Need Control Of Computer (hijackthis)[INACTIVE]

[XGraveX]

Hi. I'm in need of help getting my computer back up to par. I have windows vista and i bought the computer in early 07' . Things were going good but like all computers at sometime in their lives they have trouble. I probaly should have gotten aroung to this earlier but I had school and no time to fix it. Here is a list of the things I am going through with this computer.

1-Malware and adware

2- Programs that were standard like Realplayer won't work anymore

3- Some weird commercials that i hear coming through the speakers every so often from random places. In fact I'm hearing one right now 9 10 AM in Ohio. When I hear these -commercials- I never have anything open that play something like that.

4- Freezing of course especially when my girlfriend is playing everquest with her friends.

5- When I download something the window that says whatever percent of whatever completed doesn't go away after its done or when I click on it.

6- Of course the slower overall performance. How long it takes to boot up is ridiculous compared to when I got it.

Thats just a few thing that are going bad. I also was wondering if you or anyone knew of a really good program for getting rid of all the malware, adware, viruses, and trojans choking this computers life out. And finally, here is my hijackthis log. Will Appreciate any help.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:27:23 AM, on 12/19/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

C:\Windows\System32\rundll32.exe

C:\hp\kbd\kbd.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: TBSB02751 - {25875464-7327-417C-8264-902D99CF6FD1} - C:\Program Files\Search Enhancer Toolbar\NCL.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Search Enhancer Toolbar - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\Program Files\Search Enhancer Toolbar\NCL.dll

O3 - Toolbar: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'Default user')

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O4 - Global Startup: PolderbitS Audio Driver Monitor.lnk = C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

O13 - Gopher Prefix:

O15 - Trusted Zone: www.factoryfiles.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe

O23 - Service: afisicx Corporation inc. (afisicx) - Unknown owner - C:\Windows\system32\afisicx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\Windows\system32\mabidwe.exe

O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\Windows\system32\macidwe.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Microsoft Network Message Service (msmsnkd) - Unknown owner - C:\Windows\system32\msmsn.exe

O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\Windows\system32\Nobicyt.exe

O23 - Service: noxtcyr Event propagation service (noxtcyr) - Unknown owner - C:\Windows\system32\noxtcyr.exe

O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\Windows\system32\noytcyr.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: perfmons - Unknown owner - C:\Windows\system32\perfs.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe

O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\Windows\system32\roxtctm.exe

O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\Windows\system32\roytctm.exe

O23 - Service: sobicyt - Unknown owner - C:\Windows\system32\sobicyt.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: sotpeca Corporation inc. (sotpeca) - Unknown owner - C:\Windows\system32\sotpeca.exe

O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\Windows\system32\soxpeca.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\Windows\system32\tdxdowkc.exe

O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\Windows\system32\tdydowkc.exe

O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe

O23 - Service: wsldoekd Manages messages (wsldoekd) - Unknown owner - C:\Windows\system32\wsldoekd.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11035 bytes

[Rorschach112]

Hello

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[XGraveX]

And here you go.

ComboFix 08-12-18.03 - KAGE 2008-12-19 13:29:28.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.267 [GMT -5:00]

Running from: c:\users\KAGE\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Search Enhancer Toolbar

c:\program files\Search Enhancer Toolbar\NCL.dll

c:\windows\Install.txt

c:\windows\system32\afinding.exe

c:\windows\system32\afisicx.exe

c:\windows\system32\atsxyzd.sys

c:\windows\system32\comsa32.sys

c:\windows\system32\mabidwe.exe

c:\windows\system32\macidwe.exe

c:\windows\system32\msansspc.dll

c:\windows\system32\Nobicyt.exe

c:\windows\system32\noxtcyr.exe

c:\windows\system32\noytcyr.exe

c:\windows\system32\perfs.exe

c:\windows\system32\routing.exe

c:\windows\system32\roxtctm.exe

c:\windows\system32\roytctm.exe

c:\windows\system32\sobicyt.exe

c:\windows\system32\sotpeca.exe

c:\windows\system32\soxpeca.exe

c:\windows\system32\tdxdowkc.exe

c:\windows\system32\tdydowkc.exe

c:\windows\system32\tpszxyd.sys

c:\windows\system32\udxfytw.sys

c:\windows\system32\WServing.exe

c:\windows\system32\wsldoekd.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_AFinding

-------\Service_afisicx

-------\Service_mabidwe

-------\Service_macidwe

-------\Service_NOBICYT

-------\Service_noxtcyr

-------\Service_noytcyr

-------\Service_perfmons

-------\Service_Routing

-------\Service_roxtctm

-------\Service_roytctm

-------\Service_sobicyt

-------\Service_sotpeca

-------\Service_soxpeca

-------\Service_tdxdowkc

-------\Service_tdydowkc

-------\Service_WServing

-------\Service_wsldoekd

((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))

.

