Can someone please help me or point me in the right direction?

[Dustin92]

Can anyone tell me hat programs i should get rid of on this HIjackthis log? i want to do everything to get rid of a virus or tacking trojan that is attacking my computer. I also download and play a lot free online FPS games. Is there anyway i can improve and get the MOST PERFORMANCE while i am playing. I got this emachines desktop and i wanto to do anything possible to it that will improve performance. Is there a way to improve this with using the stock computer components with me not having to spend a dime?

Here is the Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:46 PM, on 4/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\users\dustin\appdata\local\quznpdzsc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Downloaded Program Files\gatelauncher.exe
C:\Users\Dustin\AppData\Local\Temp\fsgk32.exe
C:\Users\Dustin\AppData\Local\Temp\fssm32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runryder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [quznpdzsc] c:\users\dustin\appdata\local\quznpdzsc.exe quznpdzsc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8148 bytes

Thanks to anyone who helps in advance

 

[Dustin92]

I also wantd to mention that i have these stupid pop up windows that come up when i am typing. How can i stop these?also here is the computer that i have:

http://www.emachines.com/products/products.html?prod=W5243

 

[ceewi1]

There is a suspicious file showing in your log.

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\users\dustin\appdata\local\quznpdzsc.exe

Then click Send File. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If that scanner is busy, please use this one: http://virusscan.jotti.org

 

[Dustin92]

i get a message that says that it can't seem to find quznpdzsc.exe and that is the only one it can't find

 

[Dustin92]

Can someone pleas help me out with this problem

 

[ceewi1]

In that case I'd like to see the results of another scan. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

 

[Dustin92]

alright i will download that right when i get home. Do you have any ideas for speeding up my gameplay so i do not lag at all?

 

[Dustin92]

Well i downloaded combofix...but it went through all of the scans and did it things but it said it had to reboot the computer and it has been on the dame screen since last night. It has done nothing different and does not look like it is going to do anything. My computer did not freeze up becasue i can move the mouse around and the little blinker on the combofix screen is blinking. Is this normal? Should it take this long? It said it took care of the file guzn? what ever it was?I mean the combofix screen is the only on on the screen? All of my icons and background tasks are gone? Is this normal? Should i restart my computer?

 

[ceewi1]

No, the ComboFix scan shouldn't take more than about 10 minutes. Try restarting the computer. See if the file C:\ComboFix.txt has been created and post the contents if it has.

 

[Dustin92]

Yea i was really wondering why it was taking so long. I will try restarting it when i get home.

 

[Dustin92]

alright this is the log that combo fix came up with after i restarted the computer:

ComboFix 08-04-13.3 - Dustin 2008-04-14 21:42:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.253 [GMT -4:00]
Running from: C:\Users\Dustin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Dustin\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Users\Dustin\AppData\Local\quznpdzsc.dat
C:\Users\Dustin\AppData\Local\quznpdzsc.exe
c:\Users\Dustin\AppData\Local\quznpdzsc_nav.dat
C:\Users\Dustin\AppData\Local\quznpdzsc_navps.dat
C:\Windows\system32\nvs2.inf
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PortProxy


((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 15:44 . 2008-04-15 15:44 <DIR> d-------- C:\Users\Dustin\Program Files
2008-04-14 18:23 . 2008-04-15 15:35 <DIR> d-------- C:\Users\Dustin\AppData\Roaming\DNA
2008-04-14 18:23 . 2008-04-15 15:40 <DIR> d-------- C:\Users\Dustin\AppData\Roaming\BitTorrent
2008-04-14 18:23 . 2008-04-14 18:23 <DIR> d-------- C:\Program Files\DNA
2008-04-14 18:23 . 2008-04-14 18:23 <DIR> d-------- C:\Program Files\BitTorrent
2008-04-12 22:40 . 2008-04-12 22:40 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-04-12 22:40 . 2008-04-12 22:40 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-04-12 21:51 . 2008-04-12 21:51 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-12 21:51 . 2008-04-12 21:52 <DIR> d-------- C:\Program Files\CCleaner
2008-04-12 21:35 . 2008-04-12 21:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 15:29 . 2008-04-14 20:22 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-04-12 15:29 . 2008-04-14 20:22 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-04-12 15:28 . 2008-04-12 15:28 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-04-12 14:00 . 2008-04-12 15:27 <DIR> d-------- C:\Program Files\WarRock
2008-04-12 13:58 . 2008-04-12 13:58 <DIR> d-------- C:\Users\Dustin\AppData\Roaming\InstallShield
2008-04-11 22:24 . 2008-04-11 22:24 <DIR> d-------- C:\My Archives
2008-04-11 21:52 . 2008-04-11 21:52 528 -ra------ C:\MediaID.bin
2008-04-09 15:37 . 2008-04-09 15:37 <DIR> d-------- C:\Program Files\Softnyx
2008-04-09 03:13 . 2008-04-09 03:13 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 03:13 . 2008-04-09 03:13 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 03:13 . 2008-04-09 03:13 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 03:13 . 2008-04-09 03:13 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 03:13 . 2008-04-09 03:13 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 03:13 . 2008-04-09 03:13 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 03:13 . 2008-04-09 03:13 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 03:13 . 2008-04-09 03:13 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 03:13 . 2008-04-09 03:13 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 03:12 . 2008-04-09 03:12 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-09 03:11 . 2008-04-09 03:11 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 03:07 . 2008-04-09 03:07 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-09 03:07 . 2008-04-09 03:07 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-09 03:04 . 2008-04-09 03:04 826,368 --a------ C:\Windows\System32\wininet.dll
2008-04-07 16:59 . 2008-04-14 18:16 <DIR> d-------- C:\Program Files\MAIET
2008-04-05 22:38 . 2008-04-13 20:32 31 --a------ C:\Windows\GunzLauncher.INI
2008-04-04 22:50 . 2007-06-21 18:59 58,776 --a------ C:\Windows\System32\ijjiPlugin2.dll
2008-04-04 22:49 . 2008-04-04 22:49 <DIR> d-------- C:\Program Files\NHN USA
2008-04-04 22:49 . 2008-01-16 18:25 679,936 --a------ C:\Windows\System32\ijjiSetup.exe
2008-04-04 20:32 . 2007-11-15 18:46 87,352 --a------ C:\Windows\System32\LMIinit.dll
2008-04-04 20:32 . 2007-11-15 18:46 83,288 --a------ C:\Windows\System32\LMIRfsClientNP.dll
2008-04-04 20:32 . 2007-08-03 15:09 46,112 --a------ C:\Windows\System32\drivers\LMIRfsDriver.sys
2008-04-04 20:32 . 2007-11-15 18:46 21,496 --a------ C:\Windows\System32\LMIport.dll
2008-04-04 20:32 . 2008-04-04 20:32 1,024 --a------ C:\.rnd
2008-04-04 20:31 . 2008-04-15 00:01 <DIR> d-------- C:\Program Files\LogMeIn
2008-04-04 17:31 . 2008-04-04 17:31 41,296 --a------ C:\Windows\System32\xfcodec.dll
2008-04-04 16:29 . 2008-04-04 16:36 <DIR> d-------- C:\Users\Dustin\AppData\Roaming\SpywareStop
2008-04-03 19:23 . 2008-04-03 19:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-04-03 19:22 . 2003-07-19 02:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-04-03 19:22 . 2005-01-02 17:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-04-03 17:24 . 2008-04-05 22:11 <DIR> d--h----- C:\Users\Dustin\AppData\Roaming\ijjigame
2008-04-03 17:05 . 2008-04-03 17:05 <DIR> d-------- C:\ijji
2008-04-03 16:03 . 2008-04-04 21:10 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-03 16:03 . 2008-04-04 21:10 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-02 22:16 . 2008-04-02 22:16 <DIR> d-------- C:\Users\All Users\IJJIGame
2008-04-02 22:16 . 2008-04-02 22:16 <DIR> d-------- C:\ProgramData\IJJIGame
2008-04-02 21:41 . 2008-04-02 21:41 0 --a------ C:\Windows\nsreg.dat
2008-03-29 17:04 . 2008-03-29 21:23 <DIR> d-------- C:\Users\Dustin\AppData\Roaming\gtk-2.0
2008-03-29 17:04 . 2008-03-29 17:04 <DIR> d-------- C:\Users\Dustin\.thumbnails
2008-03-29 17:01 . 2008-03-29 21:32 <DIR> d-------- C:\Users\Dustin\.gimp-2.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 17:39 --------- d-----w C:\ProgramData\Symantec
2008-04-13 18:17 --------- d-----w C:\Users\Dustin\AppData\Roaming\Spare Backup
2008-04-12 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 02:07 --------- d-s---w C:\Program Files\Xfire
2008-04-12 02:07 --------- d-----w C:\Users\Dustin\AppData\Roaming\Xfire
2008-04-12 02:07 --------- d-----w C:\ProgramData\Xfire
2008-04-12 02:07 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-12 02:07 --------- d-----w C:\Program Files\Windows Mail
2008-04-12 02:07 --------- d-----w C:\Program Files\Microsoft Works
2008-04-12 02:07 --------- d-----w C:\Program Files\Google
2008-04-11 20:47 --------- d-----w C:\ProgramData\WildTangent
2008-04-09 07:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 07:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-09 07:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-03 22:55 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-03 22:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-03 19:44 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-04-03 19:44 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-04-03 19:44 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-04-03 19:44 --------- d-----w C:\Program Files\Symantec
2008-04-03 02:08 --------- d-----w C:\Program Files\Common Files\KnifeEdge
2008-04-02 01:20 --------- d-----w C:\Program Files\RealFlightG3
2008-03-12 07:01 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-12 07:01 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-08 01:11 --------- d-----w C:\Users\Dustin\AppData\Roaming\PeerNetworking
2008-03-08 00:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-07 01:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-03-02 20:47 --------- d-----w C:\Users\Dustin\AppData\Roaming\flightgear.org
2008-03-02 20:39 --------- d-----w C:\Program Files\FlightGear
2008-03-02 13:08 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-02 00:40 --------- d-----w C:\Users\Dustin\AppData\Roaming\SampleView
2008-03-02 00:19 --------- d-----w C:\Program Files\EA GAMES
2008-03-01 23:12 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-01 23:08 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-03-01 23:05 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-01 23:05 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-01 23:05 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-01 23:05 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-01 23:05 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-01 23:05 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-01 23:05 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-01 23:05 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-03-01 23:05 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-01 23:05 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-01 23:05 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-03-01 23:05 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-01 23:03 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-01 23:03 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-01 22:58 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-03-01 22:58 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-03-01 22:58 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-01 22:58 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-03-01 22:58 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-03-01 22:58 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-03-01 22:58 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-03-01 22:58 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-03-01 22:58 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-03-01 22:51 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-01 22:51 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-01 22:51 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-01 22:51 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-01 22:51 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-01 22:51 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-01 22:51 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-01 22:51 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-01 22:51 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-01 22:51 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-01 22:51 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-01 22:51 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-01 22:50 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-01 22:50 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-01 22:50 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-01 22:50 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-01 22:50 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-01 22:50 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-01 22:50 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-01 22:50 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-01 22:50 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-01 22:49 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-01 22:49 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-01 22:49 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-01 22:49 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-01 22:49 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-01 22:49 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-01 22:49 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-01 22:49 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-01 22:49 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-01 22:49 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-01 22:46 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-01 22:46 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-01 22:46 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-01 22:46 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-01 22:45 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-01 22:43 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-01 22:30 --------- d-----w C:\Program Files\Microsoft Games
2008-03-01 22:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-01 22:18 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-01 22:18 43,352 ----a-w C:\Windows\System32\wups2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 08:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-01 19:43 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 08:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 08:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"BitTorrent DNA"="C:\Users\Dustin\Program Files\DNA\btdna.exe" [2008-04-15 15:44 288576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-20 22:24 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-05 10:15 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-05 10:15 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-05 10:15 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 03:51 4435968 C:\Windows\RtHDVCpl.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-20 21:48 1838592]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-09-13 20:22 5252936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AEED5B4A-EF0E-4168-9168-2C710E6FB6A2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CD4EE274-B2C9-465E-9A70-01DBF2E619AF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{907FB676-B19B-49CC-91BE-83C6D451B215}C:\\program files\\ea games\\medal of honor pacific assault(tm)\\mohpa.exe"= UDP:C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm)
"UDP Query User{B3121122-9C96-4026-8599-0C9C468DB245}C:\\program files\\ea games\\medal of honor pacific assault(tm)\\mohpa.exe"= TCP:C:\program files\ea games\medal of honor pacific assault(tm)\mohpa.exe:Medal of Honor Pacific Assault(tm)
"{448AB2C6-3284-466C-8DE9-44C604BCB00D}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{69C1DBE9-7617-4EC3-B236-B2866FC8D413}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{429F26F3-9F91-40B4-8F73-A6B85F9EB647}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{358FCD61-CD6B-4209-BC71-8958D5979D7B}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080411.002\IDSvix86.sys [2008-02-13 12:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 01:50]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 09:52:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Dustin.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-15 07:00:00 C:\Windows\Tasks\SpywareStop Scheduled Scan.job"
- C:\Program Files\SpywareStop\SpywareStop.ex
- C:\Program Files\SpywareStop.DustinWRuns SpywareStop to scan your computer for malicious and potenially unwanted programs.
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 15:45:07
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-04-15 15:47:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 19:47:28

Pre-Run: 161,604,509,696 bytes free
Post-Run: 159,999,234,048 bytes free
.
2008-04-12 06:23:30 --- E O F ---

 

[Dustin92]

i did not put the smilies in either

 

[ceewi1]

That's fine, the smilies are added by the forum software misinterpreting the ComboFix log. It looks like ComboFix has removed the infection, but please post a new HijackThis log as well.

With regards to speeding up your games, I'll need a little more information. Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the right-hand side. Then copy the URL provided and post it here for me.

 

[Dustin92]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:46 PM, on 4/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BigFix\bigfix.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\users\dustin\appdata\local\quznpdzsc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Downloaded Program Files\gatelauncher.exe
C:\Users\Dustin\AppData\Local\Temp\fsgk32.exe
C:\Users\Dustin\AppData\Local\Temp\fssm32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runryder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [quznpdzsc] c:\users\dustin\appdata\local\quznpdzsc.exe quznpdzsc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8148 bytes

 

[ceewi1]

It looks like the offending files are still present, please do the following:

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:

• O4 - HKCU\..\Run: [quznpdzsc] c:\users\dustin\appdata\local\quznpdzsc.exe quznpdzsc

Please close all open windows except for HijackThis and choose Fix checked

Download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your Desktop.
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Code box below, and paste it into the Input script here: part of the window. Please do not include the word Code:
  
  

  [b]Files to delete:[/b]
  C:\Users\Dustin\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat
  C:\Users\Dustin\AppData\Local\quznpdzsc.dat
  C:\Users\Dustin\AppData\Local\quznpdzsc.exe
  c:\Users\Dustin\AppData\Local\quznpdzsc_nav.dat
  C:\Users\Dustin\AppData\Local\quznpdzsc_navps.dat
  C:\Windows\system32\nvs2.inf

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
• Please post the content of the logfile.

Please also delete the version of ComboFix you have and download a new one from http://download.bleepingcomputer.com/sUBs/ComboFix.exe. Try running it again, but if it's not making progress for about 10 minutes, reboot your computer.

Please post

• The Avenger log
• The ComboFix log, if it was able to run
• A new HijackThis log

 

[Dustin92]

Well here is the thing, i ran the hijack this scan and it only found the file in the log not the scan where i could place a check next to it.

 

[ceewi1]

Ah, that explains a lot. The log file in your most recent post is the same one as in your first. Try running HijackThis again and click on Do a system scan only. Click on the Save log button. Choose a location to save the log and post the contents here. If it's still showing the same date/time (Scan saved at 9:36:46 PM, on 4/12/2008), try this instead:

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

 

[Dustin92]

It keeps ont bringing the same log up :

C:\Users\Dustin\AppData\Local\Temp\fssm32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runryder.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W5243
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [quznpdzsc] c:\users\dustin\appdata\local\quznpdzsc.exe quznpdzsc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8148 bytes

 

[ceewi1]

OK, try running Deckard's System Scanner and posting the log as in my previous post.