[Resolved] search setting 1.21 reinstallation

shengxian · 30th July 2009

thanks for replying my post.
Just a few minutes ago, i clear the temporary folder and i accidentally deleted some files. Later, whenever i tried to open a folder or open a site, the computer will require me to reinstall search setting 1.21,when i press the button ' install' it leads me to somewhere where the file is missing and cant successfully installed. when i press 'cancel', it pops something out asking me if i wan to continue or cancel. Pressing continue will close all my browsers but pressing cancel for a few times will let me continue browsing.

here is my dds. log

DDS (Ver_09-06-26.01) - FAT32x86
Run by acer at 16:07:59.32 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.131 [GMT 8:00]

AV: Norton AntiVirus 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\UBSACC90\NETWORK\USB\USBLAN_Ldr.EXE
C:\UBSACC90\NETWORK\USB\UsbServer2K.EXE
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Program Files\Windows Live Messenger Khalid Edition v5.1\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\DOCUME~1\acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe

please let me know if i need to attack or post the attach.log
And i am sorry because my knowledge about windows is very limit. Please help me with phrases i can understand. thank you very much.. u really saved me for solving my problem

P.S can i post more questions on the same thread?

**Arie** · 30th July 2009

Quote:

Originally Posted by shengxian

P.S can i post more questions on the same thread?

No, each problem/question has to be addressed separately in the correct forum.

shengxian · 30th July 2009

ok thanks.
May i ask if u have any solution for this matter?

**Arie** · 30th July 2009

As posted in our Malware Instructions

Quote:

Please be patient when waiting for a response. Do NOT bump your topic! We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump. If it has been seven days or more without a response, please PM a moderator or Admin with a link to your New Topic.

**broni** · 31st July 2009

Quote:

the computer will require me to reinstall search setting 1.21

Is it some kind of program, you're familiar with, or you have no clue what that is?

Your DDS log is incomplete. Please, repost.

shengxian · 31st July 2009

i'm sorry.
i just know this name the first time. Then i just realise its sometings related to open browser or documents.

DDS (Ver_09-06-26.01) - FAT32x86
Run by acer at 16:07:59.32 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.131 [GMT 8:00]

AV: Norton AntiVirus 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\UBSACC90\NETWORK\USB\USBLAN_Ldr.EXE
C:\UBSACC90\NETWORK\USB\UsbServer2K.EXE
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Program Files\Windows Live Messenger Khalid Edition v5.1\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\DOCUME~1\acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\acer\My Documents\Downloads\Programs\avg_avwt_stb_all_8_30.exe
C:\DOCUME~1\acer\LOCALS~1\Temp\7zS10.tmp\stub.exe
C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\acer\My Documents\Downloads\Programs\dds.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DriverUpdaterPro] c:\program files\xpc tools\driver updater pro\DriverUpdaterPro.exe -t
uRun: [msnmsgr] "c:\program files\windows live messenger khalid edition v5.1\msnmsgr.exe" /background
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [LaunchApp] Alaunch
mRun: [SkyTel] SkyTel.EXE
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Google IME Autoupdater] "c:\program files\google\google pinyin\GooglePinyinDaemon.exe"
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\acer\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {8A5C5CD7-ACCB-4AD9-8AB6-0A05B07F35EC} = 202.188.0.133,202.188.1.5
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\acer\applic~1\mozilla\firefox\profiles\o8w3og9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://apps.facebook.com/inthemafia/index.php?xw_controller=index&xw_action=view|http://apps.facebook.com/piratesrule...ewpro&uid=6692
FF - prefs.js: keyword.URL - hxxp://mye.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_mye&p=
FF - component: c:\documents and settings\acer\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\mozilla firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dl l
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-12-6 6656]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2003-4-23 107102]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2003-4-18 36463]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 USBLAN_Ldr;USBLAN_Ldr;c:\ubsacc90\network\usb\usblan_ldr.exe [2007-5-10 40960]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [2007-5-31 39936]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-6-20 1097728]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [2003-6-24 17920]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-1 1119888]

=============== Created Last 30 ================

2009-07-30 15:36 <DIR> --d----- c:\docume~1\acer\applic~1\AVG8
2009-07-30 15:27 <DIR> --d----- c:\windows\system32\Lang
2009-07-30 15:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Messenger Plus!
2009-07-30 15:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-07-28 21:59 27 a------- c:\windows\AdvConfig.ini
2009-07-28 20:38 <DIR> --d----- c:\windows\pss
2009-07-27 14:23 <DIR> --d----- c:\docume~1\acer\applic~1\Kingsoft
2009-07-27 14:21 <DIR> --d----- c:\program files\PowerWord 2006
2009-07-27 14:21 <DIR> --d----- c:\program files\common files\Kingsoft
2009-07-27 13:11 <DIR> --d----- c:\docume~1\acer\applic~1\IDM
2009-07-27 13:11 <DIR> --d----- c:\docume~1\acer\applic~1\DMCache
2009-07-27 13:11 <DIR> --d----- c:\program files\Internet Download Manager
2009-07-20 15:05 <DIR> --d----- c:\program files\common files\xing shared
2009-07-20 14:41 <DIR> --d----- c:\docume~1\acer\applic~1\Search Settings
2009-07-19 20:53 408,576 a------- c:\windows\system32\Smab.dll
2009-07-19 20:53 719,872 a------- c:\windows\system32\devil.dll
2009-07-19 20:53 318,976 a------- c:\windows\system32\avisynth.dll
2009-07-19 20:53 66,560 a------- c:\windows\MOTA113.exe
2009-07-19 20:53 27,648 a------- c:\windows\system32\AVSredirect.dll
2009-07-19 20:53 70,656 a------- c:\windows\system32\yv12vfw.dll
2009-07-19 20:53 70,656 a------- c:\windows\system32\i420vfw.dll
2009-07-19 20:53 240,128 a------- c:\windows\system32\x.264.exe
2009-07-19 20:53 502,784 a------- c:\windows\x2.64.exe
2009-07-19 20:53 217,073 a------- c:\windows\meta4.exe
2009-07-19 20:53 <DIR> --d----- c:\program files\AviSynth 2.5
2009-07-19 20:52 <DIR> --d----- c:\program files\eRightSoft
2009-07-19 20:47 <DIR> --d----- c:\program files\GRETECH
2009-07-19 18:43 <DIR> --d----- c:\docume~1\acer\applic~1\URSoft
2009-07-19 18:38 <DIR> --d----- c:\program files\Search Settings
2009-07-18 14:48 <DIR> --dsh--- c:\documents and settings\acer\IECompatCache
2009-07-18 14:47 <DIR> --dsh--- c:\documents and settings\acer\PrivacIE
2009-07-18 14:43 <DIR> --dsh--- c:\documents and settings\acer\IETldCache
2009-07-18 11:49 <DIR> --d----- c:\windows\ie8updates
2009-07-18 11:47 <DIR> --d-h--- c:\windows\ie8
2009-07-09 12:45 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 12:43 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 12:43 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 12:42 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-09 12:42 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-09 12:40 <DIR> --d----- c:\docume~1\acer\applic~1\BitTorrent
2009-07-09 12:39 <DIR> --d----- c:\program files\BitTorrent
2009-07-05 22:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-05 16:39 268 a---h--- C:\sqmdata01.sqm
2009-07-05 16:39 244 a---h--- C:\sqmnoopt01.sqm
2009-07-04 14:35 268 a---h--- C:\sqmdata00.sqm
2009-07-04 14:35 244 a---h--- C:\sqmnoopt00.sqm
2009-07-04 11:38 3,099,996 a------- c:\windows\system32\GameMon.des
2009-07-04 11:38 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-07-04 11:38 4,682 a------- c:\windows\system32\npptNT2.sys
2009-07-04 11:38 <DIR> --d----- c:\program files\common files\INCA Shared
2009-07-04 11:10 <DIR> --d----- c:\program files\DNA
2009-07-04 11:10 <DIR> --d----- c:\docume~1\acer\applic~1\DNA
2009-07-04 11:10 <DIR> --d----- c:\program files\AskBarDis
2009-07-04 10:10 <DIR> --d----- c:\documents and settings\acer\Contacts
2009-07-04 10:10 <DIR> --d----- c:\program files\Windows Live Messenger Khalid Edition v5.1
2009-07-03 20:56 <DIR> --d----- c:\program files\FormatFactory
2009-07-02 19:57 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-02 19:57 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-02 19:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-02 19:57 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-06-14 23:21 60,273 a------- c:\windows\system32\pthreadGC2.dll
2009-05-13 13:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 13:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 13:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2008-03-21 18:46 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-05-03 17:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 18:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2007-12-17 20:43 27,648 ---sh--- c:\windows\system32\Smab0.dll

============= FINISH: 16:08:18.39 ===============

**broni** · 1st August 2009

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

Download HijackThis:
http://www.trendsecure.com/portal/en...kthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

shengxian · 1st August 2009

excuse me sir.
can u reassure me that every posts allowed by moderator are not scammers'.
please excuse my suspicions because this is internet. thank you

When i run Combofix, it alert me with the presence of norton anti-virus in my laptop while i never know i had have it.
Please kindly tell me what should i do.
Every guidance of yours are very much appreciated by me, who is frustrated to these problems

**broni** · 1st August 2009

Quote:

can u reassure me that every posts allowed by moderator are not scammers'.

Only Staff members, and Malware Analysts are allowed to reply here. Nothing to worry about

Quote:

When i run Combofix, it alert me with the presence of norton anti-virus in my laptop while i never know i had have it.

Thanks for asking. Most likely, some registry leftovers. Disregard warning about Norton.

shengxian · 4th August 2009

hey, sir.
after i run the Combofix, that problem doesnt pop out again. i wonder if it is fixed.
By the way, thank you very much

**broni** · 5th August 2009

Nah, it doesn't work that way. I need to see Combofix, and HJT logs.

shengxian · 7th August 2009

ok. thanks

here it is

ComboFix 09-07-31.04 - acer 08/03/2009 23:29.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.224 [GMT 8:00]
Running from: c:\documents and settings\acer\My Documents\Downloads\Programs\ComboFix.exe
AV: Norton AntiVirus 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\acer\Desktop\STORE\Warcraft III on 10.0.0.8\BN\_desktop.ini
c:\documents and settings\acer\Desktop\STORE\Warcraft III on 10.0.0.8\Maps\FrozenThrone\Scenario\_desktop.ini
c:\documents and settings\acer\Desktop\STORE\Warcraft III on 10.0.0.8\Maps\gamedge\gamedge\_desktop.ini
c:\documents and settings\acer\Desktop\STORE\Warcraft III on 10.0.0.8\save\Multiplayer\_desktop.ini
c:\documents and settings\acer\Desktop\STORE\Warcraft III on 10.0.0.8\save\Profile1\_desktop.ini
c:\documents and settings\acer\Desktop\STORE\Warcraft III on 10.0.0.8\Screenshots\_desktop.ini
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\Temp\log.txt
D:\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 12:56 . 2009-08-03 12:56 -------- d-----w- c:\program files\iPod
2009-08-03 12:56 . 2009-08-03 12:56 -------- d-----w- c:\program files\iTunes
2009-08-03 12:54 . 2009-08-03 12:54 -------- d-----w- c:\program files\QuickTime
2009-08-03 12:54 . 2009-08-03 12:54 -------- d-----w- c:\program files\Common Files\Apple
2009-08-03 09:20 . 2009-08-03 09:20 188 ----a-w- c:\windows\system32\eDataSecurity.dat
2009-07-30 13:59 . 2008-12-11 00:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-30 13:59 . 2009-04-03 03:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-30 13:59 . 2008-12-18 04:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-30 13:59 . 2009-07-30 13:59 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-30 13:59 . 2008-12-10 03:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-30 13:59 . 2009-07-30 13:59 -------- d-----w- c:\program files\Spyware Doctor
2009-07-30 13:59 . 2009-07-30 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-07-30 13:59 . 2009-07-30 13:59 -------- d-----w- c:\documents and settings\acer\Application Data\PC Tools
2009-07-30 12:57 . 2009-07-30 12:57 -------- d-----w- c:\windows\system32\Lang
2009-07-30 12:57 . 2009-07-30 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-30 12:57 . 2009-07-30 12:57 -------- d-----w- c:\documents and settings\acer\Application Data\AVG8
2009-07-30 12:56 . 2009-07-30 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-27 06:23 . 2009-07-27 06:23 -------- d-----w- c:\documents and settings\acer\Application Data\Kingsoft
2009-07-27 05:11 . 2009-07-27 05:11 120240 ----a-w- c:\documents and settings\acer\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-07-27 05:11 . 2009-07-27 05:11 -------- d-----w- c:\documents and settings\acer\Application Data\IDM
2009-07-27 05:11 . 2009-07-27 05:11 -------- d-----w- c:\documents and settings\acer\Application Data\DMCache
2009-07-27 05:11 . 2009-07-27 05:11 -------- d-----w- c:\program files\Internet Download Manager
2009-07-25 00:25 . 2009-07-05 14:21 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-20 07:05 . 2009-07-20 07:05 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-20 06:41 . 2009-07-20 06:41 -------- d-----w- c:\documents and settings\acer\Application Data\Search Settings
2009-07-19 12:53 . 2008-02-07 08:15 408576 ----a-w- c:\windows\system32\Smab.dll
2009-07-19 12:53 . 2004-02-22 02:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-07-19 12:53 . 2007-05-17 09:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-07-19 12:53 . 2006-04-05 00:09 66560 ----a-w- c:\windows\MOTA113.exe
2009-07-19 12:53 . 2005-07-14 04:31 27648 ----a-w- c:\windows\system32\AVSredirect.dll
2009-07-19 12:53 . 2004-01-24 16:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-07-19 12:53 . 2004-01-24 16:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-07-19 12:53 . 2005-02-28 05:16 240128 ----a-w- c:\windows\system32\x.264.exe
2009-07-19 12:53 . 2006-10-07 09:43 502784 ----a-w- c:\windows\x2.64.exe
2009-07-19 12:53 . 2006-04-12 01:47 217073 ----a-w- c:\windows\meta4.exe
2009-07-19 12:53 . 2006-08-01 03:53 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-19 12:52 . 2007-12-17 12:43 27648 --sh--w- c:\windows\system32\Smab0.dll
2009-07-19 12:52 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-07-19 12:52 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-07-19 12:52 . 2009-07-19 12:52 -------- d-----w- c:\program files\eRightSoft
2009-07-19 12:49 . 2009-07-19 12:49 -------- d-----w- c:\documents and settings\acer\Application Data\GRETECH
2009-07-19 12:47 . 2009-07-19 12:47 -------- d-----w- c:\program files\GRETECH
2009-07-19 11:12 . 2009-07-19 11:12 -------- d-----w- c:\documents and settings\acer\Application Data\Media Player Classic
2009-07-19 10:43 . 2009-07-19 10:43 -------- d-----w- c:\documents and settings\acer\Application Data\URSoft
2009-07-19 10:43 . 2009-07-19 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-18 06:48 . 2009-07-18 06:49 -------- d-sh--w- c:\documents and settings\acer\IECompatCache
2009-07-18 06:47 . 2009-07-18 06:47 -------- d-sh--w- c:\documents and settings\acer\PrivacIE
2009-07-18 06:45 . 2009-07-18 06:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-18 06:43 . 2009-07-18 06:43 -------- d-sh--w- c:\documents and settings\acer\IETldCache
2009-07-18 03:49 . 2009-07-18 03:49 -------- d-----w- c:\windows\ie8updates
2009-07-18 03:47 . 2009-07-18 03:47 -------- d--h--w- c:\windows\ie8
2009-07-18 03:46 . 2009-07-18 03:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-17 09:16 . 2009-07-17 09:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-09 04:45 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-07-09 04:43 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-09 04:43 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-09 04:42 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-07-09 04:42 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-07-09 04:40 . 2009-07-09 04:40 -------- d-----w- c:\documents and settings\acer\Application Data\BitTorrent
2009-07-09 04:39 . 2009-07-09 04:39 -------- d-----w- c:\program files\BitTorrent
2009-07-05 14:21 . 2009-07-05 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 15:37 . 2006-08-01 09:01 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-27 08:58 . 2006-12-06 22:15 87440 ----a-w- c:\documents and settings\acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 06:21 . 2009-07-27 06:21 -------- d-----w- c:\program files\PowerWord 2006
2009-07-27 06:21 . 2009-07-27 06:21 -------- d-----w- c:\program files\Common Files\Kingsoft
2009-07-04 03:38 . 2009-07-04 03:38 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-04 03:10 . 2009-07-04 03:10 -------- d-----w- c:\program files\DNA
2009-07-04 03:10 . 2009-07-04 03:10 -------- d-----w- c:\documents and settings\acer\Application Data\DNA
2009-07-04 03:10 . 2009-07-04 03:10 -------- d-----w- c:\program files\AskBarDis
2009-07-04 02:10 . 2009-07-04 02:10 -------- d-----w- c:\program files\Windows Live Messenger Khalid Edition v5.1
2009-07-03 12:56 . 2009-07-03 12:56 -------- d-----w- c:\program files\FormatFactory
2009-07-02 11:57 . 2009-07-02 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-02 11:57 . 2009-07-02 11:57 -------- d-----w- c:\program files\Bonjour
2009-07-02 11:56 . 2009-07-02 11:56 -------- d-----w- c:\program files\Apple Software Update
2009-07-02 11:55 . 2009-07-02 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-14 15:21 . 2009-06-14 15:21 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-05-13 05:15 . 2006-01-09 03:08 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 15:56 . 2009-07-08 15:22 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-05-03 09:06 . 2009-07-19 12:52 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-07-19 12:52 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 12:43 . 2009-07-19 12:52 27648 --sh--w- c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"msnmsgr"="c:\program files\Windows Live Messenger Khalid Edition v5.1\msnmsgr.exe" [2009-07-04 5675376]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-07-04 342848]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-07-27 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-05-17 151552]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-21 144784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-11 32768]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 53248]
"Google IME Autoupdater"="c:\program files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-10-17 308720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-20 198160]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-06-12 1181576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-07-19 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-19 16248320]

