false trojans or remove?

Did a Scan with malwarebytes and got this.........legit?

Malwarebytes' Anti-Malware 1.37
Database version: 2266
Windows 5.1.2600 Service Pack 3

6/13/2009 12:53:33 AM
mbam-log-2009-06-13 (00-53-28).txt

Scan type: Quick Scan
Objects scanned: 106650
Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50a70867-20df-45d5-81eb-e3e08bedd123} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{50a70867-20df-45d5-81eb-e3e08bedd123} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89e82d98-8dfa-4908-893d-b2ffa952c7d7} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{89e82d98-8dfa-4908-893d-b2ffa952c7d7} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce867828-5cc1-4e92-99c4-02ee2e1a7ca9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ce867828-5cc1-4e92-99c4-02ee2e1a7ca9} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe36ba93-3f00-4a00-a476-b7b6f60096b6} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe36ba93-3f00-4a00-a476-b7b6f60096b6} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe851c36-2edb-4007-8712-eb848f05959f} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe851c36-2edb-4007-8712-eb848f05959f} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

"No action taken"

Please press the "Remove selected" button in MBAM and let it delete everything it finds.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

how to I post the file since it is too big

Split it up into more than one post.

DDS (Ver_09-05-14.01) - NTFSx86
Run by John Tasinas at 12:16:40.87 on Sat 06/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.573 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Weather Add-in for Windows Live Toolbar\WeatherDataClient.exe
C:\Documents and Settings\John Tasinas\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://dell.myway.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {0A437B73-C519-4AC6-BF6C-976FD3E31FD0} - No File
BHO: {1172130F-0AB0-4D4E-8B63-5B1EFE7C2CF9} - No File
BHO: {11CF9A58-B6C6-495D-94C0-E193AF6A19FC} - No File
BHO: {184384EF-BA20-4BA4-86F0-3B7570C15444} - No File
BHO: {2730B2CF-2533-4AAC-B075-57DE533DB075} - No File
BHO: {2A042D21-2F43-4B86-A2D7-16756B9CD22B} - No File
BHO: {2D5E76F8-B3E7-4B3E-AD03-A4A249F5F8DF} - No File
BHO: {356A7A14-F695-4F8F-85FC-5494AA7114B7} - No File
BHO: {366B16B2-7AA6-444C-943D-1DBB35A1A9B3} - No File
BHO: {4631D05A-990C-4752-ADC5-AC46D1625377} - No File
BHO: {48D0E15C-A6ED-4283-A3FC-CB78C922404C} - No File
BHO: {4c21fbf0-da83-4298-adb8-82d018b8d58c} - c:\windows\system32\MFD71FRA.DLL
BHO: {520D22E2-E3EB-4A5B-81F6-DB54E161B1E8} - No File
BHO: {5a4e624b-a960-478d-8d07-0fb8cc21e1f9} - c:\windows\system32\MP43DMOE.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.134\coIEPlg.dll
BHO: {66D3D963-6C1C-4809-9A23-626E9984BB0B} - No File
BHO: {6bfb1a37-71cc-4b0b-945e-727475918c3e} - c:\windows\system32\psapi32.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.134\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7B3E2373-6A7E-4A18-BD08-26000800C045} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {82163F5D-BC32-4168-A7A5-91F549061E51} - No File
BHO: {8A3400D8-B84A-4C3E-A761-BAD675F23D49} - No File
BHO: {8B53318F-259A-4436-B9AE-7E34F0E0104C} - No File
BHO: {8B93A866-0C81-48A8-B9CC-40585651616E} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {942E0D83-6B0C-4F44-94BD-568A5C953415} - No File
BHO: {95865880-39C1-45A1-9503-81F7050F1364} - No File
BHO: {A5FB2B15-9420-49D7-A68A-84BBE2972815} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: {C4D1AE52-460B-4256-AE1F-682D60CD5FF4} - No File
BHO: {c8e975eb-7c02-4db9-854f-9baa904ecf96} - c:\windows\system32\qutil32.dll
BHO: {D9613065-FD61-4E31-A2D9-56259CF4CA92} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {EB4D7A57-7CC4-4F21-AAC5-5CE7B2ACEFC8} - No File
BHO: {ef78228c-5d74-4b27-9ef1-8a3a58007015} - c:\windows\system32\MFC72KOR.DLL
BHO: {FF35ADE7-87FA-4232-993D-256160109A15} - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.134\coIEPlg.dll
uRun: [P2kAutostart]
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: []
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\johnta~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207842728784
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EE2499C3-FE60-11D3-996B-0060081C6822} - hxxp://fspprodweb.corp.circuitcity.net/ikbweb/PscViewer.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.134\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

FIREFOX ===================

FF - ProfilePath - c:\docume~1\johnta~1\applic~1\mozilla\firefox\profiles\8wdv1e9j.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-13 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.086\SymEFA.sys [2009-3-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.086\BHDrvx86.sys [2009-3-3 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.086\cchpx86.sys [2009-3-3 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090610.006\IDSXpx86.sys [2009-6-12 276344]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.134\ccSvcHst.exe [2009-3-3 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090613.003\NAVENG.SYS [2009-6-13 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090613.003\NAVEX15.SYS [2009-6-13 876144]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\csvirta.sys --> c:\windows\system32\drivers\CSVirtA.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-7-23 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-7-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-7-23 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-7-23 23680]

=============== Created Last 30 ================

2009-06-13 11:51 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-13 01:08 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-13 01:02 -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-13 01:02 --d----- c:\program files\Lavasoft
2009-06-12 12:06 --d----- c:\docume~1\johnta~1\applic~1\Malwarebytes
2009-06-12 12:06 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 12:06 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-12 12:06 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-12 12:06 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 02:15 --d----- c:\program files\iPod
2009-05-30 11:14 --d----- c:\program files\True Audio
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-23 13:32 --d----- c:\program files\common files\Adobe Systems Shared
2009-05-23 13:17 --d----- c:\docume~1\johnta~1\applic~1\foobar2000
2009-05-23 13:16 --d----- c:\program files\foobar2000
2009-05-22 01:38 --d----- c:\windows\Replay Media Catcher
2009-05-21 16:16 --d----- c:\program files\Sonic
2009-05-21 16:00 --d----- c:\program files\Roxio

==================== Find3M ====================

2009-05-23 20:34 34 a------- c:\documents and settings\john tasinas\jagex_runescape_preferences.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-01 13:00 87,608 a------- c:\docume~1\johnta~1\applic~1\inst.exe
2009-04-01 13:00 47,360 a------- c:\docume~1\johnta~1\applic~1\pcouffin.sys
2008-06-14 20:43 79,328 a------- c:\documents and settings\john tasinas\mqdmserd.sys
2008-06-14 20:43 5,936 a------- c:\documents and settings\john tasinas\mqdmwhnt.sys
2008-06-14 20:43 92,064 a------- c:\documents and settings\john tasinas\mqdmmdm.sys
2008-06-14 20:43 66,656 a------- c:\documents and settings\john tasinas\mqdmbus.sys
2008-06-14 20:43 25,600 a------- c:\documents and settings\john tasinas\usbsermptxp.sys
2008-06-14 20:43 22,768 a------- c:\documents and settings\john tasinas\usbsermpt.sys
2008-06-14 20:43 9,232 a------- c:\documents and settings\john tasinas\mqdmmdfl.sys
2008-06-14 20:43 6,208 a------- c:\documents and settings\john tasinas\mqdmcmnt.sys
2008-06-14 20:43 4,048 a------- c:\documents and settings\john tasinas\mqdmcr.sys
2008-08-28 18:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 12:17:43.68 ===============

Hello.
Just some leftovers to get.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

will do................any idea why norton or ADAWARE never found anything?


and how serious were my trohans?

I wouldn't recommend using Ad-aware, it just finds tracking cookies, you are better off using Malwarebytes same goes with Norton. Please post the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:31 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Weather Add-in for Windows Live Toolbar\WeatherDataClient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A437B73-C519-4AC6-BF6C-976FD3E31FD0} - (no file)
O2 - BHO: (no name) - {1172130F-0AB0-4D4E-8B63-5B1EFE7C2CF9} - (no file)
O2 - BHO: (no name) - {11CF9A58-B6C6-495D-94C0-E193AF6A19FC} - (no file)
O2 - BHO: (no name) - {184384EF-BA20-4BA4-86F0-3B7570C15444} - (no file)
O2 - BHO: (no name) - {2730B2CF-2533-4AAC-B075-57DE533DB075} - (no file)
O2 - BHO: (no name) - {2A042D21-2F43-4B86-A2D7-16756B9CD22B} - (no file)
O2 - BHO: (no name) - {2D5E76F8-B3E7-4B3E-AD03-A4A249F5F8DF} - (no file)
O2 - BHO: (no name) - {356A7A14-F695-4F8F-85FC-5494AA7114B7} - (no file)
O2 - BHO: (no name) - {366B16B2-7AA6-444C-943D-1DBB35A1A9B3} - (no file)
O2 - BHO: (no name) - {4631D05A-990C-4752-ADC5-AC46D1625377} - (no file)
O2 - BHO: (no name) - {48D0E15C-A6ED-4283-A3FC-CB78C922404C} - (no file)
O2 - BHO: (no name) - {4C21FBF0-DA83-4298-ADB8-82D018B8D58C} - C:\WINDOWS\system32\MFD71FRA.DLL (file missing)
O2 - BHO: (no name) - {520D22E2-E3EB-4A5B-81F6-DB54E161B1E8} - (no file)
O2 - BHO: (no name) - {5A4E624B-A960-478D-8D07-0FB8CC21E1F9} - C:\WINDOWS\system32\MP43DMOE.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: (no name) - {66D3D963-6C1C-4809-9A23-626E9984BB0B} - (no file)
O2 - BHO: (no name) - {6BFB1A37-71CC-4B0B-945E-727475918C3E} - C:\WINDOWS\system32\psapi32.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7B3E2373-6A7E-4A18-BD08-26000800C045} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {82163F5D-BC32-4168-A7A5-91F549061E51} - (no file)
O2 - BHO: (no name) - {8A3400D8-B84A-4C3E-A761-BAD675F23D49} - (no file)
O2 - BHO: (no name) - {8B53318F-259A-4436-B9AE-7E34F0E0104C} - (no file)
O2 - BHO: (no name) - {8B93A866-0C81-48A8-B9CC-40585651616E} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942E0D83-6B0C-4F44-94BD-568A5C953415} - (no file)
O2 - BHO: (no name) - {95865880-39C1-45A1-9503-81F7050F1364} - (no file)
O2 - BHO: (no name) - {A5FB2B15-9420-49D7-A68A-84BBE2972815} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C4D1AE52-460B-4256-AE1F-682D60CD5FF4} - (no file)
O2 - BHO: (no name) - {C8E975EB-7C02-4DB9-854F-9BAA904ECF96} - C:\WINDOWS\system32\qutil32.dll (file missing)
O2 - BHO: (no name) - {D9613065-FD61-4E31-A2D9-56259CF4CA92} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EB4D7A57-7CC4-4F21-AAC5-5CE7B2ACEFC8} - (no file)
O2 - BHO: (no name) - {EF78228C-5D74-4B27-9EF1-8A3A58007015} - C:\WINDOWS\system32\MFC72KOR.DLL (file missing)
O2 - BHO: (no name) - {FF35ADE7-87FA-4232-993D-256160109A15} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207842728784
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EE2499C3-FE60-11D3-996B-0060081C6822} (PscViewer Class) - http://fspprodweb.corp.circuitcity.net/ikbweb/PscViewer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15655 bytes

Origin wrote:

I wouldn't recommend using Ad-aware, it just finds tracking cookies, you are better off using Malwarebytes same goes with Norton. Please post the log

norton normally finds trojans though

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean. Please see here for instructions on how to disable it:

1. Right-click on the Ad-Watch icon in the system tray (located down by the system clock for most configurations)
2. Choose *Settings* from the dropdown menu
3. Under the *General Settings* tab turn OFF (red x) the option to "Load Ad-Watch at Startup" (if enabled)

4. Click on the *Status* button in the left hand menu
5. Turn OFF (red x) the option for *Regshield*
6. Close that window, then right-click on the Ad-Watch icon shield again down in the system tray next to the clock.
7. Choose *Turn off Ad-Watch* from the drop menu

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {0A437B73-C519-4AC6-BF6C-976FD3E31FD0} - (no file)
  O2 - BHO: (no name) - {1172130F-0AB0-4D4E-8B63-5B1EFE7C2CF9} - (no file)
  O2 - BHO: (no name) - {11CF9A58-B6C6-495D-94C0-E193AF6A19FC} - (no file)
  O2 - BHO: (no name) - {184384EF-BA20-4BA4-86F0-3B7570C15444} - (no file)
  O2 - BHO: (no name) - {2730B2CF-2533-4AAC-B075-57DE533DB075} - (no file)
  O2 - BHO: (no name) - {2A042D21-2F43-4B86-A2D7-16756B9CD22B} - (no file)
  O2 - BHO: (no name) - {2D5E76F8-B3E7-4B3E-AD03-A4A249F5F8DF} - (no file)
  O2 - BHO: (no name) - {356A7A14-F695-4F8F-85FC-5494AA7114B7} - (no file)
  O2 - BHO: (no name) - {366B16B2-7AA6-444C-943D-1DBB35A1A9B3} - (no file)
  O2 - BHO: (no name) - {4631D05A-990C-4752-ADC5-AC46D1625377} - (no file)
  O2 - BHO: (no name) - {48D0E15C-A6ED-4283-A3FC-CB78C922404C} - (no file)
  O2 - BHO: (no name) - {4C21FBF0-DA83-4298-ADB8-82D018B8D58C} - C:\WINDOWS\system32\MFD71FRA.DLL (file missing)
  O2 - BHO: (no name) - {520D22E2-E3EB-4A5B-81F6-DB54E161B1E8} - (no file)
  O2 - BHO: (no name) - {5A4E624B-A960-478D-8D07-0FB8CC21E1F9} - C:\WINDOWS\system32\MP43DMOE.dll (file missing)
  O2 - BHO: (no name) - {66D3D963-6C1C-4809-9A23-626E9984BB0B} - (no file)
  O2 - BHO: (no name) - {6BFB1A37-71CC-4B0B-945E-727475918C3E} - C:\WINDOWS\system32\psapi32.dll (file missing)
  O2 - BHO: (no name) - {7B3E2373-6A7E-4A18-BD08-26000800C045} - (no file)
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: (no name) - {82163F5D-BC32-4168-A7A5-91F549061E51} - (no file)
  O2 - BHO: (no name) - {8A3400D8-B84A-4C3E-A761-BAD675F23D49} - (no file)
  O2 - BHO: (no name) - {8B53318F-259A-4436-B9AE-7E34F0E0104C} - (no file)
  O2 - BHO: (no name) - {8B93A866-0C81-48A8-B9CC-40585651616E} - (no file)
  O2 - BHO: (no name) - {942E0D83-6B0C-4F44-94BD-568A5C953415} - (no file)
  O2 - BHO: (no name) - {95865880-39C1-45A1-9503-81F7050F1364} - (no file)
  O2 - BHO: (no name) - {A5FB2B15-9420-49D7-A68A-84BBE2972815} - (no file)
  O2 - BHO: (no name) - {C4D1AE52-460B-4256-AE1F-682D60CD5FF4} - (no file)
  O2 - BHO: (no name) - {C8E975EB-7C02-4DB9-854F-9BAA904ECF96} - C:\WINDOWS\system32\qutil32.dll (file missing)
  O2 - BHO: (no name) - {D9613065-FD61-4E31-A2D9-56259CF4CA92} - (no file)
  O2 - BHO: (no name) - {EB4D7A57-7CC4-4F21-AAC5-5CE7B2ACEFC8} - (no file)
  O2 - BHO: (no name) - {EF78228C-5D74-4B27-9EF1-8A3A58007015} - C:\WINDOWS\system32\MFC72KOR.DLL (file missing)
  O2 - BHO: (no name) - {FF35ADE7-87FA-4232-993D-256160109A15} - (no file)
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

is there anything I can do to speed up my web browser? seems slower after everything

and what exactly am I removing?

The Hijack This fix just fixes a bunch of leftovers BHO (Browser Helper Objects) keys.

Belahzur wrote:

The Hijack This fix just fixes a bunch of leftovers BHO (Browser Helper Objects) keys.

what do those do?

Their a bit like toolbars, they put add-ons for IE, like the Java quick starter so online Java games load faster.

so they are trojan left overs?

ComboFix 09-06-15.07 - John Tasinas 06/16/2009 14:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262.542 [GMT -4:00]
Running from: c:\documents and settings\John Tasinas\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\John Tasinas\Application Data\inst.exe
c:\windows\system32\systeminfo3.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-16 14:12 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\EECTRL.SYS
2009-06-16 14:12 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\CCERASER.DLL
2009-06-16 14:12 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\ERASER.SYS
2009-06-16 14:12 . 2009-02-19 09:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\NAVENG.SYS
2009-06-16 14:12 . 2009-02-19 09:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\NAVEX15.SYS
2009-06-16 14:12 . 2009-02-19 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\NAVENG32.DLL
2009-06-16 14:12 . 2009-02-19 09:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\NAVEX32A.DLL
2009-06-16 14:12 . 2009-01-03 15:31 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090616.004\ECMSVR32.DLL
2009-06-16 02:49 . 2009-06-16 02:49 -------- d-----w- c:\program files\Trend Micro
2009-06-16 02:47 . 2009-06-16 02:47 -------- d-----w- c:\windows\LastGood
2009-06-15 18:11 . 2009-06-15 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
2009-06-15 18:09 . 2009-06-15 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-15 17:45 . 2009-02-27 11:20 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-06-15 17:38 . 2009-06-15 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-06-15 17:38 . 2009-06-15 17:38 -------- d-----w- c:\program files\SmartSound Software
2009-06-15 17:36 . 2009-06-15 17:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-15 05:58 . 2009-06-15 16:37 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Download Manager
2009-06-15 05:21 . 2002-03-17 06:00 7420 ----a-w- c:\windows\UA000104.DLL
2009-06-15 05:18 . 2009-06-15 17:48 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Ulead Systems
2009-06-15 05:13 . 2009-06-15 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-06-15 05:12 . 2008-04-02 01:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-06-15 05:12 . 2008-04-02 01:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-06-15 05:12 . 2008-04-02 01:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-06-15 05:12 . 2008-04-02 01:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-06-15 05:12 . 2008-04-02 01:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-06-15 05:12 . 2008-04-02 01:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2009-06-15 05:11 . 2009-06-15 05:11 -------- d-----w- c:\program files\Windows Media Components
2009-06-15 05:08 . 2009-06-15 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-06-15 05:08 . 2009-06-15 05:11 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-15 05:07 . 2009-06-15 05:08 -------- d-----w- c:\program files\Corel
2009-06-15 05:05 . 2002-03-17 06:00 7420 ----a-w- c:\windows\UA000106.DLL
2009-06-13 15:51 . 2009-06-13 05:07 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-13 05:08 . 2009-06-13 05:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-13 05:07 . 2009-06-13 05:07 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-13 05:07 . 2009-06-13 05:07 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-13 05:07 . 2009-06-13 05:07 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-13 05:07 . 2009-06-13 05:07 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-13 05:07 . 2009-06-13 05:07 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-13 05:07 . 2009-06-13 05:07 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-13 05:07 . 2009-06-13 05:07 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-13 05:06 . 2009-06-13 05:06 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-13 05:06 . 2009-06-13 05:06 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-13 05:06 . 2009-06-13 05:06 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-13 05:05 . 2009-06-13 05:05 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-13 05:05 . 2009-06-13 05:05 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-13 05:05 . 2009-06-13 05:05 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-13 05:05 . 2009-06-13 05:05 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-13 05:05 . 2009-06-13 05:05 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-13 05:05 . 2009-06-13 05:05 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-13 05:04 . 2009-06-13 05:04 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-13 05:04 . 2009-06-13 05:04 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-13 05:02 . 2009-06-13 05:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-13 05:02 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-13 05:02 . 2009-06-13 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-13 05:02 . 2009-06-13 05:02 -------- d-----w- c:\program files\Lavasoft
2009-06-12 19:35 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\Scxpx86.dll
2009-06-12 19:35 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys
2009-06-12 19:35 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSvix86.sys
2009-06-12 19:35 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSxpx86.dll
2009-06-12 19:35 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSviA64.sys
2009-06-12 16:06 . 2009-06-12 16:06 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Malwarebytes
2009-06-12 16:06 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 16:06 . 2009-06-12 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-12 16:06 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 16:06 . 2009-06-12 16:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 18:19 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\Scxpx86.dll
2009-06-08 18:19 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSXpx86.sys
2009-06-08 18:19 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys
2009-06-08 18:19 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSxpx86.dll
2009-06-08 18:19 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSviA64.sys
2009-06-08 06:15 . 2009-06-08 06:15 -------- d-----w- c:\program files\iPod
2009-06-08 06:10 . 2009-06-08 06:11 -------- d-----w- c:\program files\QuickTime
2009-06-08 06:02 . 2009-06-08 06:02 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-30 15:14 . 2009-05-30 15:14 -------- d-----w- c:\program files\True Audio
2009-05-29 16:15 . 2009-05-29 16:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-05-25 23:10 . 2009-05-25 23:10 34062 ----a-w- c:\documents and settings\John Tasinas\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-23 17:32 . 2009-05-23 17:32 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-05-23 17:17 . 2009-05-28 02:35 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\foobar2000
2009-05-23 17:16 . 2009-05-23 17:16 -------- d-----w- c:\program files\foobar2000
2009-05-22 05:38 . 2009-05-22 05:38 -------- d-----w- c:\windows\Replay Media Catcher
2009-05-21 20:16 . 2009-05-21 20:17 -------- d-----w- c:\program files\Sonic
2009-05-21 20:00 . 2009-05-21 20:16 -------- d-----w- c:\program files\Roxio
2009-05-21 20:00 . 2009-05-21 20:16 -------- d-----w- c:\program files\Common Files\Roxio Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 02:44 . 2009-03-22 02:07 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-15 18:16 . 2008-04-10 05:58 97576 ----a-w- c:\documents and settings\John Tasinas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-15 18:02 . 2009-06-15 18:02 -------- d-----w- c:\windows\Fonts\Fonts
2009-06-15 18:00 . 2008-04-10 19:24 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-15 05:32 . 2008-04-11 23:44 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Azureus
2009-06-15 05:12 . 2008-04-10 05:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-15 05:06 . 2008-06-15 00:35 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\InstallShield
2009-06-15 04:09 . 2008-04-10 17:54 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\mIRC
2009-06-15 04:08 . 2008-04-10 17:54 -------- d-----w- c:\program files\mIRC
2009-06-15 00:24 . 2008-04-10 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-08 19:48 . 2008-09-16 22:22 -------- d-----w- c:\program files\iTunes
2009-06-08 06:15 . 2008-09-16 22:15 -------- d-----w- c:\program files\Common Files\Apple
2009-06-04 02:19 . 2009-03-22 02:26 256 ----a-w- c:\windows\system32\pool.bin
2009-05-30 17:31 . 2008-06-17 03:14 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\U3
2009-05-25 23:10 . 2008-05-13 13:35 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Move Networks
2009-05-24 00:34 . 2008-10-19 01:11 34 ----a-w- c:\documents and settings\John Tasinas\jagex_runescape_preferences.dat
2009-05-21 20:17 . 2008-04-30 15:43 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-05-21 20:06 . 2008-04-30 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-05-15 17:51 . 2008-04-10 17:58 -------- d-----w- c:\program files\Winamp
2009-05-12 19:25 . 2009-05-12 02:41 -------- d-----w- c:\program files\Exact Audio Copy
2009-05-12 02:41 . 2009-05-12 02:41 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\AccurateRip
2009-05-09 18:09 . 2009-05-09 18:07 -------- d-----w- c:\program files\AoA Audio Extractor
2009-05-09 18:07 . 2009-05-09 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-09 18:01 . 2009-05-09 18:01 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\FLV Extract
2009-05-09 05:49 . 2009-04-14 15:58 -------- d-----w- c:\program files\Trillian
2009-05-07 15:32 . 2004-08-03 22:56 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 00:13 . 2009-03-22 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-02 16:52 . 2009-05-02 16:52 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\Amazon
2009-05-02 05:27 . 2008-05-22 01:07 -------- d-----w- c:\program files\Motorola
2009-05-02 05:25 . 2008-06-14 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-05-02 05:24 . 2008-07-30 16:06 -------- d-----w- c:\program files\QPST
2009-05-02 05:00 . 2008-04-21 02:58 -------- d-----w- c:\documents and settings\John Tasinas\Application Data\LimeWire
2009-04-29 04:56 . 2004-08-03 22:56 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-03 22:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 19:33 . 2009-04-23 19:33 -------- d-----r- c:\program files\Norton Support
2009-04-23 00:43 . 2008-04-11 23:43 -------- d-----w- c:\program files\Azureus
2009-04-17 12:26 . 2004-08-03 21:17 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-03 22:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-04 05:15 . 2009-04-04 05:15 152576 ----a-w- c:\documents and settings\John Tasinas\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-03 18:20 . 2009-04-01 17:00 9618 ----a-w- c:\documents and settings\All Users\Application Data\DVDXStudio\CloneDVD4\MainApp.dll
2009-04-01 17:00 . 2009-04-01 17:00 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-04-01 17:00 . 2009-04-01 17:00 47360 ----a-w- c:\documents and settings\John Tasinas\Application Data\pcouffin.sys
2009-04-01 17:00 . 2009-04-01 17:00 47360 ----a-w- c:\documents and settings\John Tasinas\Application Data\pcouffin.sys
2009-04-01 16:45 . 2009-04-01 16:45 643072 ----a-w- c:\documents and settings\John Tasinas\Application Data\RipIt4Me\updater\ri4mupdater.exe
2009-03-28 20:17 . 2009-03-28 20:16 27655688 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US62016801cupd.exe
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-19 02:50 . 2008-11-07 01:20 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 02:50 . 2008-11-07 01:20 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 02:50 . 2008-11-07 01:20 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 02:50 . 2008-11-07 01:20 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 02:50 . 2008-11-07 01:20 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-22 37888]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2006-07-11 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-06-05 615696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-13 518488]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]

c:\documents and settings\John Tasinas\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-8-18 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/13/2009 1:08 AM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SymEFA.sys [3/3/2009 5:24 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [3/3/2009 5:24 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\cchpx86.sys [3/3/2009 5:23 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090610.006\IDSXpx86.sys [6/12/2009 3:35 PM 276344]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 2:02 PM 163840]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [3/3/2009 5:24 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 8:30 PM 101936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys --> c:\windows\system32\DRIVERS\CSVirtA.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [7/23/2008 10:54 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/23/2008 10:54 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [7/23/2008 10:54 PM 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [7/23/2008 10:54 PM 23680]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ADOBEACTIVEFILEMONITOR7.0
*NewlyCreated* - FLEXNET_LICENSING_SERVICE
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 05:05]

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]

2009-06-16 c:\windows\Tasks\User_Feed_Synchronization-{851895F6-3FCC-4F98-94BF-83BFCA8185B3}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-P2kAutostart - (no file)
HKLM-Run-RoxWatchTray - c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://dell.myway.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {EE2499C3-FE60-11D3-996B-0060081C6822} - hxxp://fspprodweb.corp.circuitcity.net/ikbweb/PscViewer.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 14:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = ???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2009-06-16 14:28
ComboFix-quarantined-files.txt 2009-06-16 18:28

Pre-Run: 21,082,923,008 bytes free
Post-Run: 23,485,251,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

284 --- E O F --- 2009-06-15 00:24

Hello.
Just need to remove Azerus now.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Belahzur wrote:

Hello.
Just need to remove Azerus now.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

I use Azerus though?

Hello.
Okay, just be careful what you download.

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

everything is great except when I try to connect to the first homepage.......takes longer than normal not a lot but not as fast as it was

do i need to reset an IP setting?

If your on a router, reboot it so the router cache if flushed.
You can also flush your DNS by doing the following:

Start > Run. In the run box, copy and paste in:

ipconfig /flushdns

Hit enter.

before I do that, I have another PC that connects quickly.........will the DNS be computer specific?

DNS is given by your ISP via the router, but it will be quicker if that's what you mean.

so its not a DNS issue issue since the other cpu should be slow as well correct?

Yes.

how do I remove windows recovery?

I would prefer if that stays, it can be helpful in a tough situation.

Autoplay of external devices no longer works..........

is that a registry setting

Yes, for your safety. Combofix turns autoplay/autorun off, stops flash drive infections from running when USB devices are plugged in.

Not sure if this is related though but whenever I use Roxio Burning Software I get this error


Unspecified Error 0x80004005


Any ideas? It is not the burner because I cant creat an iso from the file and I uninstalled/reinstalled numerous times, is there anything that I may have removed?


It was working fine up until I did all this