0

I Boot up and Explorer is there for a random amount of time then is just disappears and i open it back up in task manager and it stay open for about 5 seconds and Shuts again I ran hijackthis and it found a butt load of things but I need someone to look over them who knows what their doing

here is the Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:03 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [381d12c6] rundll32.exe "C:\WINDOWS\system32\tovowwdg.dll",b
O4 - HKLM\..\Run: [BM3b2e215a] Rundll32.exe "C:\WINDOWS\system32\qelnvgar.dll",s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - C:\Program Files\Trillian\Trillian (file missing)
O9 - Extra 'Tools' menuitem: Trillian - {2ef50289-0ea7-482e-a30b-4947a81e44cf} - C:\Program Files\Trillian\Trillian (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 10464 bytes

3
Contributors
4
Replies
5
Views
9 Years
Discussion Span
Last Post by sittas87
0

run updated anti-virus and a malicius softaware removal progs ......most of the files you posted are windows system progrs.....in my opoinion if format is an option do ti and set the whole system up......of course install and a good anti-virus software.....

0

welcome megaglow

download combifix here.Restart to safe mode and run it dont do anything while its doing its job dont even touch your mouse.Ill have a look at you HJT log and post results tomorow

0

Here it is ComboFix 08-06-19.1 - HP_Administrator 2008-06-21 19:43:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.431 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM3b2e215a.xml
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\pmjhbhlp.sys
C:\WINDOWS\system32\ptjhehlp.dll
C:\WINDOWS\system32\sgrefg.dll
C:\WINDOWS\system32\spjhahlp.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-20 17:40 . 2008-06-20 19:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-20 17:40 . 2008-06-20 17:41 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-19 12:33 . 2000-06-01 18:48 40,688 --a------ C:\WINDOWS\system32\Zcipro1.ttf
2008-06-19 12:33 . 2000-07-07 08:48 40,140 --a------ C:\WINDOWS\system32\INSOLF1.ttf
2008-06-19 12:33 . 1999-09-22 16:56 32,768 --a------ C:\WINDOWS\system32\PHONETIC.FON
2008-06-19 12:33 . 1996-03-08 15:37 31,808 --a------ C:\WINDOWS\system32\Zcipro4.ttf
2008-06-19 12:33 . 1994-11-21 14:15 25,480 --a------ C:\WINDOWS\system32\Zcisym.ttf
2008-06-19 12:33 . 1994-10-05 07:05 18,180 --a------ C:\WINDOWS\system32\Zcipro2.ttf
2008-06-19 12:33 . 1995-10-27 14:11 14,500 --a------ C:\WINDOWS\system32\Zcipro3.ttf
2008-06-18 17:51 . 2008-06-18 17:51 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-18 17:47 . 2008-06-18 17:47 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-18 17:40 . 2008-06-18 17:40 279,552 --ah----- C:\WINDOWS\system32\mtewdh.dll
2008-06-18 17:37 . 2008-06-18 17:37 229,376 --ah----- C:\WINDOWS\system32\pedadt.dll
2008-06-18 17:35 . 2008-06-18 17:45 <DIR> d--h----- C:\DNT_Temp
2008-06-18 17:35 . 2008-06-18 17:35 4,608 --a------ C:\WINDOWS\MicroSoft.pif
2008-06-18 17:35 . 2008-06-18 17:35 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-18 17:35 . 2008-06-18 17:35 210 --a------ C:\WINDOWS\MicroSoft.vbs
2008-06-18 14:39 . 2008-06-18 14:39 1,942 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EL472AA-ABA a1350n_YC_0Pavi_QCN7552_E61NAemMPC1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.13_T051115_WXP2_L409_M959_J250_7AMD_8Athlon 64 X2 Dual Core_92.19_#060411_N10EC8139_Z11C10620_G10025954.MRK
2008-06-18 14:38 . 2006-04-11 20:37 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-06-18 14:38 . 2006-04-11 20:37 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-06-18 14:38 . 2008-06-18 14:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-06-18 14:38 . 2006-04-11 20:40 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-06-18 14:38 . 2008-06-18 14:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation
2008-06-18 14:38 . 2008-06-21 00:27 <DIR> d-------- C:\Documents and Settings\HP_Administrator
2008-06-18 14:30 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-18 14:30 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-18 13:50 . 2008-06-20 17:52 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-06-18 11:22 . 2008-06-18 11:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-18 11:21 . 2008-06-18 11:21 <DIR> d-------- C:\WINDOWS\LastGood(2)
2008-06-17 10:21 . 2008-06-18 13:22 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-06-17 10:21 . 2008-06-18 13:22 <DIR> d-------- C:\Program Files\DAP
2008-06-17 01:12 . 2008-06-16 17:18 31,744 --a------ C:\Sys5B.exe
2008-06-17 01:12 . 2008-06-16 17:18 31,744 --a------ C:\Sys58.exe
2008-06-17 01:12 . 2008-06-16 17:18 30,720 --a------ C:\Sys5A.exe
2008-06-17 01:12 . 2008-06-16 17:18 30,208 --a------ C:\Sys59.exe
2008-06-17 01:11 . 2008-06-16 17:18 31,744 --a------ C:\Sys57.exe
2008-06-16 23:58 . 2008-06-16 23:58 <DIR> d-------- C:\Program Files\CableRouting
2008-06-16 22:57 . 2008-06-16 15:36 245,760 --a------ C:\WINDOWS\ksendlbtdpl.dll
2008-06-16 22:57 . 2008-06-16 15:36 81,920 --a------ C:\WINDOWS\neltabxw.exe
2008-06-16 22:56 . 2008-06-16 22:57 <DIR> d-------- C:\Program Files\VAV
2008-06-16 22:56 . 2008-06-16 22:56 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-06-16 22:56 . 2008-06-16 15:36 94,208 --a------ C:\WINDOWS\exwd.exe
2008-06-16 22:56 . 2008-06-16 17:18 31,744 --a------ C:\Sys29F.exe
2008-06-16 22:56 . 2008-06-16 17:18 31,744 --a------ C:\Sys29E.exe
2008-06-16 22:56 . 2008-06-16 17:18 30,720 --a------ C:\Sys2A1.exe
2008-06-16 22:56 . 2008-06-16 17:18 30,208 --a------ C:\Sys2A0.exe
2008-06-16 13:14 . 2008-06-16 13:14 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Avant Profiles
2008-06-16 13:13 . 2008-06-16 13:13 <DIR> d-------- C:\Program Files\Avant Browser
2008-06-15 00:37 . 2008-06-15 00:37 2,311,271 --a------ C:\WINDOWS\Phantom Fireworks Show.exe
2008-06-15 00:37 . 2008-06-15 00:37 395,708 --a------ C:\WINDOWS\Phantom Fireworks Show.scr
2008-06-15 00:37 . 2008-06-15 00:37 40,960 --a------ C:\WINDOWS\Phantom Fireworks Show.dll
2008-06-15 00:37 . 2008-06-15 00:37 18,192 --a------ C:\WINDOWS\Phantom Fireworks Show.dat
2008-06-13 16:41 . 2008-06-13 16:42 <DIR> d-------- C:\e39f50751a5e6b9b87012957
2008-06-13 16:40 . 2008-06-13 16:41 <DIR> d-------- C:\3739ae8b9656012014564fbf055dc1ad
2008-06-13 10:43 . 2008-06-13 10:43 <DIR> d-------- C:\Program Files\MetaStream
2008-06-12 19:11 . 2008-06-12 19:35 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-06-12 17:28 . 2008-06-12 17:28 <DIR> d-------- C:\Program Files\Bethesda Softworks
2008-06-12 17:25 . 2008-06-12 17:26 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-12 17:25 . 2008-06-17 00:11 <DIR> d-------- C:\Program Files\AdVantage
2008-06-12 17:11 . 2008-06-12 17:11 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
2008-06-12 17:00 . 2008-06-12 17:00 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Windows Desktop Search
2008-06-12 16:57 . 2008-06-12 16:57 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-06-11 23:50 . 2006-04-11 20:37 <DIR> d-------- C:\Documents and Settings\MCX1.YOUR-4DACD0EA75\WINDOWS
2008-06-11 23:50 . 2006-04-11 20:54 <DIR> d-------- C:\Documents and Settings\MCX1.YOUR-4DACD0EA75\Application Data\Symantec
2008-06-11 23:50 . 2006-04-11 20:40 <DIR> d-------- C:\Documents and Settings\MCX1.YOUR-4DACD0EA75\Application Data\Intuit
2008-06-11 23:50 . 2006-04-11 20:25 <DIR> d-------- C:\Documents and Settings\MCX1.YOUR-4DACD0EA75\Application Data\Digital Interactive Systems Corporation
2008-06-11 23:50 . 2008-06-11 23:50 <DIR> d-------- C:\Documents and Settings\MCX1.YOUR-4DACD0EA75
2008-06-11 19:33 . 2008-06-11 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-11 19:04 . 2008-06-11 19:33 <DIR> d-------- C:\Program Files\Uniblue
2008-06-11 19:04 . 2008-06-11 19:33 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
2008-06-11 01:56 . 2008-06-11 01:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-11 01:56 . 2008-06-11 02:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 01:37 . 2008-06-11 11:15 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-11 01:14 . 2008-06-11 01:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-11 01:14 . 2008-06-11 01:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-11 01:09 . 2008-06-11 01:09 <DIR> d-------- C:\Program Files\AVG
2008-06-11 01:09 . 2008-06-17 01:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-10 21:14 . 2008-06-10 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-10 15:35 . 2008-06-11 14:12 <DIR> d-------- C:\Program Files\Norton 360
2008-06-10 13:19 . 2008-06-10 13:19 <DIR> d-------- C:\Program Files\Passcape
2008-06-10 13:12 . 2008-06-10 13:12 <DIR> d-------- C:\Program Files\Password Saver
2008-06-06 13:53 . 2006-04-11 20:37 <DIR> d-------- C:\Documents and Settings\MCX2\WINDOWS
2008-06-06 13:53 . 2006-04-11 20:54 <DIR> d-------- C:\Documents and Settings\MCX2\Application Data\Symantec
2008-06-06 13:53 . 2006-04-11 20:40 <DIR> d-------- C:\Documents and Settings\MCX2\Application Data\Intuit
2008-06-06 13:53 . 2006-04-11 20:25 <DIR> d-------- C:\Documents and Settings\MCX2\Application Data\Digital Interactive Systems Corporation
2008-06-06 13:53 . 2008-06-11 01:10 <DIR> d-------- C:\Documents and Settings\MCX2
2008-06-04 17:42 . 2008-06-04 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-04 14:04 . 2008-06-04 14:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\vlc
2008-06-04 13:49 . 2008-06-21 10:51 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-06-04 13:45 . 2008-06-17 09:59 <DIR> d-------- C:\Program Files\BitComet
2008-06-04 13:41 . 2008-06-04 13:41 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-04 13:36 . 2008-06-04 13:36 <DIR> d-------- C:\Program Files\Bonjour
2008-05-31 23:45 . 2008-05-31 23:45 <DIR> d-------- C:\My Media
2008-05-31 23:45 . 2008-05-31 23:45 7 --a------ C:\WINDOWS\system\DSink.ref
2008-05-31 23:44 . 2008-06-11 19:18 <DIR> d-------- C:\Program Files\DJ Studio Pro
2008-05-31 23:44 . 2008-05-31 23:44 245,760 --------- C:\WINDOWS\Setup1.exe
2008-05-31 23:44 . 2008-05-31 23:44 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 03:35 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-19 00:23 --------- d-----w C:\Program Files\Google
2008-06-18 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-18 18:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-17 19:11 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-06-17 16:59 --------- d-----w C:\Program Files\Cheat Engine
2008-06-16 20:11 --------- d-----w C:\Program Files\QuickTime
2008-06-16 20:10 --------- d-----w C:\Program Files\Apple Software Update
2008-06-13 01:56 --------- d-----w C:\Program Files\ArtMoney
2008-06-12 17:56 --------- d-----w C:\Program Files\MSBuild
2008-06-12 02:21 --------- d-----w C:\Program Files\Wishformoney
2008-06-12 02:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-11 11:20 --------- d-----w C:\Program Files\SCAR 2.03
2008-06-11 10:39 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-11 08:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 03:46 --------- d-----w C:\Program Files\Microsoft Games
2008-06-11 02:54 --------- d-----w C:\Program Files\LimeWire
2008-06-11 02:03 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Vso
2008-06-10 17:09 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Xfire
2008-06-10 11:32 --------- d-s---w C:\Program Files\Xfire
2008-06-04 20:37 --------- d-----w C:\Program Files\iTunes
2008-06-04 06:12 --------- d-----w C:\Program Files\BitTorrent
2008-05-11 23:49 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2008-05-09 13:00 --------- d-----w C:\Program Files\Computer Alarm Clock
2008-03-02 21:08 87,608 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\inst.exe
2008-03-02 21:08 47,360 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
2007-03-13 05:01 462 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-03-05 00:51 14 -c--a-w C:\Program Files\lethal biznitc.stats
2007-03-05 00:50 13 ----a-w C:\Program Files\lethalbiznitc.stats
2007-03-03 04:12 0 ----a-w C:\Documents and Settings\HP_Administrator\StaticObject.dat
2006-07-22 16:39 258 ----a-w C:\Documents and Settings\John Nobis\Application Data\wklnhst.dat
1996-07-29 20:11 733,296 ----a-w C:\Documents and Settings\HP_Administrator\OPENGL32.DLL
1996-07-29 20:09 139,712 ----a-w C:\Documents and Settings\HP_Administrator\GLU32.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-18 14:49 171448]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 13:01 1923352]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 08:58 217544]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-05-05 02:02 2334520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 22:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 23:19 77312 C:\WINDOWS\arpwrmsg.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 06:35 49152]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2005-09-27 00:43 1060864]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 00:42 61440]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 23:59 218240]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-04 16:40 48752]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2004-09-09 18:12 132248]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 00:03 22656]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 17:41 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]

C:\Documents and Settings\MCX2\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-13 08:46:59 27136]

C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-13 08:46:59 27136]

C:\Documents and Settings\MCX1.YOUR-4DACD0EA75\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-13 08:46:59 27136]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
hc_tray.lnk - C:\Program Files\Kuma Games\hcsystray\hc_tray.exe [2007-09-28 17:08:02 33992]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26 282624]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-04-11 20:43:39 36903]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F4F0064-71E0-4f0d-0025-708476C7815F}"= C:\WINDOWS\system32\midimapfs2.dll [2001-06-18 17:36 1067808]
"{4F4F0064-71E0-4f0d-0026-708476C7815F}"= C:\WINDOWS\system32\midimapjx2.dll [2001-06-18 17:36 1067808]
"{00220022-0022-0022-0022-00220022BB15}"= C:\WINDOWS\system32\rasmanqn3.dll [2001-06-18 17:36 1067808]
"{00130013-0013-0013-0013-00130013BB15}"= C:\WINDOWS\system32\ksuserfy.dll [2001-06-18 17:37 775968]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= C:\WINDOWS\system32\pedadt.dll [2008-06-18 17:37 229376]
"{00120012-0012-0012-0012-00120012BB15}"= C:\WINDOWS\system32\kbdswjr.dll [2001-06-18 17:37 1068320]
"{00170017-0017-0017-0017-00170017BB15}"= C:\WINDOWS\system32\msobjstl.dll [2001-06-18 17:37 1069204]
"{00010001-0001-0001-0001-00010001BB15}"= C:\WINDOWS\system32\adsntzt.dll [2001-06-18 17:38 1066784]
"{4F4F0064-71E0-4f0d-0002-708476C7815F}"= C:\WINDOWS\system32\midimapwm.dll [2001-06-18 17:38 22304]
"{00150015-0015-0015-0015-00150015BB15}"= C:\WINDOWS\system32\csrsrvmy.dll [2001-06-18 17:38 898848]
"{4F4F0064-71E0-4f0d-0005-708476C7815F}"= C:\WINDOWS\system32\midimapzx.dll [2001-06-18 17:39 1070880]
"{4F4F0064-71E0-4f0d-0023-708476C7815F}"= C:\WINDOWS\system32\midimapcq.dll [2001-06-18 17:39 1071764]
"{4F4F0064-71E0-4f0d-0004-708476C7815F}"= C:\WINDOWS\system32\midimapwl.dll [2001-06-18 17:39 1071392]
"{4F4F0064-71E0-4f0d-0018-708476C7815F}"= C:\WINDOWS\system32\midimapwd.dll [2001-06-18 17:39 1072276]
"{4F4F0064-71E0-4f0d-0006-708476C7815F}"= C:\WINDOWS\system32\midimapcb.dll [2001-06-18 17:39 1070508]
"{00030003-0003-0003-0003-00030003BB15}"= C:\WINDOWS\system32\bootvidgj.dll [2001-06-18 17:40 799008]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [ ]
"{189F087F-4378-405F-85FA-37D955AD7A8C}"= C:\WINDOWS\system32\mtewdh.dll [2008-06-18 17:40 279552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"midimapfs2"= {4F4F0064-71E0-4f0d-0025-708476C7815F} - C:\WINDOWS\system32\midimapfs2.dll [2001-06-18 17:36 1067808]
"midimapjx2"= {4F4F0064-71E0-4f0d-0026-708476C7815F} - C:\WINDOWS\system32\midimapjx2.dll [2001-06-18 17:36 1067808]
"rasmanqn3"= {00220022-0022-0022-0022-00220022BB15} - C:\WINDOWS\system32\rasmanqn3.dll [2001-06-18 17:36 1067808]
"ksuserfy"= {00130013-0013-0013-0013-00130013BB15} - C:\WINDOWS\system32\ksuserfy.dll [2001-06-18 17:37 775968]
