BankerFox.A Virus

Hello my computer is telling me i have BankerFox.A Virus Can you help me?

Hi dantana0531 and Welcome Back.....

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
  
• Doubleclick on the HJTInstall.exe icon on your desktop.
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed, it will launch Hijackthis.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:11 AM, on 4/27/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-4140633030-3341314632-3632176343-1009\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Beach Master')
O4 - HKUS\S-1-5-21-4140633030-3341314632-3632176343-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Beach Master')
O4 - HKUS\S-1-5-21-4140633030-3341314632-3632176343-1009\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Beach Master')
O4 - HKUS\S-1-5-21-4140633030-3341314632-3632176343-1009\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Beach Master')
O4 - HKUS\S-1-5-21-4140633030-3341314632-3632176343-1009\..\Run: [pyfqtomm] C:\Documents and Settings\Beach Master\Local Settings\Application Data\qddqfa\ummcsftav.exe (User 'Beach Master')
O4 - HKUS\S-1-5-21-4140633030-3341314632-3632176343-1009\..\Run: [aorianwx] C:\Documents and Settings\Beach Master\Local Settings\Application Data\ydvujfbsa\qqupvsttssd.exe (User 'Beach Master')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrayMin700.exe.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 13613 bytes

Hello again to you and thank you so much for being here..
i have another question also about internet explorer add-ons it says mine are disabled not sure what this means or if its the problem.. Thank you again.
Dana

We'll deal with the IE add-ons when we are done Dana....

Oh boy,,, your log is showing some infections. I see you have used ComboFix before. Just in case you kept your old copy, I need for you to use this one:

1. Download ComboFix from below:
   
   Combofix download
   
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   
   You can get help on disabling your protection programs here
   
   
3. Double click on combofix.exe & follow the prompts.
   
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   
   The Recovery Console was successfully installed.
   
   
   
   Click on Yes, to continue scanning for malware.
   
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------
   

Hello it restarted my computor but no log

Go to My Computer right click then go to your C Drive:



And you'll see the ComboFix txt and post the log please.

ok there wasnt a combofix text there should i do this again

Yes..

But rename Combofix.exe to Firefox.com
Then try again.
With this severly infected system, it *may* take a while before combofix actually starts to run though, so please be patient...

no worries im very patient. and you are very good and i am very very very appreciative
ok im going to rename and do this again..

