Solve : Please help, I use my comp at work and hit by Antivirus 2008,

1.	Solve : Please help, I use my comp at work and hit by Antivirus 2008, all logs included?
Answer» I have it too. I have already run through the entire "start here" post. I have attached the logs below. I do use my computer for work, but i own it. There are some programs I need for work, specifically the VNC server, and Trend Micro Security Agent. I am very familiar with COMPUTERS and the Windows platform, though "Expert" may be a little over rated, I definitely fall closer to Expert than Familiar on your scale. Here are the issues, as noted per item, some were resolved by the "start here" procedures which I have already run ALL of. 1. Started with a popup screen that said I needed to install "Antivirus 2008" etc. (remedied by the "start here" steps) 2. Desktop was changed to a blue boundary, with a centered image stating that I needed to install an antivirus software, and that two viruses or spy ware items were found. ALSO, upon attempting to change my desktop back, the tab in the properties for the desktop was not there. (remedied by the "start here" steps) 3. On opening: IE the home page was set to blank, and upon typing in a URL would report either no connection or website is busy. (has improved after running through "start here" steps, see next item) 4. Within Firefox: any anti virus website (any other websites connect just fine) that I tried to connect to (via typing in the URL or via links on a search engine) will redirect to any number of other pages, INCLUDING search engines or ads. The same links or URLs do not connect to the same redirected site each time they are clicked or typed in. After running all of the "start here" steps IE is now doing the same thing as Firefox. I did have to run the SAS 2x's as my comp kept crashing in the middle, so there are two logs. Here are the logs: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/21/2008 at 10:55 AM Application Version : 4.21.1004 Core Rules Database Version : 3575 Trace Rules Database Version: 1563 Scan type : Complete Scan Total Scan Time : 00:30:50 Memory items scanned : 435 Memory threats detected : 1 Registry items scanned : 7581 Registry threats detected : 1 File items scanned : 29997 File threats detected : 39 Trojan.Dropper/SVCHost-Fake C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE [SVCHOST.EXE] C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE Adware.Tracking Cookie C:\Documents and Settings\Julie\Cookies\[emailprotected][2].txt C:\Documents and Settings\Julie\Cookies\[emailprotected][1].txt .overture.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .overture.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .apmebf.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .doubleclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .interclick.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] cache.trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .adopt.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .adopt.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .adopt.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .adopt.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .adopt.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .atdmt.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .casalemedia.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] .dynamic.media.adrevolver.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] ad.yieldmanager.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] media.adrevolver.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ] Rogue.AntiVirus 2008 C:\WINDOWS\SYSTEM32\PHCVHSJ0ERTQ.BMP SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/21/2008 at 12:31 PM Application Version : 4.21.1004 Core Rules Database Version : 3575 Trace Rules Database Version: 1563 Scan type : Complete Scan Total Scan Time : 01:08:47 Memory items scanned : 428 Memory threats detected : 0 Registry items scanned : 7557 Registry threats detected : 0 File items scanned : 124622 File threats detected : 1 NotHarmful.Sysinternals Bluescreen Screen Saver C:\WINDOWS\SYSTEM32\BLPHCVHSJ0ERTQ.SCR Malwarebytes' Anti-Malware 1.28 Database version: 1188 Windows 5.1.2600 Service Pack 3 9/21/2008 1:04:30 PM mbam-log-2008-09-21 (13-04-30).txt Scan type: Quick Scan Objects scanned: 51133 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 3 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhcrhsj0ertq (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcvhsj0ertq (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot. Remaining log in following post, due to space constraints.Here is the remaining log file, thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:30:22 PM, on 9/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\TEMP\VVEDB5.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Trend Micro\HijackThis\Sniper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/setup.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/RemoveCtrl.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/petshophop/petshophopweb.1.0.0.15.cab O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} (CPlayFirstDreamChronControl Object) - http://download.playfirst.com/play/game/dreamchronicles2/dream2web.1.0.0.13.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 10949 bytes I would appreciate any help you can offer, Thanks, JulieHello Julienoel. If you are still needing help please run a new HijackThis scan and post the log. Thanks.Here is today's log file, yes i still need some assistance. I still cannot access any antivirus related web sites. the other issues have been resolved with the 5 steps, but this redirection thing is still hanging on. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:04:04 PM, on 9/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\TEMP\DX3B36.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Trend Micro\HijackThis\Sniper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/setup.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/RemoveCtrl.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/petshophop/petshophopweb.1.0.0.15.cab O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} (CPlayFirstDreamChronControl Object) - http://download.playfirst.com/play/game/dreamchronicles2/dream2web.1.0.0.13.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 10804 bytes Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. http://rapidshare.com/files/147594550/ComboFix.exe.html Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important:** Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.OK, here is the combo fix log, thanks for you response. I can open mcafee now! ANYTHING else i should do? ComboFix 08-09-20.05 - Julie 2008-09-22 20:22:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.603 [GMT -7:00] Running from: C:\Documents and Settings\Julie\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Julie\Application Data\inst.exe C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\tdssadw.dll C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdssl.dll C:\WINDOWS\system32\tdsslog.dll C:\WINDOWS\system32\tdssmain.dll C:\WINDOWS\system32\tdssserf.dll C:\WINDOWS\system32\tdssservers.dat C:\WINDOWS\system32\windows_update.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 ))))))))))))))))))))))))))))))) . 2008-09-21 20:45 . 2006-01-23 16:29106,496--a------C:\WINDOWS\system32\ssPlantasia.scr 2008-09-21 13:05 . 2008-09-21 13:0561,440--a------C:\WINDOWS\system32\drivers\islsep.sys 2008-09-21 12:49 . 2008-09-21 12:49d--------C:\Documents and Settings\Julie\Application Data\Malwarebytes 2008-09-21 12:48 . 2008-09-21 12:50d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-09-21 12:48 . 2008-09-21 12:48d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-21 12:48 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-21 12:48 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys 2008-09-20 23:30 . 2005-11-03 00:29163,840--a------C:\tmdbg20.dll 2008-09-20 23:30 . 2005-11-03 00:30127,049--a------C:\LogServer.exe 2008-09-20 22:52 . 2008-09-20 22:52d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\SUPERAntiSpyware 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\Common Files\Wise Installation Wizard 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Documents and Settings\Julie\Application Data\SUPERAntiSpyware.com 2008-09-20 22:50 . 2008-09-20 22:5049--a------C:\OfcDebug.ini 2008-09-20 21:41 . 2008-09-20 23:29d--------C:\WINDOWS\SxsCaPendDel 2008-09-20 21:08 . 2008-09-21 11:21d--------C:\Program Files\Enigma Software Group 2008-09-20 19:50 . 2008-09-20 19:50d--------C:\Program Files\CCleaner 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\scripting 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\en 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\bits 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\l2schemas 2008-09-03 08:58 . 2008-09-03 08:58d--------C:\WINDOWS\ServicePackFiles 2008-09-02 09:18 . 2008-09-02 09:18d--------C:\WINDOWS\Twain32 2008-09-01 19:33 . 2008-09-17 22:32d--------C:\Documents and Settings\All Users\Application Data\NeoEdge Networks 2008-09-01 13:55 . 2008-09-01 17:22d--------C:\Program Files\Plantasia_at 2008-09-01 00:23 . 2008-09-01 00:23d--------C:\Program Files\ReflexiveArcade 2008-08-31 23:17 . 2008-09-19 21:46d-a------C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-26 12:30 . 2008-08-26 14:54d--------C:\Program Files\MSECache 2008-08-25 00:40 . 2008-08-25 00:40268--ah-----C:\sqmdata13.sqm 2008-08-25 00:40 . 2008-08-25 00:40244--ah-----C:\sqmnoopt13.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-21 20:27---------d-----wC:\Program Files\Trend Micro 2008-09-21 20:23---------d-----wC:\Program Files\Java 2008-09-21 04:42---------d-----wC:\Program Files\WildTangent 2008-09-20 15:21---------d--h--wC:\Program Files\InstallShield Installation Information 2008-09-20 15:21---------d-----wC:\Program Files\NetWaiting 2008-09-20 07:37---------d-----wC:\Program Files\Yahoo! Games 2008-09-20 07:37---------d-----wC:\Program Files\Buildcity 2008-09-19 05:27---------d-----wC:\Documents and Settings\All Users\Application Data\HipSoft 2008-09-13 03:12---------d--h--wC:\Documents and Settings\Julie\Application Data\Move Networks 2008-09-12 04:01---------d-----wC:\Documents and Settings\Julie\Application Data\PlayFirst 2008-09-11 06:11---------d-----wC:\Program Files\PlayFirst 2008-09-05 04:21---------d-----wC:\Documents and Settings\Julie\Application Data\Mind Control Software 2008-09-03 18:15---------d-----wC:\Program Files\MSN Messenger 2008-09-02 00:230----a-wC:\Program Files\temp01 2008-07-19 05:1094,920----a-wC:\WINDOWS\system32\dllcache\cdm.dll 2008-07-19 05:1094,920----a-wC:\WINDOWS\system32\cdm.dll 2008-07-19 05:1053,448----a-wC:\WINDOWS\system32\wuauclt.exe 2008-07-19 05:1053,448----a-wC:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-19 05:1045,768----a-wC:\WINDOWS\system32\wups2.dll 2008-07-19 05:1036,552----a-wC:\WINDOWS\system32\wups.dll 2008-07-19 05:1036,552----a-wC:\WINDOWS\system32\dllcache\wups.dll 2008-07-19 05:09563,912----a-wC:\WINDOWS\system32\wuapi.dll 2008-07-19 05:09563,912----a-wC:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-19 05:09325,832----a-wC:\WINDOWS\system32\wucltui.dll 2008-07-19 05:09325,832----a-wC:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-19 05:09205,000----a-wC:\WINDOWS\system32\wuweb.dll 2008-07-19 05:09205,000----a-wC:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-19 05:091,811,656----a-wC:\WINDOWS\system32\wuaueng.dll 2008-07-19 05:091,811,656----a-wC:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-07 20:26253,952----a-wC:\WINDOWS\system32\es.dll 2008-07-07 20:26253,952------wC:\WINDOWS\system32\dllcache\es.dll 2008-06-25 01:12295,936------wC:\WINDOWS\system32\wmpeffects.dll 2008-06-24 17:573,592,192----a-wC:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-24 16:4374,240----a-wC:\WINDOWS\system32\mscms.dll 2008-06-24 16:4374,240------wC:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 09:2070,656------wC:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20625,664------wC:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:2013,824------wC:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-18 17:19774,144----a-wC:\Program Files\RngInterstitial.dll 2007-07-21 05:5547,360----a-wC:\Documents and Settings\Julie\Application Data\pcouffin.sys 2007-03-06 23:240----a-wC:\Documents and Settings\Julie\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-13 143360] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 102400] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-11-03 372813] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 118784] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 77824] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024] "MsmqIntCert"="mqrt.dll" [2008-04-13 C:\WINDOWS\system32\mqrt.dll] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP40"= SP40_32.DLL "VIDC.SP41"= SP4X_32.DLL "VIDC.SP42"= SP4X_32.DLL "VIDC.SP43"= SP4X_32.DLL "VIDC.SP44"= SP4X_32.DLL "VIDC.SP45"= SP4X_32.DLL "VIDC.SP46"= SP4X_32.DLL "VIDC.SP47"= SP4X_32.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= S3 ACRUSBTM;ACRUSBTM;C:\WINDOWS\system32\drivers\ACRUSBTM.SYS [2007-08-02 28672] S3 AVC1100;Adaptec AVC-1100 Video Capture;C:\WINDOWS\system32\DRIVERS\CA506AV.SYS [2002-07-21 175042] S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);C:\WINDOWS\system32\drivers\ca506aaf.sys [2002-07-21 14273] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://my.yahoo.com/ . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-22 20:26:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe?[emailprotected]? ?^???`[emailprotected]?[emailprotected] scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv] "imagepath"="\systemroot\system32\drivers\TDSSserv.sys" . Completion time: 2008-09-22 20:28:14 ComboFix-quarantined-files.txt 2008-09-23 03:28:10 Pre-Run: 13,698,949,120 bytes free Post-Run: 13,755,367,424 bytes free 205--- E O F ---2008-09-11 06:49:48 Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: File:: C:\WINDOWS\system32\drivers\islsep.sys C:\sqmdata13.sqm C:\sqmnoopt13.sqm Registry:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv] "imagepath"=- 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze*ok, here is the latest log file from combofix. Anything else? ComboFix 08-09-20.05 - Julie 2008-09-22 20:45:35.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.630 [GMT -7:00] Running from: C:\Documents and Settings\Julie\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Julie\Desktop\CFScript.txt Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\sqmdata13.sqm C:\sqmnoopt13.sqm C:\WINDOWS\system32\drivers\islsep.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\sqmdata13.sqm C:\sqmnoopt13.sqm C:\WINDOWS\system32\drivers\islsep.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSserv ((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 ))))))))))))))))))))))))))))))) . 2008-09-21 20:45 . 2006-01-23 16:29106,496--a------C:\WINDOWS\system32\ssPlantasia.scr 2008-09-21 12:49 . 2008-09-21 12:49d--------C:\Documents and Settings\Julie\Application Data\Malwarebytes 2008-09-21 12:48 . 2008-09-21 12:50d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-09-21 12:48 . 2008-09-21 12:48d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-21 12:48 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-21 12:48 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys 2008-09-20 23:30 . 2005-11-03 00:29163,840--a------C:\tmdbg20.dll 2008-09-20 23:30 . 2005-11-03 00:30127,049--a------C:\LogServer.exe 2008-09-20 22:52 . 2008-09-20 22:52d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\SUPERAntiSpyware 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\Common Files\Wise Installation Wizard 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Documents and Settings\Julie\Application Data\SUPERAntiSpyware.com 2008-09-20 22:50 . 2008-09-20 22:5049--a------C:\OfcDebug.ini 2008-09-20 21:41 . 2008-09-20 23:29d--------C:\WINDOWS\SxsCaPendDel 2008-09-20 21:08 . 2008-09-21 11:21d--------C:\Program Files\Enigma Software Group 2008-09-20 19:50 . 2008-09-20 19:50d--------C:\Program Files\CCleaner 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\scripting 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\en 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\bits 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\l2schemas 2008-09-03 08:58 . 2008-09-03 08:58d--------C:\WINDOWS\ServicePackFiles 2008-09-02 09:18 . 2008-09-02 09:18d--------C:\WINDOWS\Twain32 2008-09-01 19:33 . 2008-09-17 22:32d--------C:\Documents and Settings\All Users\Application Data\NeoEdge Networks 2008-09-01 13:55 . 2008-09-01 17:22d--------C:\Program Files\Plantasia_at 2008-09-01 00:23 . 2008-09-01 00:23d--------C:\Program Files\ReflexiveArcade 2008-08-31 23:17 . 2008-09-19 21:46d-a------C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-26 12:30 . 2008-08-26 14:54d--------C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-21 20:27---------d-----wC:\Program Files\Trend Micro 2008-09-21 20:23---------d-----wC:\Program Files\Java 2008-09-21 04:42---------d-----wC:\Program Files\WildTangent 2008-09-20 15:21---------d--h--wC:\Program Files\InstallShield Installation Information 2008-09-20 15:21---------d-----wC:\Program Files\NetWaiting 2008-09-20 07:37---------d-----wC:\Program Files\Yahoo! Games 2008-09-20 07:37---------d-----wC:\Program Files\Buildcity 2008-09-19 05:27---------d-----wC:\Documents and Settings\All Users\Application Data\HipSoft 2008-09-13 03:12---------d--h--wC:\Documents and Settings\Julie\Application Data\Move Networks 2008-09-12 04:01---------d-----wC:\Documents and Settings\Julie\Application Data\PlayFirst 2008-09-11 06:11---------d-----wC:\Program Files\PlayFirst 2008-09-05 04:21---------d-----wC:\Documents and Settings\Julie\Application Data\Mind Control Software 2008-09-03 18:15---------d-----wC:\Program Files\MSN Messenger 2008-09-02 00:230----a-wC:\Program Files\temp01 2007-10-18 17:19774,144----a-wC:\Program Files\RngInterstitial.dll 2007-07-21 05:5547,360----a-wC:\Documents and Settings\Julie\Application Data\pcouffin.sys 2007-03-06 23:240----a-wC:\Documents and Settings\Julie\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( [emailprotected]_20.27.46.91 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 03:02:28163,328----a-wC:\WINDOWS\erdnt\subs\ERDNT.EXE + 2005-11-03 07:30:32172,099----a-wC:\WINDOWS\temp\RV2FF6.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-13 143360] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 102400] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-11-03 372813] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 118784] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 77824] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024] "MsmqIntCert"="mqrt.dll" [2008-04-13 C:\WINDOWS\system32\mqrt.dll] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP40"= SP40_32.DLL "VIDC.SP41"= SP4X_32.DLL "VIDC.SP42"= SP4X_32.DLL "VIDC.SP43"= SP4X_32.DLL "VIDC.SP44"= SP4X_32.DLL "VIDC.SP45"= SP4X_32.DLL "VIDC.SP46"= SP4X_32.DLL "VIDC.SP47"= SP4X_32.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= S3 ACRUSBTM;ACRUSBTM;C:\WINDOWS\system32\drivers\ACRUSBTM.SYS [2007-08-02 28672] S3 AVC1100;Adaptec AVC-1100 Video Capture;C:\WINDOWS\system32\DRIVERS\CA506AV.SYS [2002-07-21 175042] S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);C:\WINDOWS\system32\drivers\ca506aaf.sys [2002-07-21 14273] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-22 20:49:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe?[emailprotected]? ?^???`[emailprotected]?[emailprotected] scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\msdtc.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\temp\RV2FF6.EXE C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\ComboFix\pv.cfexe . ********************************************************************** . Completion time: 2008-09-22 20:55:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-23 03:55:19 ComboFix2.txt 2008-09-23 03:28:15 Pre-Run: 13,733,888,000 bytes free Post-Run: 13,638,041,600 bytes free 203--- E O F ---2008-09-11 06:49:48 Chipping away..... Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: TDSSserv 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart. Go to your desktop and double click on the removal tool and then click Setup. Once open Click Next Accept the license agreement and click Next Type in the letters/numbers that you see into the text box then click Next. Then click Next** and the tool will start running. Once finished restart the PC and run the tool again to ensure everything has been removed. Delete Nortonremoval tool from your Desktop. Here's the latest. this sure beats editing registries by hand, thats how i got rid of the last one, or tried to. ComboFix 08-09-20.05 - Julie 2008-09-22 21:09:46.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.636 [GMT -7:00] Running from: C:\Documents and Settings\Julie\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Julie\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 ))))))))))))))))))))))))))))))) . 2008-09-21 20:45 . 2006-01-23 16:29106,496--a------C:\WINDOWS\system32\ssPlantasia.scr 2008-09-21 12:49 . 2008-09-21 12:49d--------C:\Documents and Settings\Julie\Application Data\Malwarebytes 2008-09-21 12:48 . 2008-09-21 12:50d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-09-21 12:48 . 2008-09-21 12:48d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-21 12:48 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-21 12:48 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys 2008-09-20 23:30 . 2005-11-03 00:29163,840--a------C:\tmdbg20.dll 2008-09-20 23:30 . 2005-11-03 00:30127,049--a------C:\LogServer.exe 2008-09-20 22:52 . 2008-09-20 22:52d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\SUPERAntiSpyware 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\Common Files\Wise Installation Wizard 2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Documents and Settings\Julie\Application Data\SUPERAntiSpyware.com 2008-09-20 22:50 . 2008-09-20 22:5049--a------C:\OfcDebug.ini 2008-09-20 21:41 . 2008-09-20 23:29d--------C:\WINDOWS\SxsCaPendDel 2008-09-20 21:08 . 2008-09-21 11:21d--------C:\Program Files\Enigma Software Group 2008-09-20 19:50 . 2008-09-20 19:50d--------C:\Program Files\CCleaner 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\scripting 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\en 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\bits 2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\l2schemas 2008-09-03 08:58 . 2008-09-03 08:58d--------C:\WINDOWS\ServicePackFiles 2008-09-02 09:18 . 2008-09-02 09:18d--------C:\WINDOWS\Twain32 2008-09-01 19:33 . 2008-09-17 22:32d--------C:\Documents and Settings\All Users\Application Data\NeoEdge Networks 2008-09-01 13:55 . 2008-09-01 17:22d--------C:\Program Files\Plantasia_at 2008-09-01 00:23 . 2008-09-01 00:23d--------C:\Program Files\ReflexiveArcade 2008-08-31 23:17 . 2008-09-19 21:46d-a------C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-26 12:30 . 2008-08-26 14:54d--------C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-21 20:27---------d-----wC:\Program Files\Trend Micro 2008-09-21 20:23---------d-----wC:\Program Files\Java 2008-09-21 04:42---------d-----wC:\Program Files\WildTangent 2008-09-20 15:21---------d--h--wC:\Program Files\InstallShield Installation Information 2008-09-20 15:21---------d-----wC:\Program Files\NetWaiting 2008-09-20 07:37---------d-----wC:\Program Files\Yahoo! Games 2008-09-20 07:37---------d-----wC:\Program Files\Buildcity 2008-09-19 05:27---------d-----wC:\Documents and Settings\All Users\Application Data\HipSoft 2008-09-13 03:12---------d--h--wC:\Documents and Settings\Julie\Application Data\Move Networks 2008-09-12 04:01---------d-----wC:\Documents and Settings\Julie\Application Data\PlayFirst 2008-09-11 06:11---------d-----wC:\Program Files\PlayFirst 2008-09-05 04:21---------d-----wC:\Documents and Settings\Julie\Application Data\Mind Control Software 2008-09-03 18:15---------d-----wC:\Program Files\MSN Messenger 2008-09-02 00:230----a-wC:\Program Files\temp01 2007-10-18 17:19774,144----a-wC:\Program Files\RngInterstitial.dll 2007-07-21 05:5547,360----a-wC:\Documents and Settings\Julie\Application Data\pcouffin.sys 2007-03-06 23:240----a-wC:\Documents and Settings\Julie\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((( [emailprotected]_20.27.46.91 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 03:02:28163,328----a-wC:\WINDOWS\erdnt\subs\ERDNT.EXE + 2005-11-03 07:30:32172,099----a-wC:\WINDOWS\temp\HF359B.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-13 143360] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 102400] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-11-03 372813] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 118784] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 77824] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024] "MsmqIntCert"="mqrt.dll" [2008-04-13 C:\WINDOWS\system32\mqrt.dll] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.SP40"= SP40_32.DLL "VIDC.SP41"= SP4X_32.DLL "VIDC.SP42"= SP4X_32.DLL "VIDC.SP43"= SP4X_32.DLL "VIDC.SP44"= SP4X_32.DLL "VIDC.SP45"= SP4X_32.DLL "VIDC.SP46"= SP4X_32.DLL "VIDC.SP47"= SP4X_32.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= S3 ACRUSBTM;ACRUSBTM;C:\WINDOWS\system32\drivers\ACRUSBTM.SYS [2007-08-02 28672] S3 AVC1100;Adaptec AVC-1100 Video Capture;C:\WINDOWS\system32\DRIVERS\CA506AV.SYS [2002-07-21 175042] S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);C:\WINDOWS\system32\drivers\ca506aaf.sys [2002-07-21 14273] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-22 21:14:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... C:\WINDOWS\explorer.exe [3148] 0x86086BC0 scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe?[emailprotected]? ?^???`[emailprotected]?[emailprotected] scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\msdtc.exe C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe C:\Program Files\RealVNC\VNC4\winvnc4.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\temp\HF359B.EXE C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\ComboFix\pv.cfexe . ********************************************************************** . Completion time: 2008-09-22 21:20:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-23 04:20:10 ComboFix2.txt 2008-09-23 03:55:25 ComboFix3.txt 2008-09-23 03:28:15 Pre-Run: 13,617,418,240 bytes free Post-Run: 13,606,670,336 bytes free 191--- E O F ---2008-09-11 06:49:48 Looks good. Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- Delete temporary files Go to: Start Run type: CLEANMGR.EXE Press Enter. . When prompted select the C: drive and click OK. Check the boxes for: Temporary Internet Files Downloaded Program Files Recycle Bin Temporary Files . Click OK or Enter** ---------- Run this online scan. Requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. ---------- Run a new HijackThis scan and post the log. Let me know how everything is now.ok, my eyes have gone blurry, will follow up in the morning, thanks for all your help tonight. will let you know.No problem, I'm about done for tonight as well.

Solve : Please help, I use my comp at work and hit by Antivirus 2008, all logs included?

Answer»

I have it too. I have already run through the entire "start here" post. I have attached the logs below.
I do use my computer for work, but i own it. There are some programs I need for work, specifically the VNC server, and Trend Micro Security Agent. I am very familiar with COMPUTERS and the Windows platform, though "Expert" may be a little over rated, I definitely fall closer to Expert than Familiar on your scale.
Here are the issues, as noted per item, some were resolved by the "start here" procedures which I have already run ALL of.
1. Started with a popup screen that said I needed to install "Antivirus 2008" etc. (remedied by the "start here" steps)
2. Desktop was changed to a blue boundary, with a centered image stating that I needed to install an antivirus software, and that two viruses or spy ware items were found. ALSO, upon attempting to change my desktop back, the tab in the properties for the desktop was not there. (remedied by the "start here" steps)
3. On opening: IE the home page was set to blank, and upon typing in a URL would report either no connection or website is busy. (has improved after running through "start here" steps, see next item)
4. Within Firefox: any anti virus website (any other websites connect just fine) that I tried to connect to (via typing in the URL or via links on a search engine) will redirect to any number of other pages, INCLUDING search engines or ads. The same links or URLs do not connect to the same redirected site each time they are clicked or typed in. After running all of the "start here" steps IE is now doing the same thing as Firefox.
I did have to run the SAS 2x's as my comp kept crashing in the middle, so there are two logs.
Here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/21/2008 at 10:55 AM

Application Version : 4.21.1004

Core Rules Database Version : 3575
Trace Rules Database Version: 1563

Scan type : Complete Scan
Total Scan Time : 00:30:50

Memory items scanned : 435
Memory threats detected : 1
Registry items scanned : 7581
Registry threats detected : 1
File items scanned : 29997
File threats detected : 39

Trojan.Dropper/SVCHost-Fake
C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE
[SVCHOST.EXE] C:\WINDOWS\SYSTEM32\DRIVERS\SVCHOST.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Julie\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Julie\Cookies\[emailprotected][1].txt
.overture.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
cache.trafficmp.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\cookies.txt ]

Rogue.AntiVirus 2008
C:\WINDOWS\SYSTEM32\PHCVHSJ0ERTQ.BMP
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/21/2008 at 12:31 PM

Application Version : 4.21.1004

Core Rules Database Version : 3575
Trace Rules Database Version: 1563

Scan type : Complete Scan
Total Scan Time : 01:08:47

Memory items scanned : 428
Memory threats detected : 0
Registry items scanned : 7557
Registry threats detected : 0
File items scanned : 124622
File threats detected : 1

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\WINDOWS\SYSTEM32\BLPHCVHSJ0ERTQ.SCR
Malwarebytes' Anti-Malware 1.28
Database version: 1188
Windows 5.1.2600 Service Pack 3

9/21/2008 1:04:30 PM
mbam-log-2008-09-21 (13-04-30).txt

Scan type: Quick Scan
Objects scanned: 51133
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhcrhsj0ertq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcvhsj0ertq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

Remaining log in following post, due to space constraints.Here is the remaining log file, thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:22 PM, on 9/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\TEMP\VVEDB5.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/petshophop/petshophopweb.1.0.0.15.cab
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} (CPlayFirstDreamChronControl Object) - http://download.playfirst.com/play/game/dreamchronicles2/dream2web.1.0.0.13.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10949 bytes

I would appreciate any help you can offer,
Thanks,
JulieHello Julienoel.

If you are still needing help please run a new HijackThis scan and post the log.

Thanks.Here is today's log file, yes i still need some assistance. I still cannot access any antivirus related web sites. the other issues have been resolved with the 5 steps, but this redirection thing is still hanging on.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:04 PM, on 9/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\TEMP\DX3B36.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://triad.local.triadfs.org:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} (CPlayFirstPetShopHopControl Object) - http://download.playfirst.com/play/game/petshophop/petshophopweb.1.0.0.15.cab
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} (CPlayFirstDreamChronControl Object) - http://download.playfirst.com/play/game/dreamchronicles2/dream2web.1.0.0.13.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10804 bytes
Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. http://rapidshare.com/files/147594550/ComboFix.exe.html

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.OK, here is the combo fix log, thanks for you response. I can open mcafee now! ANYTHING else i should do?

