Active Computer cannot access any antivirus related websites

rgvsdigitalpimp · 2009/12/08

[Active] Computer cannot access any antivirus related websites

Hello guys. Im glad I ran into this message board while searching for an answer. I work with computers so I have a somewhat broad knowledge about them. Im currently not able to view any websites related to anti-virus software. I cant update Malwarebytes or hit any sites such as McAffee or Norton. My computer has been running fine so I didnt scan for anything until this happened. Malwarebytes found about 9 Conficker infections in the Windows\System32 folder. The files had .tmp extensions on them. I cleaned them, restarted PC and same problem. I scanned again and it found another .tmp file with conficker. I checked my HOSTS file and dont see any redirects in there. I ran Hijack this and didn't see anything unusual in there. As far as antivirus I currently have a software called Immunet Project (a cloud based antivirus solution which must be online to protect). Im posting the logs as instructed. I hope you guys can help. I dont see an option on the post to attach the zip file. Weird.

DDS LOG

DDS (Ver_09-12-01.01) - NTFSx86
Run by Gilbert at 21:49:15.52 on Tue 12/08/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1161 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Immunet Protect\1.0.18\agent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Immunet Protect\1.0.18\iptray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gilbert\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0 "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [Immunet Protect] "c:\program files\immunet protect\1.0.18\iptray.exe "
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

============= SERVICES / DRIVERS ===============

R2 ImmunetProtect;ImmunetProtect;c:\program files\immunet protect\1.0.18\agent.exe [2009-11-19 692320]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2009-8-14 31232]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-11-27 185640]
S2 EZUSB;USB BDM Driver;c:\windows\system32\drivers\ezusb.sys [2009-10-17 27507]
S2 uhffc;Image Installer;c:\windows\system32\svchost.exe -k netsvcs [2009-11-18 21504]

=============== Created Last 30 ================

2009-12-09 03:10:55 4096 ----a-w- c:\windows\system32\08CC4.tmp
2009-12-08 22:51:42 0 d-----w- c:\program files\Trend Micro
2009-12-08 15:19:31 0 d-----w- c:\program files\SNMPcfg Admin
2009-12-08 01:05:29 0 d-----w- c:\users\gilbert\appdata\roaming\PrimoPDF
2009-12-08 01:05:10 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2009-12-08 01:05:10 0 d-----w- c:\program files\Nitro PDF
2009-11-29 23:44:08 118 ----a-w- c:\users\gilbert\webct_upload_applet.properties
2009-11-23 00:34:00 0 d-----w- c:\program files\MediaMonkey
2009-11-22 09:15:47 0 d-----w- c:\users\gilbert\appdata\roaming\Malwarebytes
2009-11-22 09:15:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 09:15:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 09:15:41 0 d-----w- c:\programdata\Malwarebytes
2009-11-22 09:15:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 06:15:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-22 05:20:35 0 d-----w- c:\program files\SopCast
2009-11-22 05:06:35 0 d-----w- c:\programdata\TVU Networks
2009-11-22 05:06:26 0 d-----w- c:\program files\TVUPlayer
2009-11-21 23:56:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-21 19:39:08 0 d-----w- c:\windows\system32\Adobe
2009-11-21 19:29:48 72704 ----a-w- c:\windows\system32\admparse.dll
2009-11-19 13:17:12 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-11-19 13:17:12 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-11-19 12:53:59 0 d-----w- c:\program files\Immunet Protect
2009-11-19 12:45:16 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-19 12:44:58 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-19 12:44:52 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-19 12:44:52 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-19 12:44:15 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-11-19 12:44:14 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-11-19 12:44:14 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-19 12:44:14 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-11-19 12:44:14 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-11-19 06:18:34 0 d-----w- C:\PerfLogs
2009-11-19 06:00:41 47560 ----a-w- c:\windows\system32\SPReview.exe
2009-11-19 06:00:41 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2009-11-19 05:45:59 126976 ----a-w- c:\windows\system32\msdart.dll
2009-11-19 05:44:59 200704 ----a-w- c:\windows\system32\input.dll
2009-11-19 05:42:18 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-19 05:42:10 44032 ----a-w- c:\windows\system32\cbsra.exe
2009-11-19 05:40:57 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-19 05:40:56 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-19 05:39:32 196608 ----a-w- c:\windows\SPInstall.etl
2009-11-19 05:30:17 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-11-19 05:30:11 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-19 05:29:42 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-19 05:20:41 127 ----a-w- c:\windows\system32\MRT.INI
2009-11-09 17:07:24 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-11-09 17:07:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-11-09 17:07:24 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-11-09 17:07:24 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-11-09 17:07:24 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-11-09 17:07:23 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-11-09 17:07:23 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-11-09 16:57:03 87608 ----a-w- c:\users\gilbert\appdata\roaming\inst.exe
2009-11-09 16:57:03 47360 ----a-w- c:\users\gilbert\appdata\roaming\pcouffin.sys