ComboFix 10-04-26.04 - Dana 04/27/2010 10:19:45.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1399 [GMT -5:00]
Running from: c:\documents and settings\Dana\Desktop\Firefox.com.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT\00000000.DAT
c:\recycler\NPROTECT\00000001.DAT
c:\recycler\NPROTECT\00000002
c:\recycler\NPROTECT\00000003
c:\recycler\NPROTECT\00000004
c:\recycler\NPROTECT\00000005
c:\recycler\NPROTECT\00000007
c:\recycler\NPROTECT\00000009
c:\recycler\NPROTECT\00000010
c:\recycler\NPROTECT\00000013.DAT
c:\recycler\NPROTECT\00000014
c:\recycler\NPROTECT\00000015
c:\recycler\NPROTECT\00000016
c:\recycler\NPROTECT\00000017
c:\recycler\NPROTECT\00000019
c:\recycler\NPROTECT\00000020.DAT
c:\recycler\NPROTECT\00000021
c:\recycler\NPROTECT\00000022
c:\recycler\NPROTECT\00000023.DAT
c:\recycler\NPROTECT\00000024
c:\recycler\NPROTECT\00000025
c:\recycler\NPROTECT\00000026
c:\recycler\NPROTECT\00000027
c:\recycler\NPROTECT\00000028
c:\recycler\NPROTECT\00000029
c:\recycler\NPROTECT\00000030
c:\recycler\NPROTECT\00000031
c:\recycler\NPROTECT\00000032
c:\recycler\NPROTECT\00000033
c:\recycler\NPROTECT\00000034
c:\recycler\NPROTECT\00000035
c:\recycler\NPROTECT\00000036.dat
c:\recycler\NPROTECT\00000037.DB~
c:\recycler\NPROTECT\00000038
c:\recycler\NPROTECT\00000039
c:\recycler\NPROTECT\00000042
c:\recycler\NPROTECT\00000043
c:\recycler\NPROTECT\00000045
c:\recycler\NPROTECT\00000047
c:\recycler\NPROTECT\00000048
c:\recycler\NPROTECT\00000049
c:\recycler\NPROTECT\00000051
c:\recycler\NPROTECT\00000053
c:\recycler\NPROTECT\00000054
c:\recycler\NPROTECT\00000055
c:\recycler\NPROTECT\00000056
c:\recycler\NPROTECT\00000059
c:\recycler\NPROTECT\00000060
c:\recycler\NPROTECT\00000061
c:\recycler\NPROTECT\00000063
c:\recycler\NPROTECT\00000065
c:\recycler\NPROTECT\00000066
c:\recycler\NPROTECT\00000067
c:\recycler\NPROTECT\00000068
c:\recycler\NPROTECT\00000069
c:\recycler\NPROTECT\00000070
c:\recycler\NPROTECT\00000071
c:\recycler\NPROTECT\00000072
c:\recycler\NPROTECT\00000073
c:\recycler\NPROTECT\00000074
c:\recycler\NPROTECT\00000075
c:\recycler\NPROTECT\00000077
c:\recycler\NPROTECT\00000078
c:\recycler\NPROTECT\00000080
c:\recycler\NPROTECT\00000081
c:\recycler\NPROTECT\00000083
c:\recycler\NPROTECT\00000084
c:\recycler\NPROTECT\00000085
c:\recycler\NPROTECT\00000086
c:\recycler\NPROTECT\00000087
c:\recycler\NPROTECT\00000089
c:\recycler\NPROTECT\00000090
c:\recycler\NPROTECT\00000091
c:\recycler\NPROTECT\00000092
c:\recycler\NPROTECT\00000094
c:\recycler\NPROTECT\00000095
c:\recycler\NPROTECT\00000096
c:\recycler\NPROTECT\00000097
c:\recycler\NPROTECT\00000098
c:\recycler\NPROTECT\00000099
c:\recycler\NPROTECT\00000100
c:\recycler\NPROTECT\00000101
c:\recycler\NPROTECT\00000102
c:\recycler\NPROTECT\00000103
c:\recycler\NPROTECT\00000104
c:\recycler\NPROTECT\00000105
c:\recycler\NPROTECT\00000106
c:\recycler\NPROTECT\00000110
c:\recycler\NPROTECT\00000111.dat
c:\recycler\NPROTECT\00000112.dat
c:\recycler\NPROTECT\00000114
c:\recycler\NPROTECT\00000115
c:\recycler\NPROTECT\00000116
c:\recycler\NPROTECT\00000117
c:\recycler\NPROTECT\00000118
c:\recycler\NPROTECT\00000119
c:\recycler\NPROTECT\00000120
c:\recycler\NPROTECT\00000121
c:\recycler\NPROTECT\00000123
c:\recycler\NPROTECT\00000125.dat
c:\recycler\NPROTECT\00000127
c:\recycler\NPROTECT\00000128.bat
c:\recycler\NPROTECT\00000129
c:\recycler\NPROTECT\00000130
c:\recycler\NPROTECT\00000132
c:\recycler\NPROTECT\00000134
c:\recycler\NPROTECT\00000135
c:\recycler\NPROTECT\00000136
c:\recycler\NPROTECT\00000139
c:\recycler\NPROTECT\00000140
c:\recycler\NPROTECT\00000141
c:\recycler\NPROTECT\00000142
c:\recycler\NPROTECT\00000144
c:\recycler\NPROTECT\00000145
c:\recycler\NPROTECT\00000146
c:\recycler\NPROTECT\00000147
c:\recycler\NPROTECT\00000148
c:\recycler\NPROTECT\00000149
c:\recycler\NPROTECT\00000150
c:\recycler\NPROTECT\00000151
c:\recycler\NPROTECT\00000152
c:\recycler\NPROTECT\00000153
c:\recycler\NPROTECT\00000154
c:\recycler\NPROTECT\00000155
c:\recycler\NPROTECT\00000156
c:\recycler\NPROTECT\00000157
c:\recycler\NPROTECT\00000158
c:\recycler\NPROTECT\00000159
c:\recycler\NPROTECT\00000160
c:\recycler\NPROTECT\00000162
c:\recycler\NPROTECT\00000163
c:\recycler\NPROTECT\00000166
c:\recycler\NPROTECT\00000169
c:\recycler\NPROTECT\00000170
c:\recycler\NPROTECT\00000171
c:\recycler\NPROTECT\00000172
c:\recycler\NPROTECT\00000173.dat
c:\recycler\NPROTECT\00000174
c:\recycler\NPROTECT\00000175.bad
c:\recycler\NPROTECT\00000176
c:\recycler\NPROTECT\00000177
c:\recycler\NPROTECT\00000178
c:\recycler\NPROTECT\00000179
c:\recycler\NPROTECT\00000180
c:\recycler\NPROTECT\00000186.md5
c:\recycler\NPROTECT\00000193
c:\recycler\NPROTECT\00000194
c:\recycler\NPROTECT . . . . failed to delete
c:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete
.
---- Previous Run -------
.
c:\recycler\NPROTECT\00000000.DAT
c:\recycler\NPROTECT\00000001.DAT
c:\recycler\NPROTECT\00000002
c:\recycler\NPROTECT\00000003
c:\recycler\NPROTECT\00000004
c:\recycler\NPROTECT\00000005
c:\recycler\NPROTECT\00000007
c:\recycler\NPROTECT\00000009
c:\recycler\NPROTECT\00000010
c:\recycler\NPROTECT\00000013.DAT
c:\recycler\NPROTECT\00000014
c:\recycler\NPROTECT\00000015
c:\recycler\NPROTECT\00000016
c:\recycler\NPROTECT\00000017
c:\recycler\NPROTECT\00000019
c:\recycler\NPROTECT\00000020.DAT
c:\recycler\NPROTECT\00000021
c:\recycler\NPROTECT\00000022
c:\recycler\NPROTECT\00000023.DAT
c:\recycler\NPROTECT\00000024
c:\recycler\NPROTECT\00000025
c:\recycler\NPROTECT\00000026
c:\recycler\NPROTECT\00000027
c:\recycler\NPROTECT\00000028
c:\recycler\NPROTECT\00000029
c:\recycler\NPROTECT\00000030
c:\recycler\NPROTECT\00000031
c:\recycler\NPROTECT\00000032
c:\recycler\NPROTECT\00000033
c:\recycler\NPROTECT\00000034
c:\recycler\NPROTECT\00000035
c:\recycler\NPROTECT\00000036.dat
c:\recycler\NPROTECT\00000037.DB~
c:\recycler\NPROTECT\00000038
c:\recycler\NPROTECT\00000039
c:\recycler\NPROTECT\00000042
c:\recycler\NPROTECT\00000043
c:\recycler\NPROTECT\00000045
c:\recycler\NPROTECT\00000047
c:\recycler\NPROTECT\00000048
c:\recycler\NPROTECT\00000049
c:\recycler\NPROTECT\00000051
c:\recycler\NPROTECT\00000053
c:\recycler\NPROTECT\00000054
c:\recycler\NPROTECT\00000055
c:\recycler\NPROTECT\00000056
c:\recycler\NPROTECT\00000059
c:\recycler\NPROTECT\00000060
c:\recycler\NPROTECT\00000061
c:\recycler\NPROTECT\00000063
c:\recycler\NPROTECT\00000065
c:\recycler\NPROTECT\00000066
c:\recycler\NPROTECT\00000067
c:\recycler\NPROTECT\00000068
c:\recycler\NPROTECT\00000069
c:\recycler\NPROTECT\00000070
c:\recycler\NPROTECT\00000071
c:\recycler\NPROTECT\00000072
c:\recycler\NPROTECT\00000073
c:\recycler\NPROTECT\00000074
c:\recycler\NPROTECT\00000075
c:\recycler\NPROTECT\00000077
c:\recycler\NPROTECT\00000078
c:\recycler\NPROTECT\00000080
c:\recycler\NPROTECT\00000081
c:\recycler\NPROTECT\00000083
c:\recycler\NPROTECT\00000084
c:\recycler\NPROTECT\00000085
c:\recycler\NPROTECT\00000086
c:\recycler\NPROTECT\00000087
c:\recycler\NPROTECT\00000089
c:\recycler\NPROTECT\00000090
c:\recycler\NPROTECT\00000091
c:\recycler\NPROTECT\00000092
c:\recycler\NPROTECT\00000094
c:\recycler\NPROTECT\00000095
c:\recycler\NPROTECT\00000096
c:\recycler\NPROTECT\00000097
c:\recycler\NPROTECT\00000098
c:\recycler\NPROTECT\00000099
c:\recycler\NPROTECT\00000100
c:\recycler\NPROTECT\00000101
c:\recycler\NPROTECT\00000102
c:\recycler\NPROTECT\00000103
c:\recycler\NPROTECT\00000104
c:\recycler\NPROTECT\00000105
c:\recycler\NPROTECT\00000106
c:\recycler\NPROTECT\00000110
c:\recycler\NPROTECT\00000111.dat
c:\recycler\NPROTECT\00000112.dat
c:\recycler\NPROTECT\00000113
c:\recycler\NPROTECT\00000114
c:\recycler\NPROTECT\00000115
c:\recycler\NPROTECT\00000116
c:\recycler\NPROTECT\00000117
c:\recycler\NPROTECT\00000118
c:\recycler\NPROTECT\00000119
c:\recycler\NPROTECT\00000120
c:\recycler\NPROTECT\00000122
c:\recycler\NPROTECT\00000124.dat
c:\recycler\NPROTECT\00000126
c:\recycler\NPROTECT\00000127.bat
c:\recycler\NPROTECT\00000128
c:\recycler\NPROTECT\00000129
c:\recycler\NPROTECT\00000131
c:\recycler\NPROTECT\00000133
c:\recycler\NPROTECT\00000134
c:\recycler\NPROTECT\00000135
c:\recycler\NPROTECT\00000138
c:\recycler\NPROTECT\00000139
c:\recycler\NPROTECT\00000140
c:\recycler\NPROTECT\00000141
c:\recycler\NPROTECT\00000143
c:\recycler\NPROTECT\00000144
c:\recycler\NPROTECT\00000145
c:\recycler\NPROTECT\00000146
c:\recycler\NPROTECT\00000147
c:\recycler\NPROTECT\00000148
c:\recycler\NPROTECT\00000149
c:\recycler\NPROTECT\00000150
c:\recycler\NPROTECT\00000151
c:\recycler\NPROTECT\00000152
c:\recycler\NPROTECT\00000153
c:\recycler\NPROTECT\00000154
c:\recycler\NPROTECT\00000155
c:\recycler\NPROTECT\00000156
c:\recycler\NPROTECT\00000157
c:\recycler\NPROTECT\00000158
c:\recycler\NPROTECT\00000159
c:\recycler\NPROTECT\00000161
c:\recycler\NPROTECT\00000162
c:\recycler\NPROTECT\00000165
c:\recycler\NPROTECT\00000168
c:\recycler\NPROTECT\00000169
c:\recycler\NPROTECT\00000170
c:\recycler\NPROTECT\00000171
c:\recycler\NPROTECT\00000172.dat
c:\recycler\NPROTECT\00000173
c:\recycler\NPROTECT\00000174.bad
c:\recycler\NPROTECT\00000175
c:\recycler\NPROTECT\00000176
c:\recycler\NPROTECT\00000177
c:\recycler\NPROTECT\00000178
c:\recycler\NPROTECT\00000179
c:\recycler\NPROTECT\00000185.md5
c:\recycler\NPROTECT\00000192
c:\recycler\NPROTECT\00000193