ComboFix 08-09-20.05 - Julie 2008-09-22 20:22:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.603 [GMT -7:00]
Running from: C:\Documents and Settings\Julie\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Julie\Application Data\inst.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\windows_update.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-21 20:45 . 2006-01-23 16:29106,496--a------C:\WINDOWS\system32\ssPlantasia.scr
2008-09-21 13:05 . 2008-09-21 13:0561,440--a------C:\WINDOWS\system32\drivers\islsep.sys
2008-09-21 12:49 . 2008-09-21 12:49d--------C:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-09-21 12:48 . 2008-09-21 12:50d--------C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 12:48 . 2008-09-21 12:48d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 12:48 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 12:48 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys
2008-09-20 23:30 . 2005-11-03 00:29163,840--a------C:\tmdbg20.dll
2008-09-20 23:30 . 2005-11-03 00:30127,049--a------C:\LogServer.exe
2008-09-20 22:52 . 2008-09-20 22:52d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\SUPERAntiSpyware
2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Documents and Settings\Julie\Application Data\SUPERAntiSpyware.com
2008-09-20 22:50 . 2008-09-20 22:5049--a------C:\OfcDebug.ini
2008-09-20 21:41 . 2008-09-20 23:29d--------C:\WINDOWS\SxsCaPendDel
2008-09-20 21:08 . 2008-09-21 11:21d--------C:\Program Files\Enigma Software Group
2008-09-20 19:50 . 2008-09-20 19:50d--------C:\Program Files\CCleaner
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\scripting
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\en
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\bits
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\l2schemas
2008-09-03 08:58 . 2008-09-03 08:58d--------C:\WINDOWS\ServicePackFiles
2008-09-02 09:18 . 2008-09-02 09:18d--------C:\WINDOWS\Twain32
2008-09-01 19:33 . 2008-09-17 22:32d--------C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-09-01 13:55 . 2008-09-01 17:22d--------C:\Program Files\Plantasia_at
2008-09-01 00:23 . 2008-09-01 00:23d--------C:\Program Files\ReflexiveArcade
2008-08-31 23:17 . 2008-09-19 21:46d-a------C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-26 12:30 . 2008-08-26 14:54d--------C:\Program Files\MSECache
2008-08-25 00:40 . 2008-08-25 00:40268--ah-----C:\sqmdata13.sqm
2008-08-25 00:40 . 2008-08-25 00:40244--ah-----C:\sqmnoopt13.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 20:27---------d-----wC:\Program Files\Trend Micro
2008-09-21 20:23---------d-----wC:\Program Files\Java
2008-09-21 04:42---------d-----wC:\Program Files\WildTangent
2008-09-20 15:21---------d--h--wC:\Program Files\InstallShield Installation Information
2008-09-20 15:21---------d-----wC:\Program Files\NetWaiting
2008-09-20 07:37---------d-----wC:\Program Files\Yahoo! Games
2008-09-20 07:37---------d-----wC:\Program Files\Buildcity
2008-09-19 05:27---------d-----wC:\Documents and Settings\All Users\Application Data\HipSoft
2008-09-13 03:12---------d--h--wC:\Documents and Settings\Julie\Application Data\Move Networks
2008-09-12 04:01---------d-----wC:\Documents and Settings\Julie\Application Data\PlayFirst
2008-09-11 06:11---------d-----wC:\Program Files\PlayFirst
2008-09-05 04:21---------d-----wC:\Documents and Settings\Julie\Application Data\Mind Control Software
2008-09-03 18:15---------d-----wC:\Program Files\MSN Messenger
2008-09-02 00:230----a-wC:\Program Files\temp01
2008-07-19 05:1094,920----a-wC:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 05:1094,920----a-wC:\WINDOWS\system32\cdm.dll
2008-07-19 05:1053,448----a-wC:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:1053,448----a-wC:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 05:1045,768----a-wC:\WINDOWS\system32\wups2.dll
2008-07-19 05:1036,552----a-wC:\WINDOWS\system32\wups.dll
2008-07-19 05:1036,552----a-wC:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 05:09563,912----a-wC:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09563,912----a-wC:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 05:09325,832----a-wC:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09325,832----a-wC:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 05:09205,000----a-wC:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09205,000----a-wC:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 05:091,811,656----a-wC:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:091,811,656----a-wC:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:26253,952----a-wC:\WINDOWS\system32\es.dll
2008-07-07 20:26253,952------wC:\WINDOWS\system32\dllcache\es.dll
2008-06-25 01:12295,936------wC:\WINDOWS\system32\wmpeffects.dll
2008-06-24 17:573,592,192----a-wC:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-24 16:4374,240----a-wC:\WINDOWS\system32\mscms.dll
2008-06-24 16:4374,240------wC:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:2070,656------wC:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20625,664------wC:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:2013,824------wC:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-18 17:19774,144----a-wC:\Program Files\RngInterstitial.dll
2007-07-21 05:5547,360----a-wC:\Documents and Settings\Julie\Application Data\pcouffin.sys
2007-03-06 23:240----a-wC:\Documents and Settings\Julie\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-13 143360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-11-03 372813]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 77824]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024]
"MsmqIntCert"="mqrt.dll" [2008-04-13 C:\WINDOWS\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP40"= SP40_32.DLL
"VIDC.SP41"= SP4X_32.DLL
"VIDC.SP42"= SP4X_32.DLL
"VIDC.SP43"= SP4X_32.DLL
"VIDC.SP44"= SP4X_32.DLL
"VIDC.SP45"= SP4X_32.DLL
"VIDC.SP46"= SP4X_32.DLL
"VIDC.SP47"= SP4X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

S3 ACRUSBTM;ACRUSBTM;C:\WINDOWS\system32\drivers\ACRUSBTM.SYS [2007-08-02 28672]
S3 AVC1100;Adaptec AVC-1100 Video Capture;C:\WINDOWS\system32\DRIVERS\CA506AV.SYS [2002-07-21 175042]
S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);C:\WINDOWS\system32\drivers\ca506aaf.sys [2002-07-21 14273]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Julie\Application Data\Mozilla\Firefox\Profiles\lcymk3vp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://my.yahoo.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 20:26:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe?[emailprotected]? ?^???`[emailprotected]?[emailprotected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv.sys"
.
Completion time: 2008-09-22 20:28:14
ComboFix-quarantined-files.txt 2008-09-23 03:28:10

Pre-Run: 13,698,949,120 bytes free
Post-Run: 13,755,367,424 bytes free

205--- E O F ---2008-09-11 06:49:48
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

File::
C:\WINDOWS\system32\drivers\islsep.sys
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm

Registry::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]
"imagepath"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeok, here is the latest log file from combofix. Anything else?