"kbdswjr"= {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll [2001-06-18 17:37 1068320]
"msobjstl"= {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll [2001-06-18 17:37 1069204]
"adsntzt"= {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll [2001-06-18 17:38 1066784]
"midimapwm"= {4F4F0064-71E0-4f0d-0002-708476C7815F} - C:\WINDOWS\system32\midimapwm.dll [2001-06-18 17:38 22304]
"csrsrvmy"= {00150015-0015-0015-0015-00150015BB15} - C:\WINDOWS\system32\csrsrvmy.dll [2001-06-18 17:38 898848]
"midimapzx"= {4F4F0064-71E0-4f0d-0005-708476C7815F} - C:\WINDOWS\system32\midimapzx.dll [2001-06-18 17:39 1070880]
"midimapcq"= {4F4F0064-71E0-4f0d-0023-708476C7815F} - C:\WINDOWS\system32\midimapcq.dll [2001-06-18 17:39 1071764]
"midimapwl"= {4F4F0064-71E0-4f0d-0004-708476C7815F} - C:\WINDOWS\system32\midimapwl.dll [2001-06-18 17:39 1071392]
"midimapwd"= {4F4F0064-71E0-4f0d-0018-708476C7815F} - C:\WINDOWS\system32\midimapwd.dll [2001-06-18 17:39 1072276]
"midimapcb"= {4F4F0064-71E0-4f0d-0006-708476C7815F} - C:\WINDOWS\system32\midimapcb.dll [2001-06-18 17:39 1070508]
"bootvidgj"= {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll [2001-06-18 17:40 799008]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8545:TCP"= 8545:TCP:BitComet 8545 TCP
"8545:UDP"= 8545:UDP:BitComet 8545 UDP


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 02:07:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 02:34:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-18 21:40:12 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exef/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Easy Internet signup\StartEIS.aml
"2006-04-12 03:56:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-22 02:04:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-12 02:04:13 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-06-22 02:38:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-17 16:53:32 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-21 10:00:00 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 19:50:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccClient.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
.
**************************************************************************
.
Completion time: 2008-06-21 20:04:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-22 03:04:37

Pre-Run: 63,210,237,952 bytes free
Post-Run: 63,510,593,536 bytes free

327

0

Heya
[sorry for the late reply]
I didnt have time to look into your HJT log thoughrouly yet.however try this strong tool in the mean time:
download trend micro's DOS application here (2.1MB) and the two essential pattern files namely lptXXX and sspdaX_XX(X means latest versions)witch you can find at the same site

extract/install the DOS application and the files in a temp folder(all inthe same folder) in the root of local disk,now go into safe mode and run the DOS application
??

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.