03/2009 20:41:24, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 60 time(s).
10/03/2009 20:41:24, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/03/2009 21:32:35, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 26 time(s).
10/03/2009 21:39:46, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 27 time(s).
10/03/2009 21:39:46, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 74 time(s).
10/03/2009 21:42:14, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 28 time(s).
10/03/2009 21:42:14, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 12 time(s).
10/03/2009 21:42:14, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 77 time(s).
10/03/2009 21:51:26, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 4 time(s).
10/03/2009 21:51:26, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 32 time(s).
10/03/2009 21:51:26, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 94 time(s).
10/03/2009 21:53:48, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 33 time(s).
10/03/2009 21:53:48, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 96 time(s).
10/03/2009 21:57:09, error: DCOM [10005] - DCOM got error "%109" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/03/2009 23:04:21, error: DCOM [10005] - DCOM got error "%109" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/03/2009 12:48:01, error: DCOM [10005] - DCOM got error "%109" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/03/2009 13:06:07, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11/03/2009 13:06:37, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/03/2009 13:09:24, error: DCOM [10005] - DCOM got error "%230" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
11/03/2009 13:36:16, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/03/2009 13:36:32, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/03/2009 13:52:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/03/2009 14:28:36, error: DCOM [10005] - DCOM got error "%230" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================

Attached Files

•  Attach.txt   23.91K   13 downloads

[AdvancedSetup]

How is the computer running now?
Are there still any signs of an infection?



Just a note that Adobe Acrobat 5.0 is quite old and may have exploited code.
Please update Java™ 6 Update 11 to version 12
Microsoft .NET Framework 3.5 has a Service Pack 1 so you still need to get ALL the Microsoft Critical Updates.

[Jimmy-b]

Nope none, the only problem i still had was the sound wasn't working so i just reinstall the drivers and it all good..
Thanks a lot!!!

[AdvancedSetup]

Great, all looks good now.

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.

So how did I get infected in the first place?


[indent]At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.
Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Remove all but the most recent Restore Point on Windows XP

[indent]You should Create a New Restore Point to prevent possible reinfection from an old one.
Some of the malware you picked up could have been saved in System Restore.
Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.
Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
  
• If the shortcut is missing you can also click on START > RUN > and type in %SystemRoot%\system32\restore\rstrui.exe and click OK
  
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
  
• Give the new Restore Point a name, then click "Create".
  
• The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

• Then use the Disk Cleanup to remove all but the most recently created Restore Point.
  
• Go to Start > Run and type: Cleanmgr.exe
  
• Select the drive where Windows is installed and click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  
• Click the "More Options" tab, then click the "Clean up" button under System Restore.
  
• Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  
• Click Yes, then click Ok.
  
• Click Yes again when prompted with "Are you sure you want to perform these actions?"
  
• Disk Cleanup will remove the files and close automatically.
  
• On the Disk Cleanup tab, if the System Restore: Obsolete Data Stores entry is available remove them also.
  
• These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them.

[indent] [/indent]

Additional information
Microsoft KB article: How to turn off and turn on System Restore in Windows XP
Bert Kinney's site: All about Windows System Restore[/indent]

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install hpHosts
Download it from here
hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,
tracking and malicious websites. This prevents your computer from connecting to these untrusted sites
by redirecting them to 127.0.0.1 which is your own local computer.
hpHosts Support Forum

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note 1: If you are running Windows XP SP2, you should upgrade to SP3.
Note 2: Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.
The security suite can then be reinstalled afterwards.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.
I recommend Online Armor Free

A little outdated but good reading on how to prevent Malware

Keep safe online and happy surfing.



Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions


Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help
If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org[/indent]