2008-12-19 08:41 . 2008-12-11 20:53 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2008-12-12 03:02 . 2008-10-21 18:31 2,048 --a------ c:\windows\System32\tzres.dll

2008-12-11 14:28 . 2008-10-31 18:38 4,247,552 --a------ c:\windows\System32\GameUXLegacyGDFs.dll

2008-12-11 14:28 . 2008-10-31 22:33 1,687,040 --a------ c:\windows\System32\gameux.dll

2008-12-11 14:28 . 2008-10-31 22:33 28,672 --a------ c:\windows\System32\Apphlpdm.dll

2008-12-11 14:01 . 2008-10-21 00:16 297,472 --a------ c:\windows\System32\gdi32.dll

2008-12-11 13:59 . 2008-10-29 01:20 2,923,520 --a------ c:\windows\explorer.exe

2008-12-06 13:37 . 2008-12-06 14:06 <DIR> d-------- c:\program files\PSP_Blender

2008-12-06 13:37 . 2008-12-06 13:37 <DIR> d-------- c:\program files\Conduit

2008-11-30 18:35 . 2008-11-30 18:35 <DIR> d-------- c:\program files\Trend Micro

2008-11-30 15:05 . 2008-11-30 15:05 24 --a------ c:\windows\System32\Drv32_16.ini

2008-11-30 15:04 . 2008-11-30 15:04 <DIR> d-------- c:\program files\PolderbitS

2008-11-30 15:04 . 2008-11-30 15:04 345,616 --a------ c:\windows\System32\PbsAuDrvPropPage_uk.dll

2008-11-30 15:04 . 2008-11-30 15:04 106,768 --a------ c:\windows\System32\drivers\pbsaudrv.sys

2008-11-25 22:40 . 2008-08-27 22:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-25 22:40 . 2008-08-27 22:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-25 22:40 . 2008-08-27 22:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-25 22:20 . 2008-10-21 00:16 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-25 22:20 . 2008-10-21 22:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-25 22:20 . 2008-10-21 22:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll

2008-11-25 22:20 . 2008-10-21 22:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-19 18:26 6,736 ----a-w c:\windows\system32\drivers\PROCEXP90.SYS

2008-12-17 23:00 --------- d-----w c:\program files\Norton Security Scan

2008-12-17 07:25 --------- d-----w c:\users\KAGE\AppData\Roaming\uTorrent

2008-12-12 08:18 174 --sha-w c:\program files\desktop.ini

2008-12-12 08:13 --------- d-----w c:\program files\Windows Mail

2008-11-30 23:25 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-05 01:44 318 ----a-w c:\users\KAGE\AppData\Roaming\wklnhst.dat

2008-11-01 03:33 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll

2008-11-01 03:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-11-01 03:33 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2008-11-01 03:33 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll

2008-11-01 03:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2008-10-31 23:23 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2007-03-27 22:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-03-27 22:48 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-03-27 22:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}"= "c:\program files\PSP_Blender\tbPSP_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}]

2008-11-23 23:03 1784856 --a------ c:\program files\PSP_Blender\tbPSP_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}"= "c:\program files\PSP_Blender\tbPSP_.dll" [2008-11-23 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D7DF6AE0-D36C-4397-94EC-9F653BD4EDA4}"= "c:\program files\PSP_Blender\tbPSP_.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{d7df6ae0-d36c-4397-94ec-9f653bd4eda4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-22 171448]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"iRiver Updater"="\Updater.exe" [2004-07-01 212992]

"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-18 185896]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE" [2008-01-07 390568]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2008-08-29 995328]

PolderbitS Audio Driver Monitor.lnk - c:\program files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe [2008-11-30 153104]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, msansspc.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk

backup=c:\windows\pss\HP Connections.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^KAGE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEMonitor.lnk]

path=c:\users\KAGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEMonitor.lnk

backup=c:\windows\pss\MEMonitor.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2006-10-24 16:08 107112 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-17 02:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

--a------ 2006-11-16 17:59 1480296 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]

--a------ 2006-10-24 02:19 46728 c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-07-06 20:15 81920 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

--a------ 2006-10-26 18:18 22696 c:\program files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2007-11-29 19:44 1266936 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-22 09:09 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-03-18 14:58 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{29B8D3C6-CA28-4884-83AF-0064BFC85E14}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{1854626B-BCCB-4249-842C-4F221AE1A38B}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{26DA99DD-32E6-406C-88CC-D24780D8CDD6}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{C52ACD81-B9BA-454A-8A23-F50F21F15BCA}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{4B9CBF85-2188-4C95-840E-391E426B51CE}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections

"{99163293-948E-4773-9E0D-DD7E435A323C}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{D0DEF4E2-F06C-496B-92AA-1B4EAC7D2490}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections

"{33B05DAB-8F2E-4BCA-ABED-4EBCBA0B1EAC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{61730387-55AA-47EE-871D-B5360A87C61C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{9727EAA8-00E7-48EA-9136-EBF171CFDF14}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{CFD00705-484C-48A3-95AA-2BF2E898FCE0}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{561FCCC8-4ACB-435D-B8DD-6B014A365085}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{63FF3013-938F-45E8-AB04-758636756562}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{443A8C79-6A8E-43B4-9BF8-2B01A68A0551}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{E5AD71F2-7EE8-40B8-9B52-37CC8ABEDD0E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"TCP Query User{405DBE2A-E01C-4639-9080-DD698DB146CF}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{7652A2C7-8BE2-4A68-98A3-C372F86775B6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"{E838D742-B5D1-452B-A370-FFA43593B6AE}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{E041B6BC-D8ED-4704-8DE5-A583C3E3E13E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{7560F20C-B2F3-47C9-8F91-6710207530E2}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{9B3559D3-32B3-445E-A4FD-7BA55AD3C26F}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{C8EA727A-164C-4DFF-B71B-69B89AB06B19}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{1D8B78BF-99E9-457A-BB66-75AECF48FDA0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2008-08-29 20480]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-30 99376]

R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [2008-11-30 106768]

R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111v.sys [2008-08-29 870400]

S2 msmsnkd;Microsoft Network Message Service;c:\windows\system32\msmsn.exe [2006-11-02 62976]

S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2008-08-29 21504]

S3 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-01-11 202872]

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

2008-11-29 c:\windows\Tasks\HPCeeScheduleForKAGE.job

- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-10-24 18:04]

2008-12-17 c:\windows\Tasks\Norton Security Scan for KAGE.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

.

- - - - ORPHANS REMOVED - - - -

BHO-{25875464-7327-417C-8264-902D99CF6FD1} - c:\program files\Search Enhancer Toolbar\NCL.dll

HKCU-Run-Aim6 - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-19 13:35:22

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2844)

c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\PSIService.exe

c:\windows\System32\drivers\XAudio.exe

c:\windows\System32\WUDFHost.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\hp\KBD\kbd.exe

.

**************************************************************************

.

Completion time: 2008-12-19 13:44:41 - machine was rebooted [KAGE]

ComboFix-quarantined-files.txt 2008-12-19 18:44:22

Pre-Run: 158,386,860,032 bytes free

Post-Run: 160,847,540,224 bytes free

256 --- E O F --- 2008-12-19 13:45:30

[XGraveX]

Here's the Hijackthis log No. 2

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:59:42 PM, on 12/19/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\hp\support\hpsysdrv.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\NETGEAR\WPN111\wpn111.exe

C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\rundll32.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Search Enhancer Toolbar - {BFB5F154-9212-46F3-B547-AC6106030A54} - C:\Program Files\Search Enhancer Toolbar\NCL.dll (file missing)

O3 - Toolbar: PSP Blender Toolbar - {d7df6ae0-d36c-4397-94ec-9f653bd4eda4} - C:\Program Files\PSP_Blender\tbPSP_.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1030024 -udxfytw.sys2.1 (User 'Default user')