c:\documents and settings\acer\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2006-12-6 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-6-29 45056]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxs ervice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcore service]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\PowerWord 2006\\XDICT.EXE"=
"c:\\Program Files\\Windows Live Messenger Khalid Edition v5.1\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/30/2009 9:59 PM 130936]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [4/23/2003 8:15 PM 107102]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [4/18/2003 1:45 PM 36463]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 5:00 AM 14336]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/30/2009 9:59 PM 348752]
R2 USBLAN_Ldr;USBLAN_Ldr;c:\ubsacc90\NETWORK\USB\usblan_ldr.exe [5/10/2007 7:36 PM 40960]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 3:55 PM 39424]
S3 LTower;LEGO USB Tower Driver;c:\windows\system32\drivers\LTower.sys [5/31/2007 8:39 AM 39936]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [6/20/2006 3:20 AM 1097728]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [6/24/2003 6:41 PM 17920]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-08-03 c:\windows\Tasks\User_Feed_Synchronization-{67906372-F73E-4E7F-B2DD-39B1F643450E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 20:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {8A5C5CD7-ACCB-4AD9-8AB6-0A05B07F35EC} = 202.188.0.133,202.188.1.5
FF - ProfilePath - c:\documents and settings\acer\Application Data\Mozilla\Firefox\Profiles\o8w3og9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://apps.facebook.com/inthemafia/index.php?xw_controller=index&xw_action=view|http://apps.facebook.com/piratesrule...ewpro&uid=6692
FF - prefs.js: keyword.URL - hxxp://mye.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_mye&p=
FF - component: c:\documents and settings\acer\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dl l
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 23:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1816)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\browselc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wdfmgr.exe
c:\ubsacc90\NETWORK\USB\UsbServer2K.EXE
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\nipalsm.exe
c:\windows\system32\wscntfy.exe
c:\docume~1\acer\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-03 23:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 15:44

Pre-Run: 5,273,010,176 bytes free
Post-Run: 5,739,970,560 bytes free

320 --- E O F --- 2008-04-07 04:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:15 AM, on 8/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\UBSACC90\NETWORK\USB\USBLAN_Ldr.EXE
C:\UBSACC90\NETWORK\USB\UsbServer2K.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live Messenger Khalid Edition v5.1\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live Messenger Khalid Edition v5.1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/downlo...BundleId=19588
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A5C5CD7-ACCB-4AD9-8AB6-0A05B07F35EC}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: USBLAN_Ldr - McAMOS TECHNOLOGY CORP - C:\UBSACC90\NETWORK\USB\USBLAN_Ldr.EXE

--
End of file - 10463 bytes

**broni** · 7th August 2009

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.

Now, since Norton is not your current security program, then you don't have any antivirus program installed.
Download, and run Norton Removal Tool: http://service1.symantec.com/Support...05033108162039

Download, and install one of these...

- Avira free antivirus: http://www.free-av.com/en/download/1...antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free PC Tools Antivirus: http://www.pctools.com/free-antivirus/
- free PC Tools Firewall Plus: http://www.pctools.com/firewall/

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use PC Tools Firewall Plus, or Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

After installation, update the program, run full scan. Report on any findings.

Post fresh HJT log.

shengxian · 8th August 2009

can i use kaspersky?
downloaded following youtube

**broni** · 8th August 2009

Quote:

downloaded following youtube

??...