Tidserv virus + plus google search redirects

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 10-07-05.03 - Moms 07/06/2010 9:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.141 [GMT -7:00]
Running from: c:\documents and settings\Moms\My Documents\Downloads\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\xpsp1hfm.log

----- BITS: Possible infected sites -----

hxxp://buy-download.norton.com
Infected copy of c:\windows\system32\DRIVERS\viaide.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 16:41 . 2008-04-13 18:40 5376 ----a-w- c:\windows\system32\drivers\viaide.sys
2010-07-06 16:41 . 2008-04-13 18:40 5376 ----a-w- c:\windows\system32\dllcache\viaide.sys
2010-07-04 08:50 . 2010-07-04 08:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-02 19:20 . 2010-07-06 15:21 -------- d-----w- C:\word docs
2010-06-29 03:28 . 2010-06-29 03:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-27 00:32 . 2010-06-27 00:32 -------- d-----w- c:\documents and settings\Moms\Application Data\Malwarebytes
2010-06-26 01:55 . 2010-06-26 01:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-25 17:31 . 2010-06-25 17:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-25 17:31 . 2010-06-25 17:31 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-25 17:31 . 2010-06-25 17:31 -------- d-----w- c:\program files\Symantec
2010-06-25 17:29 . 2010-06-26 01:11 -------- d-----w- c:\windows\system32\drivers\NIS
2010-06-25 17:29 . 2010-06-25 17:29 -------- d-----w- c:\program files\Norton Internet Security
2010-06-25 17:29 . 2010-06-25 17:29 -------- d-----w- c:\program files\Windows Sidebar
2010-06-25 17:15 . 2010-06-25 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-06-25 17:15 . 2010-06-25 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-25 17:15 . 2010-06-25 17:15 -------- d-----w- c:\program files\NortonInstaller
2010-06-25 17:02 . 2010-06-25 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-25 14:16 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 14:16 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 01:24 . 2010-06-25 01:24 -------- d-sh--w- c:\documents and settings\Moms\PrivacIE
2010-06-23 01:40 . 2010-06-23 01:40 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 01:35 . 2010-06-23 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-23 01:33 . 2010-06-23 01:33 -------- d-----r- C:\MSOCache
2010-06-22 19:09 . 2010-06-25 20:12 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-22 19:09 . 2010-06-25 20:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-21 21:39 . 2009-08-05 12:51 192512 ----a-r- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-06-21 21:38 . 2009-08-05 12:51 405504 ----a-r- c:\windows\system32\EKIJ5000MON.dll
2010-06-21 21:37 . 2009-08-05 12:51 126976 ----a-r- c:\windows\system32\EKIJCOINST05.dll
2010-06-21 20:59 . 2010-06-21 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-21 20:59 . 2010-06-21 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-21 20:57 . 2010-06-21 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-06-21 20:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-06-21 20:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-06-21 20:47 . 2010-06-21 20:47 -------- d-----w- c:\windows\system32\kodak
2010-06-21 20:46 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-06-21 20:46 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-06-21 20:46 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-21 20:46 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-21 20:44 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-06-21 20:44 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-06-21 20:19 . 2010-06-21 20:19 -------- d-----w- c:\documents and settings\Moms\Local Settings\Application Data\Mozilla
2010-06-18 23:29 . 2010-07-06 15:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-08 02:30 . 2010-06-08 02:30 -------- d-----w- c:\program files\MPC HomeCinema
2010-06-08 02:29 . 2010-06-08 02:29 -------- d-----w- c:\program files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 19:19 . 2010-05-15 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 17:43 . 2006-05-09 13:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-25 17:31 . 2010-06-25 17:31 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-25 17:31 . 2010-06-25 17:31 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-25 01:11 . 2010-06-21 20:15 103056 ----a-w- c:\documents and settings\Moms\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 01:43 . 2006-05-09 12:55 -------- d-----w- c:\program files\Microsoft Works
2010-06-21 20:16 . 2010-06-21 20:15 127 ----a-w- c:\documents and settings\Moms\Local Settings\Application Data\fusioncache.dat
2010-06-02 16:38 . 2006-03-27 16:17 86939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-02 16:04 . 2006-05-09 12:57 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-23 06:36 . 2010-05-23 06:36 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-23 06:36 . 2010-05-23 06:36 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-21 22:31 . 2010-05-21 22:31 1708 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Presario V5000 (EZ431UA#ABA)_YN_0Pres_QCND63204VW_E413900001_46_I30A8_SHP_V56.38_BF.15_T060613_WXH2_L409_M503_J60_7Intel_8Celeron M 410_91.46_#100521_N14E44311_(EZ431UA#ABA)_XMOBILE_CN10_Z_2F.15.MRK
2010-05-21 22:25 . 2006-05-09 10:35 -------- d-----w- c:\program files\HPQ
2010-05-21 22:02 . 2006-05-09 13:19 -------- d-----w- c:\program files\Quickensetup
2010-05-21 22:02 . 2006-05-09 13:20 -------- d-----w- c:\program files\Quicken
2010-05-21 22:00 . 2006-05-09 13:35 -------- d-----w- c:\program files\NetWaiting
2010-05-21 22:00 . 2006-05-09 13:17 -------- d-----w- c:\program files\music_now
2010-05-21 22:00 . 2006-05-09 12:55 -------- d-----w- c:\program files\MSN Encarta Plus
2010-05-21 21:59 . 2006-05-09 13:19 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2010-05-21 21:58 . 2006-05-09 12:54 -------- d-----w- c:\program files\Microsoft Money 2006
2010-05-21 21:58 . 2006-05-09 13:22 -------- d-----w- c:\program files\HP Rhapsody
2010-05-21 21:56 . 2006-05-09 10:35 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-21 21:56 . 2006-05-09 13:16 -------- d-----w- c:\program files\Google
2010-05-21 21:56 . 2006-05-09 12:46 -------- d-----w- c:\program files\CONEXANT
2010-05-21 21:55 . 2006-05-09 10:35 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-05-21 21:55 . 2006-05-09 10:35 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-21 21:55 . 2006-05-09 13:20 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2010-05-21 21:55 . 2006-05-09 13:24 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-21 21:51 . 2010-06-29 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2010-05-21 21:51 . 2010-06-21 20:15 -------- d-----w- c:\documents and settings\Moms\Application Data\Symantec
2010-05-21 21:51 . 2010-05-21 22:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-05-21 21:51 . 2010-06-29 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2010-05-21 21:51 . 2010-06-21 20:15 -------- d-----w- c:\documents and settings\Moms\Application Data\Intuit
2010-05-21 21:51 . 2010-05-21 22:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-05-21 21:51 . 2006-05-09 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-05-18 11:12 . 2010-04-27 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-18 10:30 . 2010-04-29 00:44 179 ----a-w- C:\handle.dat
2010-05-18 01:52 . 2010-05-18 01:53 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-05-18 01:50 . 2010-05-18 01:50 -------- d-----w- c:\program files\STOPzilla!
2010-05-18 01:29 . 2010-05-16 16:34 -------- d-----w- c:\program files\RegScrubXP
2010-05-17 17:53 . 2008-04-19 04:10 -------- d-----w- c:\program files\QuickTime
2010-05-17 17:05 . 2010-04-27 21:01 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2010-05-17 16:57 . 2010-04-23 19:37 112 ----a-w- c:\documents and settings\All Users\Application Data\wa4rGu0l.dat
2010-05-16 00:41 . 2010-05-16 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-16 00:41 . 2010-05-16 00:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-16 00:40 . 2010-05-16 00:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-15 23:43 . 2010-05-15 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-14 00:17 . 2010-05-14 00:17 -------- d-----w- c:\program files\Trend Micro
2010-05-10 04:39 . 2007-01-25 05:35 -------- d-----w- c:\program files\Trillian
2010-05-10 04:16 . 2006-09-04 21:46 -------- d-----w- c:\program files\EPSON
2010-05-10 04:16 . 2009-12-21 00:46 -------- d-----w- c:\program files\DivX
2010-05-10 04:06 . 2009-01-09 15:50 -------- d-----w- c:\program files\Canon
2010-05-10 04:05 . 2010-05-10 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2010-04-27 23:01 . 2010-04-27 23:01 12718080 ---ha-w- C:\SZKGFS.dat
2008-04-19 04:16 . 2008-04-19 04:16 23700784 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-04-19 03:55 . 2008-04-19 03:55 6039048 ----a-w- c:\program files\Firefox Setup 2.0.0.14.exe
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-05 1626112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-1 113664]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]
RSDUpdater.exe.lnk - c:\windows\explorer.exe [2004-8-4 1033728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [6/25/2010 2:16 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [6/25/2010 2:16 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/19/2010 12:46 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [6/25/2010 2:16 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [6/25/2010 2:16 PM 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [6/25/2010 2:14 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 10:39 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100706.002\IDSXpx86.sys [7/6/2010 7:40 AM 331640]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Veetle TV - c:\documents and settings\User\Desktop\Veetle\UninstallVeetleTV.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 10:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"=""c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe" /s "NIS" /m "c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(540)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-07-06 10:10:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-06 17:10

Pre-Run: 4,956,618,752 bytes free
Post-Run: 5,712,216,064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 48B14C61271F6180A27247F76E6162D4

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

RenV::
c:\program files\ACD Systems\ACDSee\CAMDET~1 .exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Alltel\GoBoingo\AlltelWifi .exe
c:\program files\AT&T\Communication Manager\ATTCM .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm  .exe
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Hp\Digital Imaging\bin\hpqSRMon .exe
c:\program files\Hp\HP Software Update\HPWuSchd2 .exe
c:\program files\Hp\QuickPlay\QPService .exe
c:\program files\HPQ\Default Settings\cpqset .exe
c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant .exe
c:\program files\QuickTime\qttask                              .exe
c:\program files\QuickTime\qttask                            .exe
c:\program files\QuickTime\qttask                            .exe
c:\program files\QuickTime\qttask                          .exe
c:\program files\QuickTime\qttask                          .exe
c:\program files\QuickTime\qttask                        .exe
c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4 .exe
c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Yahoo!\Messenger\YahooMessenger .exe
c:\program files\Yahoo!\Search Protection\SearchProtection .exe
c:\windows\CREATOR\Remind_XP .exe
c:\windows\SMINST\RecGuard .exe

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-07-06.01 - Moms 07/06/2010 10:49:14.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.187 [GMT -7:00]
Running from: c:\documents and settings\Moms\My Documents\Downloads\Combo-Fix.exe
Command switches used :: c:\documents and settings\Moms\My Documents\Downloads\CFscript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 16:41 . 2008-04-13 18:40 5376 ----a-w- c:\windows\system32\drivers\viaide.sys
2010-07-06 16:41 . 2008-04-13 18:40 5376 ----a-w- c:\windows\system32\dllcache\viaide.sys
2010-07-04 08:50 . 2010-07-04 08:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-02 19:20 . 2010-07-06 15:21 -------- d-----w- C:\word docs
2010-06-29 03:28 . 2010-06-29 03:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-29 03:28 . 2006-05-09 13:21 9662 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\ARPPRODUCTICON.exe
2010-06-29 03:28 . 2006-05-09 13:21 65536 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 12:54 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2010-06-27 00:32 . 2010-06-27 00:32 -------- d-----w- c:\documents and settings\Moms\Application Data\Malwarebytes
2010-06-26 01:55 . 2010-06-26 01:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-25 17:31 . 2010-06-25 17:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-25 17:31 . 2010-06-25 17:31 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-25 17:31 . 2010-06-25 17:31 -------- d-----w- c:\program files\Symantec
2010-06-25 17:29 . 2010-06-26 01:11 -------- d-----w- c:\windows\system32\drivers\NIS
2010-06-25 17:29 . 2010-06-25 17:29 -------- d-----w- c:\program files\Norton Internet Security
2010-06-25 17:29 . 2010-06-25 17:29 -------- d-----w- c:\program files\Windows Sidebar
2010-06-25 17:15 . 2010-06-25 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-06-25 17:15 . 2010-06-25 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-25 17:15 . 2010-06-25 17:15 -------- d-----w- c:\program files\NortonInstaller
2010-06-25 17:02 . 2010-06-25 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-25 14:16 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 14:16 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 01:24 . 2010-06-25 01:24 -------- d-sh--w- c:\documents and settings\Moms\PrivacIE
2010-06-23 01:40 . 2010-06-23 01:40 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 01:35 . 2010-06-23 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-23 01:33 . 2010-06-23 01:33 -------- d-----r- C:\MSOCache
2010-06-22 19:09 . 2010-06-25 20:12 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-22 19:09 . 2010-06-25 20:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-21 21:39 . 2009-08-05 12:51 192512 ----a-r- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-06-21 21:38 . 2009-08-05 12:51 405504 ----a-r- c:\windows\system32\EKIJ5000MON.dll
2010-06-21 21:37 . 2009-08-05 12:51 126976 ----a-r- c:\windows\system32\EKIJCOINST05.dll
2010-06-21 20:59 . 2010-06-21 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-21 20:59 . 2010-06-21 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-21 20:57 . 2010-06-21 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-06-21 20:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-06-21 20:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-06-21 20:47 . 2010-06-21 20:47 -------- d-----w- c:\windows\system32\kodak
2010-06-21 20:46 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-06-21 20:46 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-06-21 20:46 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-21 20:46 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-21 20:44 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-06-21 20:44 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-06-21 20:19 . 2010-06-21 20:19 -------- d-----w- c:\documents and settings\Moms\Local Settings\Application Data\Mozilla
2010-06-21 20:16 . 2010-06-21 20:16 -------- d-sh--w- c:\documents and settings\Moms\IETldCache
2010-06-18 23:29 . 2010-07-06 15:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-08 02:30 . 2010-06-08 02:30 -------- d-----w- c:\program files\MPC HomeCinema
2010-06-08 02:29 . 2010-06-08 02:29 -------- d-----w- c:\program files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 17:49 . 2008-04-19 04:10 -------- d-----w- c:\program files\QuickTime
2010-07-05 19:19 . 2010-05-15 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 17:43 . 2006-05-09 13:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-25 17:31 . 2010-06-25 17:31 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-25 17:31 . 2010-06-25 17:31 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-25 01:11 . 2010-06-21 20:15 103056 ----a-w- c:\documents and settings\Moms\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 01:43 . 2006-05-09 12:55 -------- d-----w- c:\program files\Microsoft Works
2010-06-21 20:16 . 2010-06-21 20:15 127 ----a-w- c:\documents and settings\Moms\Local Settings\Application Data\fusioncache.dat
2010-06-02 16:38 . 2006-03-27 16:17 86939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-02 16:04 . 2006-05-09 12:57 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-23 06:36 . 2010-05-23 06:36 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-23 06:36 . 2010-05-23 06:36 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-21 22:31 . 2010-05-21 22:31 1708 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Presario V5000 (EZ431UA#ABA)_YN_0Pres_QCND63204VW_E413900001_46_I30A8_SHP_V56.38_BF.15_T060613_WXH2_L409_M503_J60_7Intel_8Celeron M 410_91.46_#100521_N14E44311_(EZ431UA#ABA)_XMOBILE_CN10_Z_2F.15.MRK
2010-05-21 22:25 . 2006-05-09 10:35 -------- d-----w- c:\program files\HPQ
2010-05-21 22:02 . 2006-05-09 13:19 -------- d-----w- c:\program files\Quickensetup
2010-05-21 22:02 . 2006-05-09 13:20 -------- d-----w- c:\program files\Quicken
2010-05-21 22:00 . 2006-05-09 13:35 -------- d-----w- c:\program files\NetWaiting
2010-05-21 22:00 . 2006-05-09 13:17 -------- d-----w- c:\program files\music_now
2010-05-21 22:00 . 2006-05-09 12:55 -------- d-----w- c:\program files\MSN Encarta Plus
2010-05-21 21:59 . 2006-05-09 13:19 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2010-05-21 21:58 . 2006-05-09 12:54 -------- d-----w- c:\program files\Microsoft Money 2006
2010-05-21 21:58 . 2006-05-09 13:22 -------- d-----w- c:\program files\HP Rhapsody
2010-05-21 21:56 . 2006-05-09 10:35 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-21 21:56 . 2006-05-09 13:16 -------- d-----w- c:\program files\Google
2010-05-21 21:56 . 2006-05-09 12:46 -------- d-----w- c:\program files\CONEXANT
2010-05-21 21:55 . 2006-05-09 10:35 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-05-21 21:55 . 2006-05-09 10:35 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-21 21:55 . 2006-05-09 13:20 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2010-05-21 21:55 . 2006-05-09 13:24 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-21 21:51 . 2010-06-29 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2010-05-21 21:51 . 2010-06-21 20:15 -------- d-----w- c:\documents and settings\Moms\Application Data\Symantec
2010-05-21 21:51 . 2010-05-21 22:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-05-21 21:51 . 2010-06-29 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2010-05-21 21:51 . 2010-06-21 20:15 -------- d-----w- c:\documents and settings\Moms\Application Data\Intuit
2010-05-21 21:51 . 2010-05-21 22:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-05-21 21:51 . 2006-05-09 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-05-18 11:12 . 2010-04-27 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-18 10:30 . 2010-04-29 00:44 179 ----a-w- C:\handle.dat
2010-05-18 01:52 . 2010-05-18 01:53 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-05-18 01:50 . 2010-05-18 01:50 -------- d-----w- c:\program files\STOPzilla!
2010-05-18 01:29 . 2010-05-16 16:34 -------- d-----w- c:\program files\RegScrubXP
2010-05-17 17:05 . 2010-04-27 21:01 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2010-05-17 16:57 . 2010-04-23 19:37 112 ----a-w- c:\documents and settings\All Users\Application Data\wa4rGu0l.dat
2010-05-16 00:41 . 2010-05-16 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-16 00:41 . 2010-05-16 00:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-16 00:40 . 2010-05-16 00:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-15 23:43 . 2010-05-15 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-14 00:17 . 2010-05-14 00:17 -------- d-----w- c:\program files\Trend Micro
2010-05-10 04:39 . 2007-01-25 05:35 -------- d-----w- c:\program files\Trillian
2010-05-10 04:16 . 2006-09-04 21:46 -------- d-----w- c:\program files\EPSON
2010-05-10 04:16 . 2009-12-21 00:46 -------- d-----w- c:\program files\DivX
2010-05-10 04:06 . 2009-01-09 15:50 -------- d-----w- c:\program files\Canon
2010-05-10 04:05 . 2010-05-10 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2010-04-27 23:01 . 2010-04-27 23:01 12718080 ---ha-w- C:\SZKGFS.dat
2008-04-19 04:16 . 2008-04-19 04:16 23700784 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-04-19 03:55 . 2008-04-19 03:55 6039048 ----a-w- c:\program files\Firefox Setup 2.0.0.14.exe
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-05 1626112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-1 113664]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]
RSDUpdater.exe.lnk - c:\windows\explorer.exe [2004-8-4 1033728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [6/25/2010 2:16 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [6/25/2010 2:16 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/19/2010 12:46 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [6/25/2010 2:16 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [6/25/2010 2:16 PM 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [6/25/2010 2:14 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 10:39 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100706.002\IDSXpx86.sys [7/6/2010 7:40 AM 331640]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 11:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"=""c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe" /s "NIS" /m "c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2010-07-06 11:05:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-06 18:05
ComboFix2.txt 2010-07-06 17:10

Pre-Run: 5,751,021,568 bytes free
Post-Run: 5,737,562,112 bytes free

- - End Of File - - 40A5EA2E03323D6829E07AC512038FB0

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

File::
c:\program files\Common Files\InstallShield\UpdateService\isuspm  .exe
c:\program files\QuickTime\qttask                            .exe
c:\program files\QuickTime\qttask                          .exe
c:\program files\QuickTime\qttask                        .exe

Reboot::

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 10-07-06.01 - Moms 07/06/2010 12:07:34.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.169 [GMT -7:00]
Running from: c:\documents and settings\Moms\My Documents\Downloads\Combo-Fix.exe
Command switches used :: c:\documents and settings\Moms\My Documents\Downloads\CFscript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe"
"c:\program files\QuickTime\qttask .exe"
"c:\program files\QuickTime\qttask .exe"
"c:\program files\QuickTime\qttask .exe"
.

((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 16:41 . 2008-04-13 18:40 5376 ----a-w- c:\windows\system32\drivers\viaide.sys
2010-07-06 16:41 . 2008-04-13 18:40 5376 ----a-w- c:\windows\system32\dllcache\viaide.sys
2010-07-04 08:50 . 2010-07-04 08:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-02 19:20 . 2010-07-06 15:21 -------- d-----w- C:\word docs
2010-06-29 03:28 . 2010-06-29 03:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-29 03:28 . 2006-05-09 13:21 9662 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\ARPPRODUCTICON.exe
2010-06-29 03:28 . 2006-05-09 13:21 65536 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 13:21 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe
2010-06-29 03:28 . 2006-05-09 12:54 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2010-06-27 00:32 . 2010-06-27 00:32 -------- d-----w- c:\documents and settings\Moms\Application Data\Malwarebytes
2010-06-26 01:55 . 2010-06-26 01:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-25 17:31 . 2010-06-25 17:31 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-25 17:31 . 2010-06-25 17:31 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-25 17:31 . 2010-06-25 17:31 -------- d-----w- c:\program files\Symantec
2010-06-25 17:29 . 2010-06-26 01:11 -------- d-----w- c:\windows\system32\drivers\NIS
2010-06-25 17:29 . 2010-06-25 17:29 -------- d-----w- c:\program files\Norton Internet Security
2010-06-25 17:29 . 2010-06-25 17:29 -------- d-----w- c:\program files\Windows Sidebar
2010-06-25 17:15 . 2010-06-25 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-06-25 17:15 . 2010-06-25 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-25 17:15 . 2010-06-25 17:15 -------- d-----w- c:\program files\NortonInstaller
2010-06-25 17:02 . 2010-06-25 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-25 14:16 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 14:16 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 01:24 . 2010-06-25 01:24 -------- d-sh--w- c:\documents and settings\Moms\PrivacIE
2010-06-23 01:40 . 2010-06-23 01:40 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 01:35 . 2010-06-23 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-23 01:33 . 2010-06-23 01:33 -------- d-----r- C:\MSOCache
2010-06-22 19:09 . 2010-06-25 20:12 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-22 19:09 . 2010-06-25 20:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-21 21:39 . 2009-08-05 12:51 192512 ----a-r- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-06-21 21:38 . 2009-08-05 12:51 405504 ----a-r- c:\windows\system32\EKIJ5000MON.dll
2010-06-21 21:37 . 2009-08-05 12:51 126976 ----a-r- c:\windows\system32\EKIJCOINST05.dll
2010-06-21 20:59 . 2010-06-21 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-21 20:59 . 2010-06-21 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-21 20:57 . 2010-06-21 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-06-21 20:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-06-21 20:47 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-06-21 20:47 . 2010-06-21 20:47 -------- d-----w- c:\windows\system32\kodak
2010-06-21 20:46 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-06-21 20:46 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-06-21 20:46 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-21 20:46 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-21 20:44 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-06-21 20:44 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-06-21 20:19 . 2010-06-21 20:19 -------- d-----w- c:\documents and settings\Moms\Local Settings\Application Data\Mozilla
2010-06-21 20:16 . 2010-06-21 20:16 -------- d-sh--w- c:\documents and settings\Moms\IETldCache
2010-06-18 23:29 . 2010-07-06 15:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-08 02:30 . 2010-06-08 02:30 -------- d-----w- c:\program files\MPC HomeCinema
2010-06-08 02:29 . 2010-06-08 02:29 -------- d-----w- c:\program files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 17:49 . 2008-04-19 04:10 -------- d-----w- c:\program files\QuickTime
2010-07-05 19:19 . 2010-05-15 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 17:43 . 2006-05-09 13:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-25 17:31 . 2010-06-25 17:31 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-25 17:31 . 2010-06-25 17:31 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-25 01:11 . 2010-06-21 20:15 103056 ----a-w- c:\documents and settings\Moms\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 01:43 . 2006-05-09 12:55 -------- d-----w- c:\program files\Microsoft Works
2010-06-21 20:16 . 2010-06-21 20:15 127 ----a-w- c:\documents and settings\Moms\Local Settings\Application Data\fusioncache.dat
2010-06-02 16:38 . 2006-03-27 16:17 86939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-02 16:04 . 2006-05-09 12:57 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-23 06:36 . 2010-05-23 06:36 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-23 06:36 . 2010-05-23 06:36 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-21 22:31 . 2010-05-21 22:31 1708 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_Presario V5000 (EZ431UA#ABA)_YN_0Pres_QCND63204VW_E413900001_46_I30A8_SHP_V56.38_BF.15_T060613_WXH2_L409_M503_J60_7Intel_8Celeron M 410_91.46_#100521_N14E44311_(EZ431UA#ABA)_XMOBILE_CN10_Z_2F.15.MRK
2010-05-21 22:25 . 2006-05-09 10:35 -------- d-----w- c:\program files\HPQ
2010-05-21 22:02 . 2006-05-09 13:19 -------- d-----w- c:\program files\Quickensetup
2010-05-21 22:02 . 2006-05-09 13:20 -------- d-----w- c:\program files\Quicken
2010-05-21 22:00 . 2006-05-09 13:35 -------- d-----w- c:\program files\NetWaiting
2010-05-21 22:00 . 2006-05-09 13:17 -------- d-----w- c:\program files\music_now
2010-05-21 22:00 . 2006-05-09 12:55 -------- d-----w- c:\program files\MSN Encarta Plus
2010-05-21 21:59 . 2006-05-09 13:19 -------- d-----w- c:\program files\Microsoft Office Trial Wizard
2010-05-21 21:58 . 2006-05-09 12:54 -------- d-----w- c:\program files\Microsoft Money 2006
2010-05-21 21:58 . 2006-05-09 13:22 -------- d-----w- c:\program files\HP Rhapsody
2010-05-21 21:56 . 2006-05-09 10:35 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-21 21:56 . 2006-05-09 13:16 -------- d-----w- c:\program files\Google
2010-05-21 21:56 . 2006-05-09 12:46 -------- d-----w- c:\program files\CONEXANT
2010-05-21 21:55 . 2006-05-09 10:35 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-05-21 21:55 . 2006-05-09 10:35 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-21 21:55 . 2006-05-09 13:20 -------- d-----w- c:\program files\Common Files\Palo Alto Software
2010-05-21 21:55 . 2006-05-09 13:24 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-21 21:51 . 2010-06-29 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2010-05-21 21:51 . 2010-06-21 20:15 -------- d-----w- c:\documents and settings\Moms\Application Data\Symantec
2010-05-21 21:51 . 2010-05-21 22:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2010-05-21 21:51 . 2010-06-29 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2010-05-21 21:51 . 2010-06-21 20:15 -------- d-----w- c:\documents and settings\Moms\Application Data\Intuit
2010-05-21 21:51 . 2010-05-21 22:29 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intuit
2010-05-21 21:51 . 2006-05-09 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-05-18 11:12 . 2010-04-27 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-18 10:30 . 2010-04-29 00:44 179 ----a-w- C:\handle.dat
2010-05-18 01:52 . 2010-05-18 01:53 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-05-18 01:50 . 2010-05-18 01:50 -------- d-----w- c:\program files\STOPzilla!
2010-05-18 01:29 . 2010-05-16 16:34 -------- d-----w- c:\program files\RegScrubXP
2010-05-17 17:05 . 2010-04-27 21:01 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2010-05-17 16:57 . 2010-04-23 19:37 112 ----a-w- c:\documents and settings\All Users\Application Data\wa4rGu0l.dat
2010-05-16 00:41 . 2010-05-16 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-16 00:41 . 2010-05-16 00:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-16 00:40 . 2010-05-16 00:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-15 23:43 . 2010-05-15 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-14 00:17 . 2010-05-14 00:17 -------- d-----w- c:\program files\Trend Micro
2010-05-10 04:39 . 2007-01-25 05:35 -------- d-----w- c:\program files\Trillian
2010-05-10 04:16 . 2006-09-04 21:46 -------- d-----w- c:\program files\EPSON
2010-05-10 04:16 . 2009-12-21 00:46 -------- d-----w- c:\program files\DivX
2010-05-10 04:06 . 2009-01-09 15:50 -------- d-----w- c:\program files\Canon
2010-05-10 04:05 . 2010-05-10 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2010-04-27 23:01 . 2010-04-27 23:01 12718080 ---ha-w- C:\SZKGFS.dat
2008-04-19 04:16 . 2008-04-19 04:16 23700784 ----a-w- c:\program files\QuickTimeInstaller.exe
2008-04-19 03:55 . 2008-04-19 03:55 6039048 ----a-w- c:\program files\Firefox Setup 2.0.0.14.exe
.


((((((((((((((((((((((((((((( SnapShot@2010-07-06_18.01.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-06 19:19 . 2010-07-06 19:19 16384 c:\windows\temp\Perflib_Perfdata_6bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-05 1626112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-7-1 113664]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]
RSDUpdater.exe.lnk - c:\windows\explorer.exe [2004-8-4 1033728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [6/25/2010 2:16 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [6/25/2010 2:16 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/19/2010 12:46 AM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [6/25/2010 2:16 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [6/25/2010 2:16 PM 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [6/25/2010 2:14 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/25/2010 10:39 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100706.002\IDSXpx86.sys [7/6/2010 7:40 AM 331640]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=presario&pf=laptop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 12:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????Z??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"=""c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe" /s "NIS" /m "c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2010-07-06 12:25:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-06 19:25
ComboFix2.txt 2010-07-06 18:05
ComboFix3.txt 2010-07-06 17:10

Pre-Run: 5,707,509,760 bytes free
Post-Run: 5,694,271,488 bytes free

- - End Of File - - 413D1C63B9097EBDE63285A4A9D97A3A

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Hi Belahzur,

It did a scan found 4 trojans but did not save a log.txt to the folder?

I checked remove and uninstall the viruses.

MW2

Hello.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Bonjour
Conexant HD Audio
Customer Experience Enhancement
Free Audio CD Burner version 1.3
Free YouTube to MP3 Converter version 3.5
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP DVD Play 2.1
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.00 E2
HP Rhapsody
HP Software Update
HP User Guides 0019
HP User Guides--System Recovery
HP Wireless Assistant 2.00 E1
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Excel 97
Microsoft Money 2006
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 97
Microsoft Works
Mozilla Firefox (3.5.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
Netscape Browser (remove only)
NetWaiting
Norton Internet Security
Office 2003 Trial Assistant
Quicken 2006
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SmartAudio
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TourSetup
Uninstall 1.0.0.1
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows XP Service Pack 3
Wireless Home Network Setup

Hi Belahzur,

I know your a busy person and I thank you for your consistent help it is appreciated, I was not sure if we are done?

The Computer seems to be running great at this time, I just don't know until you give it the two thumbs up?

Thank You
MW2

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Adobe Reader 6.0.1
J2SE Runtime Environment 5.0 Update 6

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 20.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader 9.3.3

How is the machine running now?

Hi Belahzur,

The Machine is running great, I know I probably need to upgrade on memory, and get rid of some mp3's and photos, but it RUNS SO MUCH BETTER I can tell the difference since yesterdays removals.

I wasn't sure if I should download the Mcafee Security Scan Plus?

I will not be renewing Norton Security due to the lack of support, any recommendations?

I will be donating for your SUPERB services!

Thank U
MW2

I recommend Avira, Norton is such a huge resource hog.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Belahzur,

Thank You so much for your knowledge and support in order to restore my computer back to its original self.

I have one last question, I do like to use sharing servers to watch movies online is there anyway to protect myself?

Thank you,
MW2

Safe surfing is probably the biggest thing, it all depends on how you surf the net on routine day, don't surf bad websites.

Belahzur,

Once again Thank You so much for the support and your knowledge it is SUPREME above and beyond others!

Sincerely,
MW2