==================== Find3M ====================

2009-12-09 03:08:56 28029 ----a-w- c:\programdata\nvModes.dat
2009-12-07 22:56:17 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-19 06:26:55 174 --sha-w- c:\program files\desktop.ini
2009-11-19 06:25:15 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-19 06:25:15 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-19 06:18:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-19 06:08:27 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-19 06:08:21 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-08 18:51:21 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-10-30 00:29:08 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-19 00:17:25 122810 ----a-w- c:\windows\hpoins14.dat
2009-10-15 02:06:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-10-15 02:06:37 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-10-15 02:06:31 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2009-10-15 02:06:31 35896 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2009-10-15 02:06:31 3 ----a-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2009-10-15 01:31:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-13 10:04:34 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-10-13 10:04:34 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-10-13 10:04:34 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-10-13 10:04:34 272896 ----a-w- c:\windows\system32\polstore.dll
2009-10-13 10:03:52 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-13 10:03:52 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-13 10:03:52 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-13 10:01:34 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-13 10:01:34 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-13 10:01:34 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-13 10:01:34 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-13 10:01:34 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-13 10:01:34 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-13 10:01:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-13 10:01:34 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-13 10:01:34 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-13 10:01:34 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-13 09:56:59 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-10-13 09:56:58 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-10-13 09:56:58 64512 ----a-w- c:\windows\system32\wlanapi.dll
2009-10-13 09:56:58 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-10-13 09:56:58 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-10-13 09:56:58 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-10-13 09:56:58 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-10-13 09:55:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-10-13 09:55:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-10-13 09:55:32 23552 ----a-w- c:\windows\system32\lpk.dll
2009-10-13 09:55:32 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-10-13 09:55:32 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-10-13 09:55:31 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 09:54:43 98816 ----a-w- c:\windows\system32\mfps.dll
2009-10-13 09:54:43 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-10-13 09:54:43 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-13 09:54:43 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-10-13 09:54:43 2048 ----a-w- c:\windows\system32\mferror.dll
2009-10-13 09:54:00 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-10-13 09:53:21 71680 ----a-w- c:\windows\system32\atl.dll
2009-10-13 09:52:42 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-10-13 09:50:07 269312 ----a-w- c:\windows\system32\es.dll
2009-10-13 09:48:13 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-13 09:48:13 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-13 09:48:13 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-13 09:48:13 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-13 09:48:13 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-13 09:48:12 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-13 09:48:12 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-13 09:41:49 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-10-13 09:41:49 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-10-13 09:41:49 11264 ----a-w- c:\windows\system32\icardres.dll
2009-10-13 09:41:44 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-10-13 09:41:44 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-13 09:41:43 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-10-13 09:41:43 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-10-13 09:19:49 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-10-13 09:19:49 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-13 09:19:48 83968 ----a-w- c:\windows\system32\mscories.dll
2009-10-13 09:19:48 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-10-13 09:19:48 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-10-10 09:32:47 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-10-10 09:32:10 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-10-10 09:32:10 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-10-10 09:31:32 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-10 09:30:50 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-10-10 09:30:50 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-10-10 09:30:49 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-10-10 09:29:54 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-10-10 09:29:18 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-10-10 09:29:17 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-10-10 09:25:47 636928 ----a-w- c:\windows\system32\localspl.dll
2009-10-10 09:24:50 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-10-10 09:24:50 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-10-10 09:24:50 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-10-10 09:24:50 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-10-10 09:24:50 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-10-10 09:24:50 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-10-10 09:23:47 2927104 ----a-w- c:\windows\explorer.exe
2009-10-10 09:18:40 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-10-10 09:18:37 988216 ----a-w- c:\windows\system32\winload.exe
2009-10-10 09:18:37 927288 ----a-w- c:\windows\system32\winresume.exe
2009-10-10 09:18:37 40960 ----a-w- c:\windows\system32\srclient.dll
2009-10-10 09:18:37 378368 ----a-w- c:\windows\system32\srcore.dll
2009-10-10 09:18:37 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-10-10 09:18:37 14848 ----a-w- c:\windows\system32\srdelayed.exe

============= FINISH: 21:50:34.20 ===============

broni · 2009/12/08

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

rgvsdigitalpimp · 2009/12/09

ComboFix and HJThis Log

Heres the logs you requested. For some reason I have ccSvcHst.exe running which shows as Symantec Service Framework and it will not end process or end process tree with task manager. I went to add/remove programs and saw norton internet security there but getting an error message trying to uninstall it. I had it when I first re-imaged this machine but immediatly removed it and I guess it didnt remove properly. I hope that doesnt affect the ComboFox utility. heres the log for combofix:

ComboFix 09-12-08.03 - Gilbert 12/08/2009 23:48:38.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1238 [GMT -6:00]
Running from: c:\users\Gilbert\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1151803824-3433577281-2539278763-500
c:\$recycle.bin\S-1-5-21-747642811-3982433225-4087218088-500
c:\programdata\ntuser.dat{01e575a0-e385-11de-acf8-001e681967e2}.TMContainer00000000000000000001.regtrans-ms
c:\users\Gilbert\AppData\Roaming\inst.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-08 22:51 . 2009-12-08 22:51 -------- d-----w- c:\program files\Trend Micro
2009-12-08 15:19 . 2009-12-08 16:25 -------- d-----w- c:\program files\SNMPcfg Admin
2009-12-08 01:05 . 2009-12-08 01:06 -------- d-----w- c:\users\Gilbert\AppData\Roaming\PrimoPDF
2009-12-08 01:05 . 2009-12-08 01:05 -------- d-----w- c:\program files\Nitro PDF
2009-12-08 01:05 . 2009-07-31 01:44 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2009-11-23 00:34 . 2009-12-08 12:34 -------- d-----w- c:\users\Gilbert\AppData\Local\MediaMonkey
2009-11-23 00:34 . 2009-12-08 12:34 -------- d-----w- c:\program files\MediaMonkey
2009-11-22 09:15 . 2009-11-22 09:15 -------- d-----w- c:\users\Gilbert\AppData\Roaming\Malwarebytes
2009-11-22 09:15 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 09:15 . 2009-11-22 09:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 09:15 . 2009-11-22 09:15 -------- d-----w- c:\programdata\Malwarebytes
2009-11-22 09:15 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 05:20 . 2009-11-22 05:20 -------- d-----w- c:\program files\SopCast
2009-11-22 05:06 . 2009-11-22 05:06 -------- d-----w- c:\users\Gilbert\AppData\Local\TVU Networks
2009-11-22 05:06 . 2009-11-22 05:06 -------- d-----w- c:\programdata\TVU Networks
2009-11-22 05:06 . 2009-11-22 05:06 -------- d-----w- c:\program files\TVUPlayer
2009-11-21 19:39 . 2009-11-21 19:39 -------- d-----w- c:\windows\system32\Adobe
2009-11-21 19:29 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-11-20 09:02 . 2008-05-27 05:17 87552 ----a-w- c:\windows\system32\SearchFilterHost.exe
2009-11-19 13:17 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-11-19 13:17 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-11-19 12:53 . 2009-11-21 19:04 -------- d-----w- c:\program files\Immunet Protect
2009-11-19 12:45 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-19 12:45 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-19 12:45 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-19 12:45 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-19 12:44 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-19 12:44 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-19 12:44 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-19 12:44 . 2009-08-07 01:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-19 12:44 . 2009-08-07 00:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-19 12:44 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-11-19 12:44 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-19 06:18 . 2009-11-19 06:18 -------- d-----w- C:\PerfLogs
2009-11-19 06:00 . 2009-11-19 05:39 47560 ----a-w- c:\windows\system32\SPReview.exe
2009-11-19 06:00 . 2009-11-19 05:39 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2009-11-19 05:45 . 2008-01-19 05:34 126976 ----a-w- c:\windows\system32\msdart.dll
2009-11-19 05:44 . 2008-01-19 05:34 200704 ----a-w- c:\windows\system32\input.dll
2009-11-19 05:42 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-19 05:42 . 2008-01-19 05:33 44032 ----a-w- c:\windows\system32\cbsra.exe
2009-11-19 05:40 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-19 05:40 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-19 05:30 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-11-19 05:30 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-19 05:29 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-15 02:32 . 2009-11-15 02:32 -------- d-----w- c:\users\Gilbert\AppData\Roaming\HP
2009-11-09 17:07 . 2007-03-19 03:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-11-09 17:07 . 2006-09-29 19:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-11-09 17:07 . 2006-09-29 19:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-11-09 17:07 . 2006-09-29 19:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-11-09 17:07 . 2002-12-10 09:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-11-09 17:07 . 2006-05-20 23:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-11-09 17:07 . 2006-05-12 02:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-11-09 16:57 . 2009-11-09 17:22 -------- d-----w- c:\users\Gilbert\AppData\Roaming\Vso
2009-11-09 16:57 . 2009-11-09 17:21 47360 ----a-w- c:\users\Gilbert\AppData\Roaming\pcouffin.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 05:44 . 2007-12-06 03:12 -------- d-----w- c:\program files\Symantec
2009-12-09 05:41 . 2009-10-13 10:00 28029 ----a-w- c:\programdata\nvModes.dat
2009-12-09 05:40 . 2009-12-09 05:40 4096 ----a-w- c:\windows\system32\08B8C.tmp
2009-12-09 05:34 . 2007-12-06 03:11 -------- d-----w- c:\programdata\Symantec
2009-12-09 03:10 . 2009-12-09 03:10 4096 ----a-w- c:\windows\system32\08CC4.tmp
2009-12-08 22:33 . 2009-10-13 05:49 -------- d-----w- c:\users\Gilbert\AppData\Roaming\Skype
2009-12-08 22:06 . 2009-10-13 05:50 -------- d-----w- c:\users\Gilbert\AppData\Roaming\skypePM
2009-12-08 15:12 . 2009-10-23 05:34 -------- d-----w- c:\program files\SpywareBlaster
2009-12-08 12:35 . 2009-12-08 12:35 262144 ----a-w- c:\programdata\ntuser.dat
2009-12-08 12:35 . 2007-12-06 04:51 -------- d-----w- c:\program files\HP
2009-12-08 12:35 . 2007-12-06 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-08 12:35 . 2007-12-06 04:53 -------- d-----w- c:\program files\CyberLink
2009-12-04 21:45 . 2009-10-15 02:58 -------- d-----w- c:\program files\TeamViewer
2009-12-04 21:39 . 2009-10-31 22:13 -------- d-----w- c:\users\Gilbert\AppData\Roaming\LimeWire
2009-11-22 16:22 . 2009-10-23 05:22 -------- d-----w- c:\program files\NoAdware
2009-11-22 06:15 . 2009-11-22 06:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-20 09:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-19 06:28 . 2008-02-16 14:38 -------- d-----w- c:\programdata\NVIDIA
2009-11-19 06:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-19 06:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-19 06:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-19 06:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-19 06:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-19 06:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-19 06:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-19 06:08 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-19 06:08 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-15 02:32 . 2009-10-31 23:05 -------- d-----w- c:\users\Gilbert\AppData\Roaming\CyberLink
2009-11-15 02:32 . 2007-12-06 04:51 -------- d-----w- c:\programdata\HP
2009-11-09 01:22 . 2009-10-13 04:20 -------- d-----w- c:\program files\Google
2009-11-08 20:26 . 2009-10-08 03:46 108248 ----a-w- c:\users\Gilbert\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-08 18:57 . 2009-11-08 18:57 -------- d-----w- c:\programdata\Adobe Systems
2009-11-08 18:57 . 2009-11-08 18:57 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-11-08 18:53 . 2007-12-06 04:52 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-08 18:51 . 2009-11-08 18:52 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-11-03 03:14 . 2009-11-03 03:14 -------- d-----w- c:\program files\QS
2009-10-30 00:29 . 2009-10-30 00:29 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-20 02:09 . 2007-12-06 04:46 -------- d-----w- c:\programdata\Microsoft Help
2009-10-19 03:43 . 2007-12-06 04:24 -------- d-----w- c:\program files\Microsoft Works
2009-10-19 03:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-10-19 03:40 . 2009-10-19 03:40 -------- d-----w- c:\program files\Microsoft.NET
2009-10-19 03:37 . 2009-10-19 03:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-19 00:17 . 2009-10-19 00:07 122810 ----a-w- c:\windows\hpoins14.dat
2009-10-19 00:16 . 2009-10-19 00:16 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-19 00:15 . 2007-12-06 05:02 -------- d-----w- c:\programdata\Hewlett-Packard
2009-10-15 03:17 . 2009-10-13 04:10 -------- d-----w- c:\users\Gilbert\AppData\Roaming\TeamViewer
2009-10-15 02:06 . 2009-10-15 02:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-10-15 02:06 . 2009-10-15 02:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-10-15 02:06 . 2009-10-15 02:06 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2009-10-15 02:06 . 2009-10-15 02:06 35896 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2009-10-15 02:06 . 2009-10-15 02:06 3 ----a-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2009-10-15 01:57 . 2009-10-15 01:57 -------- d-----w- c:\program files\DIFX
2009-10-15 01:56 . 2009-10-15 01:56 -------- d-----w- c:\program files\Palm, Inc
2009-10-15 01:55 . 2009-10-15 01:55 -------- d-----w- c:\users\Gilbert\AppData\Roaming\CanuckSoftware
2009-10-15 01:31 . 2009-10-15 01:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-15 01:31 . 2007-12-06 05:18 -------- d-----w- c:\program files\Java
2009-10-14 04:22 . 2009-10-14 04:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-14 04:21 . 2009-10-08 03:43 -------- d-----w- c:\program files\Yahoo!
2009-10-14 04:16 . 2008-02-16 14:19 -------- d-----w- c:\program files\CONEXANT
2009-10-13 18:34 . 2009-10-13 18:32 -------- d-----w- c:\program files\Microsoft Visual FoxPro 8
2009-10-13 18:34 . 2009-10-13 18:33 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-10-13 18:33 . 2009-10-13 18:33 -------- d-----w- c:\program files\HTML Help Workshop
2009-10-13 18:32 . 2009-10-13 18:32 -------- d-----w- c:\program files\Microsoft UDDI SDK
2009-10-13 10:04 . 2009-10-13 10:04 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-10-13 10:04 . 2009-10-13 10:04 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-10-13 10:04 . 2009-10-13 10:04 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-10-13 10:04 . 2009-10-13 10:04 272896 ----a-w- c:\windows\system32\polstore.dll
2009-10-13 10:03 . 2009-10-13 10:03 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-13 10:03 . 2009-10-13 10:03 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-13 10:03 . 2009-10-13 10:03 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-13 10:01 . 2009-10-13 10:01 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-13 10:01 . 2009-10-13 10:01 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-13 10:01 . 2009-10-13 10:01 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-13 10:01 . 2009-10-13 10:01 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-13 10:01 . 2009-10-13 10:01 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-13 10:01 . 2009-10-13 10:01 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-13 10:01 . 2009-10-13 10:01 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-13 10:01 . 2009-10-13 10:01 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-13 10:01 . 2009-10-13 10:01 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-13 10:01 . 2009-10-13 10:01 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-13 09:56 . 2009-10-13 09:56 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-10-13 09:56 . 2009-10-13 09:56 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-10-13 09:56 . 2009-10-13 09:56 64512 ----a-w- c:\windows\system32\wlanapi.dll
2009-10-13 09:56 . 2009-10-13 09:56 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-10-13 09:56 . 2009-10-13 09:56 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-10-13 09:56 . 2009-10-13 09:56 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-10-13 09:56 . 2009-10-13 09:56 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-10-13 09:55 . 2009-10-13 09:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-10-13 09:55 . 2009-10-13 09:55 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-10-13 09:55 . 2009-10-13 09:55 23552 ----a-w- c:\windows\system32\lpk.dll
2009-10-13 09:55 . 2009-10-13 09:55 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-10-13 09:55 . 2009-10-13 09:55 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-10-13 09:55 . 2009-10-13 09:55 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 09:54 . 2009-10-13 09:54 98816 ----a-w- c:\windows\system32\mfps.dll
2009-10-13 09:54 . 2009-10-13 09:54 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-10-13 09:54 . 2009-10-13 09:54 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-13 09:54 . 2009-10-13 09:54 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-10-13 09:54 . 2009-10-13 09:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-10-13 09:54 . 2009-10-13 09:54 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-10-13 09:53 . 2009-10-13 09:53 71680 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"WindowsWelcomeCenter "= "oobefldr.dll" [2008-01-19 2153472]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-15 149280]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Immunet Protect "= "c:\program files\Immunet Protect\1.0.18\iptray.exe" [2009-11-19 1305416]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-08-25 03:07 51048 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

R2 ImmunetProtect;ImmunetProtect;c:\program files\Immunet Protect\1.0.18\agent.exe [11/19/2009 6:53 AM 692320]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [11/27/2009 9:24 AM 185640]
S2 EZUSB;USB BDM Driver;c:\windows\System32\drivers\ezusb.sys [10/17/2009 3:32 PM 27507]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [8/14/2009 10:44 AM 31232]
S2 uhffc;Image Installer;c:\windows\system32\svchost.exe -k netsvcs [11/18/2009 11:44 PM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uhffc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 23:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-{76C24F39-B161-498F-BD8B-C64789812D13}_is1 - c:\program files\VSO\ConvertX\3\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 23:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uhffc]
"ServiceDll "= "c:\windows\system32\rzqcnvh.dll "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2009-12-08 23:57:58
ComboFix-quarantined-files.txt 2009-12-09 05:57

Pre-Run: 180,813,197,312 bytes free
Post-Run: 180,608,397,312 bytes free

- - End Of File - - 4C47EC0A984472B7C53DBA7B4603D200

AND HERES THE LOG FOR HIJACK THIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:45 PM, on 12/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Immunet Protect\1.0.18\iptray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [Immunet Protect] "C:\Program Files\Immunet Protect\1.0.18\iptray.exe "
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ImmunetProtect - Immunet Corporation - C:\Program Files\Immunet Protect\1.0.18\agent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Palm Novacom (NovacomD) - Unknown owner - C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10323 bytes

Thanks for the help. I really appreciate this. Im a little embarassed because I fix computers and here I am asking for help. Oh well. I guess it happens to the best of us.

broni · 2009/12/09

Im a little embarassed because I fix computers and here I am asking for help
Click to expand...

There is nothing to be embarrassed of. Curing an infection is a whole new computer "science ".

What IS your actual AV program, because I don't see anything else, but Norton?

rgvsdigitalpimp · 2009/12/09

Actually, I was using a program called the Immunet Project. www.immunet.com
It's a cloud based antivirus solution that really doesnt install any software. Just scans files in real time using a database online. I've tried em all and none really catches everything so instead of definiton updates I went to the cloud based solution. it picked up the Conficker when it came in but dont know if thats what caused this hijack problem. What AV do you use?

broni · 2009/12/09

My suggestions (and what I use):

- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

After installation, update the program and run full scan.

rgvsdigitalpimp · 2009/12/09

Of course, all those links you posted are not coming up on my PC because of the hijack problem. Says DNS Error on Google. I went through Google and searched for the Comodo through CNets download.com I was able to download and install the Antivirus + Firewall. Unfortunatly because of the hijack it will not update. I did a full scan anyway with what definitions it did have and it found nothing. Weird. Now what??

broni · 2009/12/09

Download and run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Re-run Combofix and HJT. Post fresh logs.

rgvsdigitalpimp · 2009/12/09

"broni said: ↑

Download and run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Re-run Combofix and HJT. Post fresh logs.
Click to expand...

AGH! I cant get to that link because of the hijack. Can someone please email me that removal tool to gflores.rgv@gmail.com

rgvsdigitalpimp · 2009/12/10

Guys I appreciate the effort but I went day by day on the system restore option until I restored without an error. Seems like my registry is back without that hijack problem. Im hitting antivirus sites and all. Thanks a bunch guys.

broni · 2009/12/10

System restore in 99% cases won't cure an infection. It may appeared to be gone, but usually, it'll reappear.

I strongly suggest, you re-run scans.

Log in or Sign up

Active Computer cannot access any antivirus related websites

rgvsdigitalpimp Inactive Thread Starter

broni Moderator Malware Analyst

rgvsdigitalpimp Inactive Thread Starter

broni Moderator Malware Analyst

rgvsdigitalpimp Inactive Thread Starter

broni Moderator Malware Analyst

rgvsdigitalpimp Inactive Thread Starter

broni Moderator Malware Analyst

rgvsdigitalpimp Inactive Thread Starter

rgvsdigitalpimp Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Computer cannot access any antivirus related websites

rgvsdigitalpimp Inactive Thread Starter

broni Moderator Malware Analyst

rgvsdigitalpimp Inactive Thread Starter

broni Moderator Malware Analyst

rgvsdigitalpimp Inactive Thread Starter

broni Moderator Malware Analyst

rgvsdigitalpimp Inactive Thread Starter

broni Moderator Malware Analyst

rgvsdigitalpimp Inactive Thread Starter

rgvsdigitalpimp Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches