HELP!!! W32.Tidserv aka Backdoor.Tidserv!inf HELP!!

Hi i have a problem with this virus. im sure you guys have heard of it W32.Tidserv and it's really messing up my computer!! please ! if you know how to remove it PLEASE help me!!!
MY HIJACKTHIS IS ....




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:51 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://atlantica.ndoorsgames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CamWizard] C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{32BDFCA1-DBEA-4C2E-B85E-048CB3BE1CF2}: NameServer = 85.255.114.28;85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C0D9F1C-5F34-4BAD-B006-2BE6A297FCB3}: NameServer = 85.255.114.28;85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8863786-5867-4769-A285-54C6BA72F33D}: NameServer = 85.255.114.28;85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7CB4411-C0ED-4C6E-A9C1-7E1410232559}: NameServer = 85.255.114.28;85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{E019FF2D-41D6-4098-8D75-EDED1B1B8342}: NameServer = 85.255.114.28;85.255.112.99
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.28;85.255.112.99
O17 - HKLM\System\CS1\Services\Tcpip\..\{32BDFCA1-DBEA-4C2E-B85E-048CB3BE1CF2}: NameServer = 85.255.114.28;85.255.112.99
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.28;85.255.112.99
O17 - HKLM\System\CS2\Services\Tcpip\..\{32BDFCA1-DBEA-4C2E-B85E-048CB3BE1CF2}: NameServer = 85.255.114.28;85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.28;85.255.112.99
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10126 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  F3 - REG:win.ini: run=
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O4 - S-1-5-18 Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (User 'SYSTEM')
  O4 - .DEFAULT Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (User 'Default user')
  O17 - HKLM\System\CCS\Services\Tcpip\..\{32BDFCA1-DBEA-4C2E-B85E-048CB3BE1CF2}: NameServer = 85.255.114.28;85.255.112.99
  O17 - HKLM\System\CCS\Services\Tcpip\..\{5C0D9F1C-5F34-4BAD-B006-2BE6A297FCB3}: NameServer = 85.255.114.28;85.255.112.99
  O17 - HKLM\System\CCS\Services\Tcpip\..\{A8863786-5867-4769-A285-54C6BA72F33D}: NameServer = 85.255.114.28;85.255.112.99
  O17 - HKLM\System\CCS\Services\Tcpip\..\{C7CB4411-C0ED-4C6E-A9C1-7E1410232559}: NameServer = 85.255.114.28;85.255.112.99
  O17 - HKLM\System\CCS\Services\Tcpip\..\{E019FF2D-41D6-4098-8D75-EDED1B1B8342}: NameServer = 85.255.114.28;85.255.112.99
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.28;85.255.112.99
  O17 - HKLM\System\CS1\Services\Tcpip\..\{32BDFCA1-DBEA-4C2E-B85E-048CB3BE1CF2}: NameServer = 85.255.114.28;85.255.112.99
  O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.28;85.255.112.99
  O17 - HKLM\System\CS2\Services\Tcpip\..\{32BDFCA1-DBEA-4C2E-B85E-048CB3BE1CF2}: NameServer = 85.255.114.28;85.255.112.99
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.28;85.255.112.99
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

• Download combofix from here, use the top links - combofix.exe
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ok.. so i have done you instructions.. but when the message comes up saying if i want to install Recovery Console...i press yes .. but it says i have no internet connection (while im still on this site) so i click "ok" to continue and it says "failed to download do you wish to continue with scan"....after i press no everything stops working until i restart it.... is there another way to download Recovery Console.

Okay.
Run it again, but scan with no console, it's probably the tdss rootkit stopping it, but we'll do it after a first scan.

ok so i have got the combo fix txt... but it is too large to put on here!
Should i send 1 half then the other half??

Split it up into more than one post.
Do it section by section.

Header + files created within a month
find3m report
reg loading points
all of the rest

ComboFix 08-12-21.01 - David 2008-12-21 16:41:17.2 - NTFSx86
Running from: c:\documents and settings\David\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\David\Application Data\inst.exe
C:\resycled
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\mfc45.dll
c:\windows\system32\Pncrt.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-21 12:01 . 2008-12-21 12:44 d-------- c:\program files\Norton AntiVirus
2008-12-21 12:00 . 2008-12-21 12:24 d-------- c:\program files\Symantec
2008-12-21 12:00 . 2008-12-21 12:24 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-21 12:00 . 2008-12-21 12:24 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-20 22:51 . 2008-12-20 22:51 d-------- c:\program files\Trend Micro
2008-12-20 22:13 . 2008-12-20 22:13 d-a------ c:\program files\Silkroad
2008-12-20 21:46 . 2008-12-20 21:47 304 --a------ C:\config.ini
2008-12-20 20:43 . 2008-12-20 20:43 33 --a------ c:\windows\LVMMail.INI
2008-12-20 16:02 . 2008-12-20 16:02 d-------- c:\program files\Common Files\DirectX
2008-12-20 15:36 . 2008-12-20 15:40 d-------- C:\nDoors
2008-12-20 14:34 . 2008-12-20 14:34 96 --ah----- c:\windows\system32\HsInfo.dat
2008-12-20 14:32 . 2008-12-20 14:32 d-------- c:\program files\alaplaya
2008-12-20 12:43 . 2008-12-20 12:43 dr------- c:\documents and settings\David\Application Data\Brother
2008-12-18 23:22 . 2008-12-19 09:47 1,556 --a------ c:\windows\_delis32.ini
2008-12-18 23:20 . 2008-12-21 14:08 d-------- c:\program files\Logitech
2008-12-17 20:19 . 2008-12-17 20:19 d-------- c:\program files\PCI Audio Applications
2008-12-17 19:06 . 2003-03-28 14:19 39,279 --a------ c:\windows\cmijack.dat
2008-12-17 19:06 . 2003-04-03 18:37 23,041 --a------ c:\windows\cmaudio.dat
2008-12-17 19:01 . 2008-12-17 19:01 d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-12-17 17:56 . 2008-12-17 17:56 d-------- c:\windows\Downloaded Installations
2008-12-17 17:55 . 2008-12-17 17:55 d-------- c:\documents and settings\David\Application Data\ScanSoft
2008-12-17 17:39 . 2008-12-17 17:40 d-------- c:\windows\system32\NtmsData
2008-12-17 15:55 . 2008-12-17 15:58 d-------- c:\program files\Image-Line
2008-12-16 22:48 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-12-16 22:48 . 2003-03-18 20:05 89,088 --a------ c:\windows\system32\atl71.dll
2008-12-16 22:48 . 2003-03-18 21:44 65,536 --a------ c:\windows\system32\MFC71DEU.DLL
2008-12-16 22:48 . 2003-03-18 21:44 61,440 --a------ c:\windows\system32\MFC71ITA.DLL
2008-12-16 22:48 . 2003-03-18 21:44 61,440 --a------ c:\windows\system32\MFC71ESP.DLL
2008-12-16 22:48 . 2003-03-18 21:44 57,344 --a------ c:\windows\system32\MFC71ENU.DLL
2008-12-16 22:48 . 2003-03-18 21:44 49,152 --a------ c:\windows\system32\MFC71KOR.DLL
2008-12-16 22:48 . 2003-03-18 21:44 49,152 --a------ c:\windows\system32\MFC71JPN.DLL
2008-12-16 22:48 . 2003-03-18 21:44 45,056 --a------ c:\windows\system32\MFC71CHT.DLL
2008-12-16 22:48 . 2003-03-18 21:44 40,960 --a------ c:\windows\system32\MFC71CHS.DLL
2008-12-16 20:27 . 2008-12-16 20:27 d-------- c:\documents and settings\David\Application Data\Juce VST Host
2008-12-16 20:06 . 2008-12-17 15:57 d-------- c:\program files\VstPlugins
2008-12-11 22:30 . 2008-12-11 22:30 d-------- c:\program files\Paint.NET
2008-12-09 15:51 . 2008-12-13 07:58 d-------- c:\program files\PeerGuardian2
2008-12-08 19:48 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-12-08 16:05 . 2008-12-08 16:05 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-12-07 16:29 . 2008-12-07 16:29 d-------- c:\program files\DVDFab Platinum 4
2008-12-05 17:30 . 2002-07-07 17:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2008-12-05 17:30 . 2006-06-20 03:56 225,280 --a------ c:\windows\system32\rewire.dll
2008-12-05 17:29 . 2008-12-05 17:29 d-------- c:\program files\Outsim
2008-12-03 21:10 . 2008-12-03 21:10 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-03 21:10 . 2008-12-03 21:10 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-12-03 21:09 . 2007-08-31 14:01 1,421,736 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-12-03 21:09 . 2007-08-21 03:12 21,760 --a------ c:\windows\system32\drivers\point32.sys
2008-12-03 21:09 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\drivers\hidserv.dll
2008-12-03 21:09 . 2007-08-31 13:58 18,856 --a------ c:\windows\system32\drivers\nuidfltr.sys
2008-12-03 21:06 . 2008-12-03 21:08 d-------- c:\program files\Microsoft IntelliPoint
2008-12-03 21:01 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-03 21:01 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-03 17:00 . 2008-12-03 17:00 d--h----- c:\windows\system32\GroupPolicy
2008-11-29 19:53 . 2008-11-29 19:53 d-------- c:\documents and settings\David\Application Data\gtk-2.0
2008-11-29 16:04 . 2008-11-29 16:04 d-------- C:\Drivers
2008-11-29 16:04 . 2001-11-05 09:23 299,923 --a------ c:\windows\system32\drivers\sonyhcs.sys
2008-11-29 16:04 . 2002-10-15 22:41 102,220 --a------ c:\windows\system32\drivers\sonypvs1.sys
2008-11-29 16:04 . 2001-07-03 20:33 53,248 --a------ c:\windows\system32\SONYHCY.DLL
2008-11-29 16:04 . 2001-11-05 09:23 38,739 --a------ c:\windows\system32\drivers\sonyhcc.sys
2008-11-29 16:04 . 2001-11-05 09:23 6,097 --a------ c:\windows\system32\drivers\sonyhcb.sys
2008-11-29 16:04 . 2001-07-03 20:39 3,654 --a------ c:\windows\system32\drivers\Sonyhcp.dll
2008-11-29 11:26 . 2006-11-02 16:57 118,520 --a------ c:\windows\system32\PxInsI64.exe
2008-11-29 11:26 . 2006-10-18 19:43 115,960 --a------ c:\windows\system32\PxCpyI64.exe
2008-11-29 11:26 . 2006-11-02 16:57 36,624 --a------ c:\windows\system32\drivers\pxhelp20.sys
2008-11-29 11:26 . 2006-08-28 21:48 2,560 --a------ c:\windows\system32\drivers\cdralw2k.sys
2008-11-29 11:26 . 2006-08-28 21:48 2,432 --a------ c:\windows\system32\drivers\cdr4_xp.sys
2008-11-26 21:53 . 2008-12-21 11:41 d-------- c:\documents and settings\David\Application Data\FrostWire
2008-11-26 17:33 . 2008-11-29 11:24 d-------- c:\program files\Sony
2008-11-26 17:32 . 2008-11-26 17:32 d-------- c:\program files\Sony Setup
2008-11-26 16:33 . 2008-11-26 16:33 d-------- c:\program files\MSXML 4.0
2008-11-24 20:50 . 2008-11-24 20:50 d-------- c:\documents and settings\David\Application Data\Apple Computer
2008-11-24 20:44 . 2008-11-24 20:44 419 --a------ c:\windows\BRWMARK.INI
2008-11-24 20:44 . 2008-11-24 20:44 27 --a------ c:\windows\BRPP2KA.INI
2008-11-24 20:43 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-24 20:43 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-24 20:40 . 2008-11-24 20:40 212 --a------ c:\windows\Brpfx04a.ini
2008-11-24 20:40 . 2008-11-24 20:40 93 --a------ c:\windows\brpcfx.ini
2008-11-24 20:40 . 2008-11-24 20:40 50 --a------ c:\windows\system32\bridf07a.dat
2008-11-24 20:39 . 2007-02-01 13:19 1,520,640 --a------ c:\windows\system32\BrWia07a.dll
2008-11-24 20:39 . 2006-12-28 13:39 176,128 --------- c:\windows\system32\BroSNMP.dll
2008-11-24 20:39 . 2006-01-17 01:03 126,976 --------- c:\windows\system32\BrfxD05a.dll
2008-11-24 20:39 . 2007-01-25 17:16 94,208 -r------- c:\windows\system32\BrDctF2.dll
2008-11-24 20:39 . 2007-01-26 16:13 54,784 --a------ c:\windows\system32\brinsstr.dll
2008-11-24 20:39 . 2007-01-26 14:06 45,568 --a------ c:\windows\system32\BrUsi07a.dll
2008-11-24 20:39 . 2004-10-15 12:50 15,295 --a------ c:\windows\system32\drivers\BrScnUsb.sys
2008-11-24 20:39 . 2007-01-15 21:54 12,288 -r------- c:\windows\system32\BrDctF2S.dll
2008-11-24 20:39 . 2007-01-15 16:09 12,288 -r------- c:\windows\system32\BrDctF2L.dll
2008-11-24 20:39 . 2001-11-15 01:00 6,224 --------- c:\windows\CVRPAGE.BMP
2008-11-24 20:39 . 2003-11-28 18:57 0 --a------ c:\windows\brdfxspd.dat
2008-11-24 20:38 . 2008-11-24 20:40 d-------- c:\program files\Brother
2008-11-24 20:38 . 2008-11-24 20:38 d-------- c:\documents and settings\David\Application Data\InstallShield
2008-11-24 20:38 . 2007-01-18 13:51 163,840 --------- c:\windows\system32\NSSearch.dll
2008-11-24 20:38 . 2007-02-15 13:54 131,072 --a------ c:\windows\brunin03.dll
2008-11-24 20:37 . 2008-11-24 20:37 d-------- c:\program files\Nuance
2008-11-24 20:36 . 2008-11-24 20:36 d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-11-24 20:36 . 2006-10-24 15:34 31,567 --a------ c:\windows\maxlink.ini
2008-11-24 20:35 . 2008-11-24 20:35 d-------- c:\program files\ScanSoft
2008-11-24 20:35 . 2008-11-24 20:35 d-------- c:\program files\Common Files\ScanSoft Shared
2008-11-24 20:35 . 2008-11-24 20:36 d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2008-11-24 20:33 . 2008-11-24 20:33 d-------- c:\documents and settings\All Users\Application Data\Brother
2008-11-24 19:54 . 2008-11-24 20:31 d-------- c:\documents and settings\David\Application Data\devede
2008-11-24 19:34 . 2008-12-20 11:24 d-------- c:\documents and settings\David\Application Data\OpenOffice.org2
2008-11-24 11:46 . 2008-10-16 15:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-24 11:46 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-24 11:46 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-24 11:46 . 2008-10-16 15:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-24 11:46 . 2008-10-16 15:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-24 11:46 . 2008-10-16 15:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-24 11:46 . 2008-10-16 15:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-24 11:46 . 2008-10-16 15:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-24 11:46 . 2008-10-16 08:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-23 00:07 . 2008-11-23 00:07 d--hs---- c:\documents and settings\David\UserData
2008-11-22 20:51 . 2008-11-22 20:51 d-------- c:\program files\gui
2008-11-22 20:47 . 2008-11-22 20:47 d-------- C:\gui
2008-11-22 20:44 . 2008-11-22 20:44 d-------- c:\documents and settings\David\Application Data\Atari
2008-11-22 20:36 . 2008-11-22 20:36 d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-11-22 18:40 . 2008-04-14 04:42 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-22 18:40 . 2008-12-18 16:01 69 --a------ c:\windows\NeroDigital.ini
2008-11-22 16:37 . 2008-11-22 16:37 d-------- c:\program files\SystemRequirementsLab
2008-11-22 16:37 . 2008-11-22 16:37 d-------- c:\documents and settings\David\Application Data\SystemRequirementsLab
2008-11-22 16:24 . 2008-11-22 16:24 268 --ah----- C:\sqmdata09.sqm
2008-11-22 16:24 . 2008-11-22 16:24 244 --ah----- C:\sqmnoopt09.sqm
2008-11-22 16:19 . 2008-12-08 16:13 d-------- c:\documents and settings\David\Application Data\Vso
2008-11-22 16:19 . 2008-11-29 19:54 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-22 16:19 . 2008-11-29 19:54 47,360 --a------ c:\documents and settings\David\Application Data\pcouffin.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 21:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-21 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-21 17:24 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-12-21 17:24 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-20 20:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 14:45 81,920 ------r c:\windows\bwUnin-6.1.4.36-8876480L.exe
2008-12-17 04:03 --------- d-----w c:\program files\Common Files\Logitech
2008-11-29 16:23 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-27 02:57 --------- d-----w c:\program files\FrostWire
2008-11-23 05:06 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-22 14:46 --------- d-----w c:\program files\Java
2008-11-20 02:11 --------- d-----w c:\program files\iTunes
2008-11-20 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-20 02:10 --------- d-----w c:\program files\QuickTime
2008-11-20 02:10 --------- d-----w c:\program files\iPod
2008-11-20 02:10 --------- d-----w c:\program files\Bonjour
2008-11-20 02:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-20 02:09 --------- d-----w c:\program files\Common Files\Apple
2008-11-20 02:08 --------- d-----w c:\program files\Apple Software Update
2008-11-20 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-20 01:55 --------- d-----w c:\program files\Common Files\Java
2008-11-19 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\CA-SupportBridge
2008-11-19 20:16 --------- d-----w c:\program files\Rogers
2008-11-19 02:15 --------- d-----w c:\program files\Windows Media Components
2008-11-19 01:29 --------- d-----w c:\program files\Windows Live
2008-11-19 01:28 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-19 00:06 --------- d-----w c:\program files\Common Files\INCA Shared
2008-11-19 00:00 --------- d-----w c:\program files\Gpotato
2008-11-18 23:08 --------- d-----w c:\program files\Windows Sidebar
2008-11-18 22:23 --------- d-----w c:\program files\Common Files\Adobe
2008-11-18 22:15 --------- d-----w c:\program files\OpenOffice.org 2.0
2008-11-18 22:14 --------- d-----w c:\program files\Ahead
2008-11-18 22:13 --------- d-----w c:\program files\Common Files\Ahead
2008-11-18 22:11 --------- d-----w c:\program files\InterVideo
2008-11-18 22:09 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-11-18 22:09 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-11-18 22:08 --------- d-----w c:\program files\C-Media
2008-11-18 17:16 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-12-19 16384]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SystemGuardAlerter"="c:\program files\iolo\System Mechanic 6\SystemGuardAlerter.exe" [2005-12-16 241152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-24 714608]
"C-Media Mixer"="Mixer.exe" [2002-06-12 c:\windows\mixer.exe]

c:\documents and settings\David\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-12-19 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149352]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2008-05-16 140648]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\Rogers\Update Manager\RogersUpdateManager.exe [2008-04-22 163840]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [2008-12-07 220631]
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-04 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 14:01]

2008-12-21 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-26 12:19]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-CamWizard - c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = localhost
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 16:45:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxpxfeoitu.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-21 16:47:35
ComboFix-quarantined-files.txt 2008-12-21 21:47:31

Pre-Run: 39,000,399,872 bytes free
Post-Run: 39,110,287,360 bytes free

296 --- E O F --- 2008-12-09 22:02:02

Hello.
Do you have external drives? (external HD,
Because they are infected too, and we need to clean them also.

If not, do this.

Please download Flash_Disinfector from HERE

• First, download it to your desktop.
  
• Now double click it to run it and will tell it you what to do when you open it.
  
• It will temporarily kill explorer.exe and your desktop will go blank.
  
• Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
  
• It will make a dummy autorun.inf in the root of every drive.
  
• You can now delete Flash_Disinfector.exe.
  

You should be able to get the recovery console this time.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\program files\Mozilla Firefox\components\iamfamous.dll

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ok so i have done the Flash_Disinfector... but it still won't let me download the recovery console.. it says i have no internet connection. Should i continue anyway?? By the way should i have system restore on or off during all of this because currently it is on.

Hello.
No, don't turn off system restore.

Do the CFScript without the console again, and we'll install it after this run.

ComboFix 08-12-21.01 - David 2008-12-21 17:41:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.87 [GMT -5:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\program files\Mozilla Firefox\components\iamfamous.dll
.

((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-21 12:01 . 2008-12-21 12:44 d-------- c:\program files\Norton AntiVirus
2008-12-21 12:00 . 2008-12-21 12:24 d-------- c:\program files\Symantec
2008-12-21 12:00 . 2008-12-21 12:24 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-21 12:00 . 2008-12-21 12:24 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-20 22:51 . 2008-12-20 22:51 d-------- c:\program files\Trend Micro
2008-12-20 22:13 . 2008-12-20 22:13 d-a------ c:\program files\Silkroad
2008-12-20 21:46 . 2008-12-20 21:47 304 --a------ C:\config.ini
2008-12-20 20:43 . 2008-12-20 20:43 33 --a------ c:\windows\LVMMail.INI
2008-12-20 16:02 . 2008-12-20 16:02 d-------- c:\program files\Common Files\DirectX
2008-12-20 15:36 . 2008-12-20 15:40 d-------- C:\nDoors
2008-12-20 14:34 . 2008-12-20 14:34 96 --ah----- c:\windows\system32\HsInfo.dat
2008-12-20 14:32 . 2008-12-20 14:32 d-------- c:\program files\alaplaya
2008-12-20 12:43 . 2008-12-20 12:43 dr------- c:\documents and settings\David\Application Data\Brother
2008-12-18 23:22 . 2008-12-19 09:47 1,556 --a------ c:\windows\_delis32.ini
2008-12-18 23:20 . 2008-12-21 14:08 d-------- c:\program files\Logitech
2008-12-17 20:19 . 2008-12-17 20:19 d-------- c:\program files\PCI Audio Applications
2008-12-17 19:06 . 2003-03-28 14:19 39,279 --a------ c:\windows\cmijack.dat
2008-12-17 19:06 . 2003-04-03 18:37 23,041 --a------ c:\windows\cmaudio.dat
2008-12-17 19:01 . 2008-12-17 19:01 d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-12-17 17:56 . 2008-12-17 17:56 d-------- c:\windows\Downloaded Installations
2008-12-17 17:55 . 2008-12-17 17:55 d-------- c:\documents and settings\David\Application Data\ScanSoft
2008-12-17 17:39 . 2008-12-17 17:40 d-------- c:\windows\system32\NtmsData
2008-12-17 15:55 . 2008-12-17 15:58 d-------- c:\program files\Image-Line
2008-12-16 22:48 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-12-16 22:48 . 2003-03-18 20:05 89,088 --a------ c:\windows\system32\atl71.dll
2008-12-16 22:48 . 2003-03-18 21:44 65,536 --a------ c:\windows\system32\MFC71DEU.DLL
2008-12-16 22:48 . 2003-03-18 21:44 61,440 --a------ c:\windows\system32\MFC71ITA.DLL
2008-12-16 22:48 . 2003-03-18 21:44 61,440 --a------ c:\windows\system32\MFC71ESP.DLL
2008-12-16 22:48 . 2003-03-18 21:44 57,344 --a------ c:\windows\system32\MFC71ENU.DLL
2008-12-16 22:48 . 2003-03-18 21:44 49,152 --a------ c:\windows\system32\MFC71KOR.DLL
2008-12-16 22:48 . 2003-03-18 21:44 49,152 --a------ c:\windows\system32\MFC71JPN.DLL
2008-12-16 22:48 . 2003-03-18 21:44 45,056 --a------ c:\windows\system32\MFC71CHT.DLL
2008-12-16 22:48 . 2003-03-18 21:44 40,960 --a------ c:\windows\system32\MFC71CHS.DLL
2008-12-16 20:27 . 2008-12-16 20:27 d-------- c:\documents and settings\David\Application Data\Juce VST Host
2008-12-16 20:06 . 2008-12-17 15:57 d-------- c:\program files\VstPlugins
2008-12-11 22:30 . 2008-12-11 22:30 d-------- c:\program files\Paint.NET
2008-12-09 15:51 . 2008-12-13 07:58 d-------- c:\program files\PeerGuardian2
2008-12-08 19:48 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-12-08 16:05 . 2008-12-08 16:05 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-12-07 16:29 . 2008-12-07 16:29 d-------- c:\program files\DVDFab Platinum 4
2008-12-05 17:30 . 2002-07-07 17:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2008-12-05 17:30 . 2006-06-20 03:56 225,280 --a------ c:\windows\system32\rewire.dll
2008-12-05 17:29 . 2008-12-05 17:29 d-------- c:\program files\Outsim
2008-12-03 21:10 . 2008-12-03 21:10 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-03 21:10 . 2008-12-03 21:10 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-12-03 21:09 . 2007-08-31 14:01 1,421,736 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-12-03 21:09 . 2007-08-21 03:12 21,760 --a------ c:\windows\system32\drivers\point32.sys
2008-12-03 21:09 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\drivers\hidserv.dll
2008-12-03 21:09 . 2007-08-31 13:58 18,856 --a------ c:\windows\system32\drivers\nuidfltr.sys
2008-12-03 21:06 . 2008-12-03 21:08 d-------- c:\program files\Microsoft IntelliPoint
2008-12-03 21:01 . 2008-04-14 05:41 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-03 21:01 . 2008-04-14 05:41 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-03 17:00 . 2008-12-03 17:00 d--h----- c:\windows\system32\GroupPolicy
2008-11-29 19:53 . 2008-11-29 19:53 d-------- c:\documents and settings\David\Application Data\gtk-2.0
2008-11-29 16:04 . 2008-11-29 16:04 d-------- C:\Drivers
2008-11-29 16:04 . 2001-11-05 09:23 299,923 --a------ c:\windows\system32\drivers\sonyhcs.sys
2008-11-29 16:04 . 2002-10-15 22:41 102,220 --a------ c:\windows\system32\drivers\sonypvs1.sys
2008-11-29 16:04 . 2001-07-03 20:33 53,248 --a------ c:\windows\system32\SONYHCY.DLL
2008-11-29 16:04 . 2001-11-05 09:23 38,739 --a------ c:\windows\system32\drivers\sonyhcc.sys
2008-11-29 16:04 . 2001-11-05 09:23 6,097 --a------ c:\windows\system32\drivers\sonyhcb.sys
2008-11-29 16:04 . 2001-07-03 20:39 3,654 --a------ c:\windows\system32\drivers\Sonyhcp.dll
2008-11-29 11:26 . 2006-11-02 16:57 118,520 --a------ c:\windows\system32\PxInsI64.exe
2008-11-29 11:26 . 2006-10-18 19:43 115,960 --a------ c:\windows\system32\PxCpyI64.exe
2008-11-29 11:26 . 2006-11-02 16:57 36,624 --a------ c:\windows\system32\drivers\pxhelp20.sys
2008-11-29 11:26 . 2006-08-28 21:48 2,560 --a------ c:\windows\system32\drivers\cdralw2k.sys
2008-11-29 11:26 . 2006-08-28 21:48 2,432 --a------ c:\windows\system32\drivers\cdr4_xp.sys
2008-11-26 21:53 . 2008-12-21 11:41 d-------- c:\documents and settings\David\Application Data\FrostWire
2008-11-26 17:33 . 2008-11-29 11:24 d-------- c:\program files\Sony
2008-11-26 17:32 . 2008-11-26 17:32 d-------- c:\program files\Sony Setup
2008-11-26 16:33 . 2008-11-26 16:33 d-------- c:\program files\MSXML 4.0
2008-11-24 20:50 . 2008-11-24 20:50 d-------- c:\documents and settings\David\Application Data\Apple Computer
2008-11-24 20:44 . 2008-11-24 20:44 419 --a------ c:\windows\BRWMARK.INI
2008-11-24 20:44 . 2008-11-24 20:44 27 --a------ c:\windows\BRPP2KA.INI
2008-11-24 20:43 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-24 20:43 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-24 20:40 . 2008-11-24 20:40 212 --a------ c:\windows\Brpfx04a.ini
2008-11-24 20:40 . 2008-11-24 20:40 93 --a------ c:\windows\brpcfx.ini
2008-11-24 20:40 . 2008-11-24 20:40 50 --a------ c:\windows\system32\bridf07a.dat
2008-11-24 20:39 . 2007-02-01 13:19 1,520,640 --a------ c:\windows\system32\BrWia07a.dll
2008-11-24 20:39 . 2006-12-28 13:39 176,128 --------- c:\windows\system32\BroSNMP.dll
2008-11-24 20:39 . 2006-01-17 01:03 126,976 --------- c:\windows\system32\BrfxD05a.dll
2008-11-24 20:39 . 2007-01-25 17:16 94,208 -r------- c:\windows\system32\BrDctF2.dll
2008-11-24 20:39 . 2007-01-26 16:13 54,784 --a------ c:\windows\system32\brinsstr.dll
2008-11-24 20:39 . 2007-01-26 14:06 45,568 --a------ c:\windows\system32\BrUsi07a.dll
2008-11-24 20:39 . 2004-10-15 12:50 15,295 --a------ c:\windows\system32\drivers\BrScnUsb.sys
2008-11-24 20:39 . 2007-01-15 21:54 12,288 -r------- c:\windows\system32\BrDctF2S.dll
2008-11-24 20:39 . 2007-01-15 16:09 12,288 -r------- c:\windows\system32\BrDctF2L.dll
2008-11-24 20:39 . 2001-11-15 01:00 6,224 --------- c:\windows\CVRPAGE.BMP
2008-11-24 20:39 . 2003-11-28 18:57 0 --a------ c:\windows\brdfxspd.dat
2008-11-24 20:38 . 2008-11-24 20:40 d-------- c:\program files\Brother
2008-11-24 20:38 . 2008-11-24 20:38 d-------- c:\documents and settings\David\Application Data\InstallShield
2008-11-24 20:38 . 2007-01-18 13:51 163,840 --------- c:\windows\system32\NSSearch.dll
2008-11-24 20:38 . 2007-02-15 13:54 131,072 --a------ c:\windows\brunin03.dll
2008-11-24 20:37 . 2008-11-24 20:37 d-------- c:\program files\Nuance
2008-11-24 20:36 . 2008-11-24 20:36 d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-11-24 20:36 . 2006-10-24 15:34 31,567 --a------ c:\windows\maxlink.ini
2008-11-24 20:35 . 2008-11-24 20:35 d-------- c:\program files\ScanSoft
2008-11-24 20:35 . 2008-11-24 20:35 d-------- c:\program files\Common Files\ScanSoft Shared
2008-11-24 20:35 . 2008-11-24 20:36 d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2008-11-24 20:33 . 2008-11-24 20:33 d-------- c:\documents and settings\All Users\Application Data\Brother
2008-11-24 19:54 . 2008-11-24 20:31 d-------- c:\documents and settings\David\Application Data\devede
2008-11-24 19:34 . 2008-12-20 11:24 d-------- c:\documents and settings\David\Application Data\OpenOffice.org2
2008-11-24 11:46 . 2008-10-16 15:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-24 11:46 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-24 11:46 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-24 11:46 . 2008-10-16 15:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-24 11:46 . 2008-10-16 15:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-24 11:46 . 2008-10-16 15:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-24 11:46 . 2008-10-16 15:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-24 11:46 . 2008-10-16 15:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-24 11:46 . 2008-10-16 08:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-22 20:51 . 2008-11-22 20:51 d-------- c:\program files\gui
2008-11-22 20:47 . 2008-11-22 20:47 d-------- C:\gui
2008-11-22 20:44 . 2008-11-22 20:44 d-------- c:\documents and settings\David\Application Data\Atari
2008-11-22 20:36 . 2008-11-22 20:36 d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-11-22 18:40 . 2008-04-14 04:42 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-22 18:40 . 2008-12-18 16:01 69 --a------ c:\windows\NeroDigital.ini
2008-11-22 16:37 . 2008-11-22 16:37 d-------- c:\program files\SystemRequirementsLab
2008-11-22 16:37 . 2008-11-22 16:37 d-------- c:\documents and settings\David\Application Data\SystemRequirementsLab
2008-11-22 16:24 . 2008-11-22 16:24 268 --ah----- C:\sqmdata09.sqm
2008-11-22 16:24 . 2008-11-22 16:24 244 --ah----- C:\sqmnoopt09.sqm
2008-11-22 16:19 . 2008-12-08 16:13 d-------- c:\documents and settings\David\Application Data\Vso
2008-11-22 16:19 . 2008-11-29 19:54 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-22 16:19 . 2008-11-29 19:54 47,360 --a------ c:\documents and settings\David\Application Data\pcouffin.sys
2008-11-22 16:18 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 21:33 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-21 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-21 17:24 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-12-21 17:24 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-20 20:40 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 14:45 81,920 ------r c:\windows\bwUnin-6.1.4.36-8876480L.exe
2008-12-17 04:03 --------- d-----w c:\program files\Common Files\Logitech
2008-11-29 16:23 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-27 02:57 --------- d-----w c:\program files\FrostWire
2008-11-23 05:06 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-22 14:46 --------- d-----w c:\program files\Java
2008-11-20 02:11 --------- d-----w c:\program files\iTunes
2008-11-20 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-20 02:10 --------- d-----w c:\program files\QuickTime
2008-11-20 02:10 --------- d-----w c:\program files\iPod
2008-11-20 02:10 --------- d-----w c:\program files\Bonjour
2008-11-20 02:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-20 02:09 --------- d-----w c:\program files\Common Files\Apple
2008-11-20 02:08 --------- d-----w c:\program files\Apple Software Update
2008-11-20 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-20 01:55 --------- d-----w c:\program files\Common Files\Java
2008-11-19 21:22 --------- d-----w c:\documents and settings\All Users\Application Data\CA-SupportBridge
2008-11-19 20:16 --------- d-----w c:\program files\Rogers
2008-11-19 02:15 --------- d-----w c:\program files\Windows Media Components
2008-11-19 01:29 --------- d-----w c:\program files\Windows Live
2008-11-19 01:28 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-19 00:06 --------- d-----w c:\program files\Common Files\INCA Shared
2008-11-19 00:00 --------- d-----w c:\program files\Gpotato
2008-11-18 23:08 --------- d-----w c:\program files\Windows Sidebar
2008-11-18 22:23 --------- d-----w c:\program files\Common Files\Adobe
2008-11-18 22:15 --------- d-----w c:\program files\OpenOffice.org 2.0
2008-11-18 22:14 --------- d-----w c:\program files\Ahead
2008-11-18 22:13 --------- d-----w c:\program files\Common Files\Ahead
2008-11-18 22:11 --------- d-----w c:\program files\InterVideo
2008-11-18 22:09 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-11-18 22:09 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-11-18 22:08 --------- d-----w c:\program files\C-Media
2008-11-18 17:16 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-12-21_16.46.50.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-21 22:22:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-12-19 16384]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SystemGuardAlerter"="c:\program files\iolo\System Mechanic 6\SystemGuardAlerter.exe" [2005-12-16 241152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-24 714608]
"C-Media Mixer"="Mixer.exe" [2002-06-12 c:\windows\mixer.exe]

c:\documents and settings\David\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-12-19 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-24 149352]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\Rogers\SelfHealing\RogersSelfHelpService.exe [2008-05-16 140648]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\Rogers\Update Manager\RogersUpdateManager.exe [2008-04-22 163840]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [2008-12-07 220631]
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-04 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 14:01]

2008-12-21 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-26 12:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = localhost
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 17:45:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxpxfeoitu.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-21 17:46:52
ComboFix-quarantined-files.txt 2008-12-21 22:46:48
ComboFix2.txt 2008-12-21 21:47:37

Pre-Run: 39,042,056,192 bytes free
Post-Run: 39,030,816,768 bytes free

293 --- E O F --- 2008-12-09 22:02:02

That didn't work for some reason.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :processes
  explorer.exe
  
  :files
  c:\program files\Mozilla Firefox\components\iamfamous.dll
  
  :reg
  [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]
  
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post a new Hijack This log + OTMoveIt log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:56 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8025 bytes

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\program files\Mozilla Firefox\components\iamfamous.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_cIOXu16jQ1YIGs9BJ4Ru scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETA96F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8e0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_175512

Files moved on Reboot...
File C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_cIOXu16jQ1YIGs9BJ4Ru not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\JETA96F.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_8e0.dat not found!
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\jwsuuw1a.default\XUL.mfl moved successfully.

Looks good, what problems remain?

thanks a lot for your support.. but i still think something is remaining on it because every time i log on my account ... a message pops up saying.... "Either another instance of OpenOffice.org is accessing your personal settings or your personal settings are locked.
Simultaneous access can lead to inconsistencies in your personal settings. before continuing, you should make sure user 'OWNER-E7DE91275/David' closes OpenOffice.org on host 'OWNER-E7DE91275 Do you really want to continue?" Yes/No. >> is this a virus trying to access personal stuff??

No, I think it's the OpenOffice user profile startup key.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - S-1-5-18 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'SYSTEM')
  O4 - .DEFAULT Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Default user')
  O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Logon to your account again and see if it's still happening.

THANK YOU!! your amazing looll... i really appreciate everything you have done and you patience and time !! Thanks to you my computer is working great now ... lol thanks again ... Take care .. ill notify you if anything else goes wrong XDD

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.


Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck.

WOW!! omg !! i think i still have a problem !!! can you please check my Hijackthis again... and see if you find anything !! ty The reason why i still think there something cause my computer is freaking out a freezing a lot also Norton anti-virus keeps popping up saying "blocked W32.Tidserv" and Norton keeps turning off the virus protection automatically Im really confused XD

here's Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:09 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7984 bytes

Hello.
Does it say where? like a filename or location?

Im doing a full system scan on Norton and it found Backdoor.Tidserv!inf.. it said it's not safe to remove should i anyway?
btw it's not showing a location

Okay.
It might be finding combofix deleted stuff.

Delete these two folders:
C:\Qoobox
C:\_OTMoveIt

ok i did what you said .. but iv got more problems... im still running Norton and it found even more ... it found another w32.tidserv and Backdoor.Tidserv!inf now it have x2 of both ... im sooo confused right now lol

Darn.
Let the Norton scan finish, then re-run combofix.

ok.. ill notify you when it's done ..

Hello.
Don't run CF, leave that, we'll use something else.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log with a fresh copy of HijackThis log.

Take your time with this and get it right, I have to go offline, getting late here.
So no rush, and I'll look over the log in the morning.

Hello.
Don't run CF, leave that, we'll use something else.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log with a fresh copy of HijackThis log.

Take your time with this and get it right, I have to go offline, getting late here.
So no rush, and I'll look over the log in the morning.

Hello.
Don't run CF, leave that, we'll use something else.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log with a fresh copy of HijackThis log.

Take your time with this and get it right, I have to go offline, getting late here.
So no rush, and I'll look over the log in the morning.

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 3

12/21/2008 9:35:40 PM
mbam-log-2008-12-21 (21-35-39).txt

Scan type: Quick Scan
Objects scanned: 50481
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:47 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 8196 bytes

Hello.
Does Norton still give you tdss stuff in the scan? MBAM only found one reg key.

yes Norton does still found them.... it found two(x2) of both W32.Tidserv
Backdoor.Tidserv!inf ... Now the problem is, Norton said to manually remove the Backdoor. Tidserv!inf when i do... it says "could not remove"

*I Removed both of the W32.Tidserv... but it's weird cause every 10 mins... Norton's Auto-block says "blocked W32. Tidserv"*

Logs are clean, so I'm gonna guess it's finding leftovers in the system restore.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.


Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
  
• The program will then begin downloading and installing and will also update the database.
  
• Please be patient as this can take several minutes.
  
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Click View scan report at the bottom.
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
  
  **Note**
  
  To optimize scanning time and produce a more sensible report for review:
  
  
• Close any open programs.
  
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
  

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

When i go to Kaspersky Online am i supposed to click on "Kaspersky Online Scanner" cause when i do there's nothing on the page

Hello.
There's no "Continue with free scan" button?
Are you using internet explorer?

If it won't work in IE, try in Firefox.

lol Nope i don't see that button
i tried it on both already.
and tried refresh

Okay, we'll use Dr.web

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  
• Back at the main window, mark the drives that you want to scan.
  
• Select all drives. A red dot shows which drives have been chosen.
  
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can click next icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
  

data002\32788R22FWJFW\mtee.cfexe;C:\Documents and Settings\David\Desktop\ComboFix.exe\data002;Probably Trojan.Packed.258;;
data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\David\Desktop\ComboFix.exe\data002;Program.PsExec.171;;
data002;C:\Documents and Settings\David\Desktop\ComboFix.exe;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\David\Desktop;Archive contains infected objects;Moved.;

Still nothing bad found.
I don't know where the Norton is finding the problem, but it's not showing in the logs.

Download ATF Cleaner

• Double-click ATF-Cleaner.exe to run the program.
  
• Click Select All found at the bottom of the list.
  
• Click the Empty Selected button.
  

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
  
• Click the Empty Selected button.
  
• NOTE : If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

If no problems remain, I would say you are clean, but Norton is just being picky.

ok thank you.. I can see your really busy.. lol
thanks for the software ... im goin to try to do another full system scan on Norton and see if it still finds it. If it does what are some good suggestions?
Also did you want me to send the HiJackThis Log once more just to see if everything it fine ??? lol take your time on the reply no rush.. i know you have a lot of other ppl to answer.

* I won't message you back until the Norton scan is done, It might take about 1 or 2 hours* (Once again no rush lol:))

ok.. soo i did do a Norton scan and it found nothing
im pretty sure the virus is gone now..lol
but my computer has been running significantly slower after the removal.
anything i could do to increase Performance ?

Could be the amount of startup/service items.
Post a NEW Hijack This log and we'll see what we can do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:06 PM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Rogers SHS Service (RogersSelfHelpService) - Rogers Cable Communications - C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
O23 - Service: Rogers Update Manager (RogersUpdateManager) - Rogers Cable Communications - C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7869 bytes

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
  R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
  O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
  O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
  O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
  O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
  O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
  O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Reboot and see if it's any faster.

Meh.. i notice some improvement ... but anyways will it be safe to remove all those things i downloaded (E.g Dr.Web, MalwareBytes, ATI cleaner, OTMoveIT) because i know some of the things might be quarantine.

Yes, remove:
Dr.web
MBAM
OTMoveIt

Keep ATF-Cleaer, that doesn't quarantine anything, it's just a easy to use temp file cleaner and will save you some HD space.