ComboFix 08-09-20.05 - Julie 2008-09-22 20:45:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.630 [GMT -7:00]
Running from: C:\Documents and Settings\Julie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Julie\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\WINDOWS\system32\drivers\islsep.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\WINDOWS\system32\drivers\islsep.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv

((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-21 20:45 . 2006-01-23 16:29106,496--a------C:\WINDOWS\system32\ssPlantasia.scr
2008-09-21 12:49 . 2008-09-21 12:49d--------C:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-09-21 12:48 . 2008-09-21 12:50d--------C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 12:48 . 2008-09-21 12:48d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 12:48 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 12:48 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys
2008-09-20 23:30 . 2005-11-03 00:29163,840--a------C:\tmdbg20.dll
2008-09-20 23:30 . 2005-11-03 00:30127,049--a------C:\LogServer.exe
2008-09-20 22:52 . 2008-09-20 22:52d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\SUPERAntiSpyware
2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Documents and Settings\Julie\Application Data\SUPERAntiSpyware.com
2008-09-20 22:50 . 2008-09-20 22:5049--a------C:\OfcDebug.ini
2008-09-20 21:41 . 2008-09-20 23:29d--------C:\WINDOWS\SxsCaPendDel
2008-09-20 21:08 . 2008-09-21 11:21d--------C:\Program Files\Enigma Software Group
2008-09-20 19:50 . 2008-09-20 19:50d--------C:\Program Files\CCleaner
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\scripting
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\en
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\bits
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\l2schemas
2008-09-03 08:58 . 2008-09-03 08:58d--------C:\WINDOWS\ServicePackFiles
2008-09-02 09:18 . 2008-09-02 09:18d--------C:\WINDOWS\Twain32
2008-09-01 19:33 . 2008-09-17 22:32d--------C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-09-01 13:55 . 2008-09-01 17:22d--------C:\Program Files\Plantasia_at
2008-09-01 00:23 . 2008-09-01 00:23d--------C:\Program Files\ReflexiveArcade
2008-08-31 23:17 . 2008-09-19 21:46d-a------C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-26 12:30 . 2008-08-26 14:54d--------C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 20:27---------d-----wC:\Program Files\Trend Micro
2008-09-21 20:23---------d-----wC:\Program Files\Java
2008-09-21 04:42---------d-----wC:\Program Files\WildTangent
2008-09-20 15:21---------d--h--wC:\Program Files\InstallShield Installation Information
2008-09-20 15:21---------d-----wC:\Program Files\NetWaiting
2008-09-20 07:37---------d-----wC:\Program Files\Yahoo! Games
2008-09-20 07:37---------d-----wC:\Program Files\Buildcity
2008-09-19 05:27---------d-----wC:\Documents and Settings\All Users\Application Data\HipSoft
2008-09-13 03:12---------d--h--wC:\Documents and Settings\Julie\Application Data\Move Networks
2008-09-12 04:01---------d-----wC:\Documents and Settings\Julie\Application Data\PlayFirst
2008-09-11 06:11---------d-----wC:\Program Files\PlayFirst
2008-09-05 04:21---------d-----wC:\Documents and Settings\Julie\Application Data\Mind Control Software
2008-09-03 18:15---------d-----wC:\Program Files\MSN Messenger
2008-09-02 00:230----a-wC:\Program Files\temp01
2007-10-18 17:19774,144----a-wC:\Program Files\RngInterstitial.dll
2007-07-21 05:5547,360----a-wC:\Documents and Settings\Julie\Application Data\pcouffin.sys
2007-03-06 23:240----a-wC:\Documents and Settings\Julie\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( [emailprotected]_20.27.46.91 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 03:02:28163,328----a-wC:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-11-03 07:30:32172,099----a-wC:\WINDOWS\temp\RV2FF6.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-13 143360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-11-03 372813]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 77824]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024]
"MsmqIntCert"="mqrt.dll" [2008-04-13 C:\WINDOWS\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP40"= SP40_32.DLL
"VIDC.SP41"= SP4X_32.DLL
"VIDC.SP42"= SP4X_32.DLL
"VIDC.SP43"= SP4X_32.DLL
"VIDC.SP44"= SP4X_32.DLL
"VIDC.SP45"= SP4X_32.DLL
"VIDC.SP46"= SP4X_32.DLL
"VIDC.SP47"= SP4X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

S3 ACRUSBTM;ACRUSBTM;C:\WINDOWS\system32\drivers\ACRUSBTM.SYS [2007-08-02 28672]
S3 AVC1100;Adaptec AVC-1100 Video Capture;C:\WINDOWS\system32\DRIVERS\CA506AV.SYS [2002-07-21 175042]
S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);C:\WINDOWS\system32\drivers\ca506aaf.sys [2002-07-21 14273]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 20:49:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe?[emailprotected]? ?^???`[emailprotected]?[emailprotected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\temp\RV2FF6.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-22 20:55:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-23 03:55:19
ComboFix2.txt 2008-09-23 03:28:15

Pre-Run: 13,733,888,000 bytes free
Post-Run: 13,638,041,600 bytes free

203--- E O F ---2008-09-11 06:49:48
Chipping away.....

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Driver::
TDSSserv
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC and run the tool again to ensure everything has been removed.
Delete Nortonremoval tool from your Desktop.

Here's the latest. this sure beats editing registries by hand, thats how i got rid of the last one, or tried to.

ComboFix 08-09-20.05 - Julie 2008-09-22 21:09:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.636 [GMT -7:00]
Running from: C:\Documents and Settings\Julie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Julie\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-21 20:45 . 2006-01-23 16:29106,496--a------C:\WINDOWS\system32\ssPlantasia.scr
2008-09-21 12:49 . 2008-09-21 12:49d--------C:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-09-21 12:48 . 2008-09-21 12:50d--------C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 12:48 . 2008-09-21 12:48d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 12:48 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 12:48 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys
2008-09-20 23:30 . 2005-11-03 00:29163,840--a------C:\tmdbg20.dll
2008-09-20 23:30 . 2005-11-03 00:30127,049--a------C:\LogServer.exe
2008-09-20 22:52 . 2008-09-20 22:52d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\SUPERAntiSpyware
2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Program Files\Common Files\Wise Installation Wizard
2008-09-20 22:51 . 2008-09-20 22:51d--------C:\Documents and Settings\Julie\Application Data\SUPERAntiSpyware.com
2008-09-20 22:50 . 2008-09-20 22:5049--a------C:\OfcDebug.ini
2008-09-20 21:41 . 2008-09-20 23:29d--------C:\WINDOWS\SxsCaPendDel
2008-09-20 21:08 . 2008-09-21 11:21d--------C:\Program Files\Enigma Software Group
2008-09-20 19:50 . 2008-09-20 19:50d--------C:\Program Files\CCleaner
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\scripting
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\en
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\system32\bits
2008-09-03 09:02 . 2008-09-03 09:02d--------C:\WINDOWS\l2schemas
2008-09-03 08:58 . 2008-09-03 08:58d--------C:\WINDOWS\ServicePackFiles
2008-09-02 09:18 . 2008-09-02 09:18d--------C:\WINDOWS\Twain32
2008-09-01 19:33 . 2008-09-17 22:32d--------C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-09-01 13:55 . 2008-09-01 17:22d--------C:\Program Files\Plantasia_at
2008-09-01 00:23 . 2008-09-01 00:23d--------C:\Program Files\ReflexiveArcade
2008-08-31 23:17 . 2008-09-19 21:46d-a------C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-26 12:30 . 2008-08-26 14:54d--------C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 20:27---------d-----wC:\Program Files\Trend Micro
2008-09-21 20:23---------d-----wC:\Program Files\Java
2008-09-21 04:42---------d-----wC:\Program Files\WildTangent
2008-09-20 15:21---------d--h--wC:\Program Files\InstallShield Installation Information
2008-09-20 15:21---------d-----wC:\Program Files\NetWaiting
2008-09-20 07:37---------d-----wC:\Program Files\Yahoo! Games
2008-09-20 07:37---------d-----wC:\Program Files\Buildcity
2008-09-19 05:27---------d-----wC:\Documents and Settings\All Users\Application Data\HipSoft
2008-09-13 03:12---------d--h--wC:\Documents and Settings\Julie\Application Data\Move Networks
2008-09-12 04:01---------d-----wC:\Documents and Settings\Julie\Application Data\PlayFirst
2008-09-11 06:11---------d-----wC:\Program Files\PlayFirst
2008-09-05 04:21---------d-----wC:\Documents and Settings\Julie\Application Data\Mind Control Software
2008-09-03 18:15---------d-----wC:\Program Files\MSN Messenger
2008-09-02 00:230----a-wC:\Program Files\temp01
2007-10-18 17:19774,144----a-wC:\Program Files\RngInterstitial.dll
2007-07-21 05:5547,360----a-wC:\Documents and Settings\Julie\Application Data\pcouffin.sys
2007-03-06 23:240----a-wC:\Documents and Settings\Julie\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( [emailprotected]_20.27.46.91 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 03:02:28163,328----a-wC:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-11-03 07:30:32172,099----a-wC:\WINDOWS\temp\HF359B.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-13 143360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-11-03 372813]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 77824]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [2007-04-19 149024]
"MsmqIntCert"="mqrt.dll" [2008-04-13 C:\WINDOWS\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP40"= SP40_32.DLL
"VIDC.SP41"= SP4X_32.DLL
"VIDC.SP42"= SP4X_32.DLL
"VIDC.SP43"= SP4X_32.DLL
"VIDC.SP44"= SP4X_32.DLL
"VIDC.SP45"= SP4X_32.DLL
"VIDC.SP46"= SP4X_32.DLL
"VIDC.SP47"= SP4X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

S3 ACRUSBTM;ACRUSBTM;C:\WINDOWS\system32\drivers\ACRUSBTM.SYS [2007-08-02 28672]
S3 AVC1100;Adaptec AVC-1100 Video Capture;C:\WINDOWS\system32\DRIVERS\CA506AV.SYS [2002-07-21 175042]
S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);C:\WINDOWS\system32\drivers\ca506aaf.sys [2002-07-21 14273]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 21:14:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [3148] 0x86086BC0

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe?[emailprotected]? ?^???`[emailprotected]?[emailprotected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\temp\HF359B.EXE
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-22 21:20:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-23 04:20:10
ComboFix2.txt 2008-09-23 03:55:25
ComboFix3.txt 2008-09-23 03:28:15

Pre-Run: 13,617,418,240 bytes free
Post-Run: 13,606,670,336 bytes free

191--- E O F ---2008-09-11 06:49:48

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Delete temporary files

Go to:

Start
Run
type: CLEANMGR.EXE
Press Enter.

.
When prompted select the C: drive and click OK.
Check the boxes for:

Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files

.
Click OK or Enter

----------

Run this online scan. Requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

----------

Run a new HijackThis scan and post the log.

Let me know how everything is now.ok, my eyes have gone blurry, will follow up in the morning, thanks for all your help tonight. will let you know.No problem, I'm about done for tonight as well.

Solve : Please help, I use my comp at work and hit by Antivirus 2008, all logs included?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment