Virus Sending Out Thousand Of E-mail - Need Help

R

ramon12k

New Member
The woman sitting next to me at work mentioned her son's computer was not working, because of a computer virus. She said her son's computer had picked up some type of virus/spyware that was sending out thousands of e-mails and their internet provider had shut them down. I told her I would take a look at the computer since it has been sitting around for a couple of months.

I managed to install Malwarebytes which removed 170 items. I installed Symantec Endpoint which removed a couple items. I also ran ComboFix. I think I have the computer cleaned up. I am a computer repair beginner, and would like someone to check the logs for me. My co-worker will freak if the computer starts sending out thousands of e-mails again. It won't make for a pleasant work environment :) Please let me know if there is something else I should be running. Thanks.

Malwarebytes log:


Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5700.6

8/4/2010 9:15:56 PM
mbam-log-2010-08-04 (21-15-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 177894
Time elapsed: 23 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HiJack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:03 AM, on 8/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Stop-the-Pop-Up Lite\stopthepop.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Stop-the-Pop-Up Lite\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: madPROFI.lnk = C:\Program Files\madPROFI\madPROFI.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103078206303
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...6/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8386 bytes


ComboFix Log

ComboFix 10-08-03.04 - Dell Home Computer 08/04/2010 20:30:21.3.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.530 [GMT -4:00]
Running from: c:\documents and settings\Dell Home Computer\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-05 00:27 . 2010-08-05 00:27 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-04 19:25 . 2001-08-17 16:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-08-04 19:25 . 2001-08-17 16:12 16074 ----a-w- c:\windows\system32\drivers\FA312nd5.sys
2010-08-04 19:17 . 2001-08-17 16:12 117760 ----a-w- c:\windows\system32\drivers\e100b325.sys
2010-08-04 13:51 . 2010-08-04 13:51 -------- d-----w- c:\documents and settings\Dell Home Computer\Local Settings\Application Data\Symantec
2010-08-04 13:45 . 2010-08-04 13:46 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-04 13:45 . 2010-08-04 13:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-04 13:02 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-08-04 13:02 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-08-04 12:16 . 2010-08-04 12:16 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-02 13:00 . 2010-08-02 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-08-02 03:17 . 2010-08-02 03:17 -------- d-----w- c:\program files\Avira
2010-08-01 17:43 . 2010-08-01 17:43 -------- d-----w- C:\IUware Online
2010-08-01 17:37 . 2010-08-01 17:37 0 ----a-w- c:\windows\nsreg.dat
2010-08-01 17:37 . 2010-08-01 17:37 -------- d-----w- c:\documents and settings\Dell Home Computer\Local Settings\Application Data\Mozilla
2010-08-01 14:08 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-01 14:08 . 2010-08-01 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 14:08 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-01 14:03 . 2010-08-02 12:59 -------- d-----w- c:\documents and settings\Dell Home Computer\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 19:50 . 2008-07-12 17:57 -------- d-----w- c:\program files\Crawler
2010-08-04 19:43 . 2008-07-01 18:02 -------- d-----w- c:\program files\Spyware Terminator
2010-08-04 13:52 . 2004-11-15 20:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-04 13:51 . 2004-11-15 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-04 13:46 . 2004-11-15 20:35 -------- d-----w- c:\program files\Symantec
2010-08-04 13:46 . 2010-08-04 13:45 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-04 13:46 . 2010-08-04 13:45 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-02 12:29 . 2008-07-01 18:02 -------- d-----w- c:\documents and settings\Dell Home Computer\Application Data\Spyware Terminator
2010-08-01 18:27 . 2008-07-01 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
.
Code: 
<pre>
c:\program files\Desksware\Desktop iCal\calendar .exe
c:\program files\Sony\SonicStage\ssaad .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb04 .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-08-04_13.13.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:26 . 2006-12-02 04:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 02:56 . 2006-12-02 02:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2001-08-23 12:00 . 2010-08-04 13:14 58596 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-08-04 19:27 58596 c:\windows\system32\perfc009.dat