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O4 - Global Startup: PolderbitS Audio Driver Monitor.lnk = C:\Program Files\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe

O13 - Gopher Prefix:

O15 - Trusted Zone: www.factoryfiles.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Microsoft Network Message Service (msmsnkd) - Unknown owner - C:\Windows\system32\msmsn.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8296 bytes

[Rorschach112]

Hello

Please download the OTMoveIt3 by OldTimer or from here.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Processes
  explorer.exe
  
  :Services
  msmsnkd
  
  :Reg
  
  :Files
  c:\windows\system32\msmsn.exe
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

  
  

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
     

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[XGraveX]

Ok, sorry it took so long to get back to this. I had pre-holiday running to do. I can't run that Kaspersky program because it says that I need to have a java add-on. I can give what i have as far as the save logs goes. Maybe you may have another site for me to visit to get that scan from?

Malwarebytes' Anti-Malware 1.31

Database version: 1531

Windows 6.0.6000

12/22/2008 10:44:01 AM

mbam-log-2008-12-22 (10-44-01).txt

Scan type: Quick Scan

Objects scanned: 48322

Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Infected: 7

Memory Modules Infected: 0

Registry Keys Infected: 25

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 14

Memory Processes Infected:

C:\Windows\System32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\noytcyr.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\roytctm.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\soxpeca.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\tdydowkc.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Windows\System32\wsldoekd.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\axloader.loader (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\axloader.loader.1 (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{326cfa75-1073-48e3-a411-221f72e8d76e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noytcyr (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\roytctm (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\soxpeca (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdydowkc (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsldoekd (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\msudf.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\tmpxr_357243519767.bk (Trojan.Refpron) -> Quarantined and deleted successfully.

C:\Windows\System32\ceswxfst.sys (RootKit.Clicker) -> Quarantined and deleted successfully.

C:\Windows\System32\tmpxr_215616270839.bk (Trojan.Refpron) -> Quarantined and deleted successfully.

C:\Windows\System32\tmpxr_25050380072.bk (Trojan.Refpron) -> Quarantined and deleted successfully.

C:\Windows\System32\tmpxr_8837160360.bk (Trojan.Refpron) -> Quarantined and deleted successfully.

C:\Windows\System32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\mabidwe.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\noytcyr.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\roytctm.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\soxpeca.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\tdydowkc.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\wsldoekd.exe (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.

And the OTMoveIt log.

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

Service msmsnkd stopped successfully.

Service msmsnkd deleted successfully.

========== REGISTRY ==========

========== FILES ==========

File move failed. c:\windows\system32\msmsn.exe scheduled to be moved on reboot.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\Windows\temp\mta101312.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta107838.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta112181.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta112646.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta121808.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta46351.dll scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\mta99440.dll scheduled to be deleted on reboot.

Windows Temp folder emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12222008_095834

Files moved on Reboot...

c:\windows\system32\msmsn.exe moved successfully.

File C:\Windows\temp\mta101312.dll not found!

File C:\Windows\temp\mta107838.dll not found!

File C:\Windows\temp\mta112181.dll not found!

File C:\Windows\temp\mta112646.dll not found!

File C:\Windows\temp\mta121808.dll not found!

File C:\Windows\temp\mta46351.dll not found!

File C:\Windows\temp\mta99440.dll not found!

[Rorschach112]

Try this

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
  
• Reboot your computer into SafeMode.
  
  You can do this by restarting your computer and continually tapping the
  F8
  key until a menu appears.
  
  
  Use your up arrow key to highlight SafeMode then hit
  enter
  .

  
  

• Double click the setup file to run it.
  
• Click Next to continue.
  
• It will by default install it to your desktop folder.Click Next.
  
• Hit ok at the prompt for scanning in Safe Mode.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked.
  

• 
  
• System Memory
  
  
• Startup Objects
  
  
• Disk Boot Sectors.
  
  
• My Computer.
  
  
• Also any other drives (Removable that you may have)
  
  

• Then click on Scan at the to right hand Corner.
  
• It will automatically Neutralize any objects found.
  
• If some objects are left unneutralized then click the button that says Neutralize all
  
• If it says it cannot be Neutralized then chooose The delete option when prompted.
  
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  Note: This tool will self uninstall when you close it so please save the log before closing it.