+ 2009-09-17 22:28 . 2009-09-17 22:28 87368 c:\windows\system32\FwsVpn.dll
+ 2009-09-03 20:03 . 2009-09-03 20:03 26416 c:\windows\system32\drivers\symredrv.sys
+ 2009-09-03 20:03 . 2009-09-03 20:03 38448 c:\windows\system32\drivers\symndisv.sys
+ 2009-09-03 20:03 . 2009-09-03 20:03 35120 c:\windows\system32\drivers\symndis.sys
+ 2009-09-03 20:03 . 2009-09-03 20:03 39856 c:\windows\system32\drivers\symids.sys
+ 2009-09-03 20:03 . 2009-09-03 20:03 12720 c:\windows\system32\drivers\symdns.sys
+ 2009-08-26 00:05 . 2009-08-26 00:05 43696 c:\windows\system32\drivers\srtspx.sys
+ 2009-07-14 16:51 . 2009-07-14 16:51 23888 c:\windows\system32\drivers\COH_Mon.sys
+ 2006-08-26 02:44 . 2006-08-26 02:44 89600 c:\windows\system32\atl71.dll
+ 2010-08-04 13:48 . 2010-08-04 13:48 21446 c:\windows\Installer\{2EFCC193-D915-4CCB-9201-31773A27BC06}\ARPPRODUCTICON.exe
+ 2006-12-02 02:54 . 2006-12-02 02:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 02:54 . 2006-12-02 02:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 02:54 . 2006-12-02 02:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2009-09-17 22:30 . 2009-09-17 22:30 107848 c:\windows\system32\SymVPN.dll
+ 2009-09-03 20:16 . 2009-09-03 20:16 242056 c:\windows\system32\SymRedir.dll
+ 2009-09-03 20:17 . 2009-09-03 20:17 625032 c:\windows\system32\SymNeti.dll
- 2001-08-23 12:00 . 2010-08-04 13:14 392296 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2010-08-04 19:27 392296 c:\windows\system32\perfh009.dat
- 2003-02-21 12:42 . 2003-02-21 12:42 348160 c:\windows\system32\msvcr71.dll
+ 2003-02-21 12:42 . 2007-03-22 00:33 348160 c:\windows\system32\MSVCR71.DLL
+ 2003-03-19 04:14 . 2007-03-22 00:33 503808 c:\windows\system32\MSVCP71.DLL
+ 2009-09-03 20:03 . 2009-09-03 20:03 188080 c:\windows\system32\drivers\symtdi.sys
+ 2009-09-03 20:03 . 2009-09-03 20:03 145968 c:\windows\system32\drivers\symfw.sys
+ 2009-08-26 00:05 . 2009-08-26 00:05 320560 c:\windows\system32\drivers\srtspl.sys
+ 2009-08-26 00:05 . 2009-08-26 00:05 281648 c:\windows\system32\drivers\srtsp.sys
+ 2006-08-30 21:24 . 2009-07-13 16:06 511328 c:\windows\system32\capicom.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2003-03-19 04:20 . 2007-03-22 00:39 1060864 c:\windows\system32\MFC71.DLL
- 2003-03-19 04:20 . 2003-03-19 04:20 1060864 c:\windows\system32\mfc71.dll
+ 2010-08-04 13:47 . 2010-08-04 13:47 15518208 c:\windows\Installer\218a71.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2001-12-21 307200]
"HydraVisionDesktopManager"="desk98.exe" [2001-11-09 217088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-07-30 1783808]
"sureshotpopupkiller"="c:\program files\Stop-the-Pop-Up Lite\stopthepop.exe" [2003-10-27 2256896]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-04 21:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 14:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-12-21 22:04 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [11/15/2004 4:20 PM 6942]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [7/1/2008 2:02 PM 141312]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/14/2010 2:18 PM 311568]
S2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [11/15/2004 4:20 PM 28672]
S2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/14/2008 2:54 PM 30152]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/4/2010 1:32 PM 102448]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: amazon.com\www
Trusted Zone: aol.com
Trusted Zone: bmwusa.com\www
Trusted Zone: bodoglife.com\casino
Trusted Zone: cardomain.com\www
Trusted Zone: carxtc.net
Trusted Zone: channeladvisor.com\marketplaceadvisor
Trusted Zone: deluxe-downloads.com\www
Trusted Zone: dickies.com\www
Trusted Zone: dominos.com\www
Trusted Zone: download.com
Trusted Zone: ebay.com\www
Trusted Zone: firestonecompleteautocare.com\www
Trusted Zone: freesound.org\www
Trusted Zone: google.com\images
Trusted Zone: hifisoundconnection.com\www
Trusted Zone: justanswer.com\ford
Trusted Zone: kinetikaudio.com\www
Trusted Zone: libertyautosalvage.com
Trusted Zone: magmypic.com\www
Trusted Zone: myspace.com\www
Trusted Zone: nextstepmagazine.com\www
Trusted Zone: oznium.com\www
Trusted Zone: rapidlibrary.com
Trusted Zone: realmofexcursion.com
Trusted Zone: soundclick.com\www
Trusted Zone: sp2.org\www
Trusted Zone: spankwire.com\www
Trusted Zone: ssts.com\iiod
Trusted Zone: sylvania.com\www
Trusted Zone: thugzone.com
Trusted Zone: vioc.com\www
Trusted Zone: walmartstores.com\hiringcenter
Trusted Zone: zippyshare.com\www20
Trusted Zone: zshare.net\www
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Dell Home Computer\Application Data\Mozilla\Firefox\Profiles\py192ywy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 20:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(220)
c:\windows\System32\NavLogon.dll

- - - - - - - > 'explorer.exe'(1888)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2010-08-04 20:37:55
ComboFix-quarantined-files.txt 2010-08-05 00:37
ComboFix2.txt 2010-08-04 22:53
ComboFix3.txt 2010-08-04 13:19

Pre-Run: 4,371,025,920 bytes free
Post-Run: 4,365,225,984 bytes free

- - End Of File - - 8888396853E822829CD56F3376077208
 
Last edited:
Your malwarebytes definitions are way outdated. Open malwarebytes, click on the update tab, click on check for updates. Keep updating until it says you have the latest version and then rescan your system and post new malwarebytes and hijackthis logs. Also post an uninstall list using hijackthis.

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it, copy and past the log back as well.
 
Thank you for the help. I believe I have all the logs you asked for.

Malwarebytes log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4440

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5700.6

8/17/2010 3:42:40 PM
mbam-log-2010-08-17 (15-42-40).txt

Scan type: Full scan (C:\|)
Objects scanned: 198607
Time elapsed: 1 hour(s), 10 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Dell Home Computer\Desktop\DESKTOP CRAP\Acoustica_MIXCRAFT_Recording_Studio_v1-0-(Build-10)+Crack\Acoustica_MIXCRAFT_Recording_Studio_v1-0-(Build-8)---Keygen\keymaker.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:39 PM, on 8/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Stop-the-Pop-Up Lite\stopthepop.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Stop-the-Pop-Up Lite\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: madPROFI.lnk = C:\Program Files\madPROFI\madPROFI.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103078206303
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...6/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8306 bytes


Uninstall List

7-Zip 4.65
Acoustica Effects Pack
Acoustica Mixcraft
Adobe Acrobat 6.0 Professional
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 10 ActiveX
ATI Display Driver
Crawler Toolbar with Web Security Guard
Dell ResourceCD
Desktop iCalendar Lite 1.1.0
ExtractNow
FL Studio 5
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HydraVision
IObit Security 360
iTunes
Java(TM) 6 Update 11
Lexmark 7300 Series
LimeWire PRO 4.10.0
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MixMeister BPM Analyzer 1.0
Mootcher
Mozilla Firefox (3.6.8)
MSN Music Assistant
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
QuickTime
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SonicStage 3.0
Sony Picture Utility
SoundMAX
Spyware Terminator
Stop-the-Pop-Up Lite
Symantec Endpoint Protection
Tunatic
Update for Windows XP (KB951072-v2)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinISD Pro [alpha]
 
Please uninstall the following entries via add/remove programs in control panel.

Adobe Acrobat 6.0 Professional - Outdated with vulnerabilities
Crawler Toolbar with Web Security Guard - adware
Java(TM) 6 Update 11 - outdated java
Stop-the-Pop-Up Lite - Not recommended, use google toolbar
Viewpoint Manager (Remove Only) - foistware
Viewpoint Media Player - foistware

Please rerun hijackthis and place checks next to the following entries.

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user'
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Then click on fix checked at the bottom.
 
I believe this is the original Malwarebytes log :

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5700.6

8/1/2010 1:18:06 PM
mbam-log-2010-08-01 (13-18-06).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 184086
Time elapsed: 37 minute(s), 52 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 182

Memory Processes Infected:
C:\WINDOWS\system32\uec.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\g68vortpwvk9 .exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\g68vorupwv49.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\termddd (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_TDIFW_DRV (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tdifw_drv (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_TDIFW_DRV (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdisp.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gasfkytcaeqodf (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hpdj taskbar utility (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\g68vorwpwv40 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\icalendar (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\termddd.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\g68vorupwv49.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\uec.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\g68vortpwvk9 .exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Sony\SonicStage\ssaad.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\g68vortpwvk9.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell Home Computer\ati2mdxx .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell Home Computer\ati2mdxx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell Home Computer\atiptaxx .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell Home Computer\atiptaxx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell Home Computer\desk98 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell Home Computer\desk98.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell Home Computer\qjhq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe75 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe79 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe83 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe85 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe882 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe92 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe94 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe10829 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe115 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe121 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe1372 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe165 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe208161 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe230 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe233 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe2516 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe255 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe39 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe3914274 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe42 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe43 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe443695 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe449764 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe469364 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe50 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe51 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe616 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe63963 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe64 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe66 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe67 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe678071 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe6896 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Desksware\Desktop iCal\calendar.exe73 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1990\A0125524.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1990\A0125525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1990\A0125526.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1990\A0125528.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1990\A0125529.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1990\A0125530.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1990\A0125531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1990\A0125532.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124528.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0123483.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0123484.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0123486.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0123487.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0123488.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0123489.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0123490.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0123491.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124483.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124484.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124485.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124486.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124487.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124489.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124490.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124491.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124524.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124526.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124527.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124529.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124530.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1978\A0124531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1992\A0126523.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1992\A0126525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1992\A0126526.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1992\A0126527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1992\A0126528.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1992\A0126530.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1992\A0126531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1992\A0126532.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1996\A0127524.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1996\A0127525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1996\A0127526.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1996\A0127527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1996\A0127528.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1996\A0127529.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1996\A0127531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP1996\A0127532.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2008\A0128524.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2008\A0128525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2008\A0128526.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2008\A0128527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2008\A0128528.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2008\A0128529.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2008\A0128531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2008\A0128532.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2009\A0129524.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2009\A0129525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2009\A0129526.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2009\A0129527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2009\A0129528.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2009\A0129530.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2009\A0129531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2009\A0129532.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2012\A0130524.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2012\A0130525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2012\A0130526.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2012\A0130527.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2012\A0130528.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2012\A0130529.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2012\A0130530.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2012\A0130532.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130553.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130571.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130589.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130545.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130546.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130547.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130549.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130550.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130551.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130552.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130565.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130566.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130567.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130568.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130569.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130572.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130573.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130586.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130587.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130588.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130590.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130592.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130594.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2013\A0130595.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2014\A0130640.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2014\A0130641.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2014\A0130643.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2014\A0130644.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2014\A0130645.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2014\A0130646.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2014\A0130647.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2014\A0130648.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131587.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131588.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131589.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131590.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131591.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131593.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131594.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131595.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131607.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131608.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131609.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131610.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131612.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131613.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131614.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{40BE5D47-CA41-4902-AA1D-C339AAE5A657}\RP2016\A0131615.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcjpoj0er57 .exe (Trojan.Kriptik) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\g68vortpwvk9.exe896 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdisp.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkyonnoffnm.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkyvoncsqxa.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkyxeoabnpa.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gasfkywimxghrd.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\tdifw_drv.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkyaoobbgio.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkyrkaudmvc.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.
 
HiJack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:43 AM, on 8/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Stop-the-Pop-Up Lite\stopthepop.exe" -minimized
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: madPROFI.lnk = C:\Program Files\madPROFI\madPROFI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103078206303
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 5944 bytes
 
Looks like this program could be your issue, I would recommend to uninstall it.

Desktop iCalendar Lite 1.1.0

Also rerun hijackthis and place checks next to the following entries.

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

Then click on fix checked.

I see that the stop the popup program is still listed, did you uninstall that yet?

I would also download the latest combofix file and run it and post the log from it.

http://download.bleepingcomputer.co...d37a0342246cb538a133e24/4c6be4a6/ComboFix.exe
 
I removed the Desktop iCalendar Lite 1.1.0. I also took care of the HiJack This and popup program. Here is the ComboFix Log:

ComboFix Log

ComboFix 10-08-17.04 - Dell Home Computer 08/18/2010 12:47:11.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.472 [GMT -4:00]
Running from: c:\documents and settings\Dell Home Computer\My Documents\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\twext.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-05 00:27 . 2010-08-05 00:27 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-04 19:25 . 2001-08-17 16:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-08-04 19:25 . 2001-08-17 16:12 16074 ----a-w- c:\windows\system32\drivers\FA312nd5.sys
2010-08-04 19:17 . 2001-08-17 16:12 117760 ----a-w- c:\windows\system32\drivers\e100b325.sys
2010-08-04 13:51 . 2010-08-04 13:51 -------- d-----w- c:\documents and settings\Dell Home Computer\Local Settings\Application Data\Symantec
2010-08-04 13:45 . 2010-08-04 13:46 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-04 13:45 . 2010-08-04 13:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-04 13:02 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-08-04 13:02 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-08-04 12:16 . 2010-08-04 12:16 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-02 13:00 . 2010-08-02 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-08-01 17:43 . 2010-08-01 17:43 -------- d-----w- C:\IUware Online
2010-08-01 17:37 . 2010-08-01 17:37 0 ----a-w- c:\windows\nsreg.dat
2010-08-01 17:37 . 2010-08-01 17:37 -------- d-----w- c:\documents and settings\Dell Home Computer\Local Settings\Application Data\Mozilla
2010-08-01 14:08 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-01 14:08 . 2010-08-17 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 14:08 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-01 14:03 . 2010-08-02 12:59 -------- d-----w- c:\documents and settings\Dell Home Computer\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 12:58 . 2007-07-01 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-18 12:58 . 2007-07-01 14:48 -------- d-----w- c:\program files\Viewpoint
2010-08-18 12:56 . 2005-03-04 01:41 -------- d-----w- c:\program files\Java
2010-08-18 12:54 . 2008-07-12 17:57 -------- d-----w- c:\program files\Crawler
2010-08-18 12:51 . 2004-11-16 16:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-04 19:43 . 2008-07-01 18:02 -------- d-----w- c:\program files\Spyware Terminator
2010-08-04 13:52 . 2004-11-15 20:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-04 13:51 . 2004-11-15 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-04 13:46 . 2004-11-15 20:35 -------- d-----w- c:\program files\Symantec
2010-08-04 13:46 . 2010-08-04 13:45 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-04 13:46 . 2010-08-04 13:45 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-02 12:29 . 2008-07-01 18:02 -------- d-----w- c:\documents and settings\Dell Home Computer\Application Data\Spyware Terminator
2010-08-01 18:27 . 2008-07-01 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
.
Code: 
<pre>
c:\program files\Desksware\Desktop iCal\calendar .exe
c:\program files\Sony\SonicStage\ssaad .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb04 .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-08-04_13.13.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08 . 2006-12-02 04:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:26 . 2006-12-02 04:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 02:56 . 2006-12-02 02:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2001-08-23 12:00 . 2010-08-04 19:27 58596 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2010-08-04 13:14 58596 c:\windows\system32\perfc009.dat
+ 2009-09-17 22:28 . 2009-09-17 22:28 87368 c:\windows\system32\FwsVpn.dll
+ 2009-09-03 20:03 . 2009-09-03 20:03 26416 c:\windows\system32\drivers\symredrv.sys
+ 2009-09-03 20:03 . 2009-09-03 20:03 38448 c:\windows\system32\drivers\symndisv.sys
+ 2009-09-03 20:03 . 2009-09-03 20:03 35120 c:\windows\system32\drivers\symndis.sys
+ 2009-09-03 20:03 . 2009-09-03 20:03 39856 c:\windows\system32\drivers\symids.sys
+ 2009-09-03 20:03 . 2009-09-03 20:03 12720 c:\windows\system32\drivers\symdns.sys
+ 2009-08-26 00:05 . 2009-08-26 00:05 43696 c:\windows\system32\drivers\srtspx.sys
+ 2009-07-14 16:51 . 2009-07-14 16:51 23888 c:\windows\system32\drivers\COH_Mon.sys
+ 2006-08-26 02:44 . 2006-08-26 02:44 89600 c:\windows\system32\atl71.dll
+ 2010-08-04 13:48 . 2010-08-04 13:48 21446 c:\windows\Installer\{2EFCC193-D915-4CCB-9201-31773A27BC06}\ARPPRODUCTICON.exe
+ 2006-12-02 02:54 . 2006-12-02 02:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 02:54 . 2006-12-02 02:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 02:54 . 2006-12-02 02:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2009-09-17 22:30 . 2009-09-17 22:30 107848 c:\windows\system32\SymVPN.dll
+ 2009-09-03 20:16 . 2009-09-03 20:16 242056 c:\windows\system32\SymRedir.dll
+ 2009-09-03 20:17 . 2009-09-03 20:17 625032 c:\windows\system32\SymNeti.dll
+ 2001-08-23 12:00 . 2010-08-04 19:27 392296 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-08-04 13:14 392296 c:\windows\system32\perfh009.dat
- 2003-02-21 12:42 . 2003-02-21 12:42 348160 c:\windows\system32\msvcr71.dll
+ 2003-02-21 12:42 . 2007-03-22 00:33 348160 c:\windows\system32\MSVCR71.DLL
+ 2003-03-19 04:14 . 2007-03-22 00:33 503808 c:\windows\system32\MSVCP71.DLL
+ 2004-11-15 12:01 . 2010-08-18 13:02 118152 c:\windows\system32\FNTCACHE.DAT
+ 2009-09-03 20:03 . 2009-09-03 20:03 188080 c:\windows\system32\drivers\symtdi.sys
+ 2009-09-03 20:03 . 2009-09-03 20:03 145968 c:\windows\system32\drivers\symfw.sys
+ 2009-08-26 00:05 . 2009-08-26 00:05 320560 c:\windows\system32\drivers\srtspl.sys
+ 2009-08-26 00:05 . 2009-08-26 00:05 281648 c:\windows\system32\drivers\srtsp.sys
+ 2006-08-30 21:24 . 2009-07-13 16:06 511328 c:\windows\system32\capicom.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25 . 2006-12-02 04:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2003-03-19 04:20 . 2003-03-19 04:20 1060864 c:\windows\system32\mfc71.dll
+ 2003-03-19 04:20 . 2007-03-22 00:39 1060864 c:\windows\system32\MFC71.DLL
+ 2010-08-04 13:47 . 2010-08-04 13:47 15518208 c:\windows\Installer\218a71.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2001-12-21 307200]
"HydraVisionDesktopManager"="desk98.exe" [2001-11-09 217088]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-07-30 1783808]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-04 21:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 14:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre6\bin\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [7/1/2008 2:02 PM 141312]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [4/14/2010 2:18 PM 311568]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [11/15/2004 4:20 PM 28672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/4/2010 1:32 PM 102448]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [11/15/2004 4:20 PM 6942]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: amazon.com\www
Trusted Zone: aol.com
Trusted Zone: bmwusa.com\www
Trusted Zone: bodoglife.com\casino
Trusted Zone: cardomain.com\www
Trusted Zone: carxtc.net
Trusted Zone: channeladvisor.com\marketplaceadvisor
Trusted Zone: deluxe-downloads.com\www
Trusted Zone: dickies.com\www
Trusted Zone: dominos.com\www
Trusted Zone: download.com
Trusted Zone: ebay.com\www
Trusted Zone: firestonecompleteautocare.com\www
Trusted Zone: freesound.org\www
Trusted Zone: google.com\images
Trusted Zone: hifisoundconnection.com\www
Trusted Zone: justanswer.com\ford
Trusted Zone: kinetikaudio.com\www
Trusted Zone: libertyautosalvage.com
Trusted Zone: magmypic.com\www
Trusted Zone: myspace.com\www
Trusted Zone: nextstepmagazine.com\www
Trusted Zone: oznium.com\www
Trusted Zone: rapidlibrary.com
Trusted Zone: realmofexcursion.com
Trusted Zone: soundclick.com\www
Trusted Zone: sp2.org\www
Trusted Zone: spankwire.com\www
Trusted Zone: ssts.com\iiod
Trusted Zone: sylvania.com\www
Trusted Zone: thugzone.com
Trusted Zone: vioc.com\www
Trusted Zone: walmartstores.com\hiringcenter
Trusted Zone: zippyshare.com\www20
Trusted Zone: zshare.net\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Dell Home Computer\Application Data\Mozilla\Firefox\Profiles\py192ywy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-18 12:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\windows\System32\NavLogon.dll
.
Completion time: 2010-08-18 12:56:46
ComboFix-quarantined-files.txt 2010-08-18 16:56
ComboFix2.txt 2010-08-05 00:37
ComboFix3.txt 2010-08-04 22:53
ComboFix4.txt 2010-08-04 13:19

Pre-Run: 3,425,755,136 bytes free
Post-Run: 3,416,748,032 bytes free

- - End Of File - - 7791B5C5C39B5DACCEA7C0AE3C6C21BD
 
Go into internet options for internet explorer and click on the security tab, then click on the trusted sites zone and then click on the sites button, then remove all sites listed as you really shouldn't have any trusted sites listed. If you look in the combofix log there are some bad sites listed as trusted, especially the one in red.

Trusted Zone: amazon.com\www
Trusted Zone: aol.com
Trusted Zone: bmwusa.com\www
Trusted Zone: bodoglife.com\casino
Trusted Zone: cardomain.com\www
Trusted Zone: carxtc.net
Trusted Zone: channeladvisor.com\marketplaceadvisor
Trusted Zone: deluxe-downloads.com\www
Trusted Zone: dickies.com\www
Trusted Zone: dominos.com\www
Trusted Zone: download.com
Trusted Zone: ebay.com\www
Trusted Zone: firestonecompleteautocare.com\www
Trusted Zone: freesound.org\www
Trusted Zone: google.com\images
Trusted Zone: hifisoundconnection.com\www
Trusted Zone: justanswer.com\ford
Trusted Zone: kinetikaudio.com\www
Trusted Zone: libertyautosalvage.com
Trusted Zone: magmypic.com\www
Trusted Zone: myspace.com\www
Trusted Zone: nextstepmagazine.com\www
Trusted Zone: oznium.com\www
Trusted Zone: rapidlibrary.com
Trusted Zone: realmofexcursion.com
Trusted Zone: soundclick.com\www
Trusted Zone: sp2.org\www
Trusted Zone: spankwire.com\www
Trusted Zone: ssts.com\iiod
Trusted Zone: sylvania.com\www
Trusted Zone: thugzone.com
Trusted Zone: vioc.com\www
Trusted Zone: walmartstores.com\hiringcenter
Trusted Zone: zippyshare.com\www20
Trusted Zone: zshare.net\www

After removing the trusted sites please post a fresh hijackthis log. I'm hoping this concludes the fixes.
 
I have removed all the sites listed in the trusted sites zone. Here is the latest HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:24 AM, on 8/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - Startup: madPROFI.lnk = C:\Program Files\madPROFI\madPROFI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103078206303
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 5879 bytes
 
Have hijackthis fix these entries.

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.ex e
O4 - Startup: madPROFI.lnk = C:\Program Files\madPROFI\madPROFI.exe - this process can be started manually and doesn't have to be started when computer starts up.

Then click on fix checked at the bottom.

There is still one program that is dangerous to be using and that is limewire pro. This is a file sharing program and if you aren't careful you can download and run malicious software that can get this computer back to being screwed up again.

I'm not saying to uninstall it, but just let the owner know its not really safe to be running this program.
 
I will let the owner know about limewire pro.

I really appreciate the time you have spent helping me, and my co-worker's son will be really excited to get back his computer :)
 
You must log in or register to reply here.
Back
Top