.
((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-27 13:08 . 2010-04-27 13:08 -------- d-----w- c:\program files\Trend Micro
2010-04-27 01:55 . 2010-04-27 01:55 -------- d-----w- c:\documents and settings\Beach Master\Local Settings\Application Data\ydvujfbsa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 15:38 . 2008-02-13 09:10 -------- d-----w- c:\documents and settings\Dana\Application Data\Skype
2010-04-27 15:36 . 2009-06-08 17:35 -------- d-----w- c:\documents and settings\Dana\Application Data\StarOffice8
2010-04-27 15:35 . 2006-03-30 16:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-27 13:08 . 2010-04-27 13:08 388096 ----a-r- c:\documents and settings\Dana\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-27 02:19 . 2010-03-07 17:40 439816 ----a-w- c:\documents and settings\Dana\Application Data\Real\Update\setup3.10\setup.exe
2010-04-24 15:53 . 2006-03-29 18:00 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-22 00:38 . 2006-12-27 16:55 -------- d-----w- c:\program files\Picasa2
2010-04-15 08:06 . 2007-06-05 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-17 14:20 . 2009-08-14 18:56 -------- d-----w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker
2010-03-10 22:43 . 2009-08-14 18:56 -------- d-----w- c:\documents and settings\Beach Master\Application Data\InstallShield Installation Information
2010-03-10 22:43 . 2010-03-10 22:43 253690 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\uninstall.exe
2010-03-10 06:15 . 2004-08-10 18:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 01:31 . 2010-03-07 23:34 79488 ----a-w- c:\documents and settings\Dana\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-08 01:24 . 2008-02-13 03:49 -------- d-----w- c:\program files\Spyware Doctor
2010-03-08 01:23 . 2008-02-13 03:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-07 19:39 . 2008-02-13 04:17 -------- d-----w- c:\program files\DivX
2010-03-07 19:39 . 2006-12-27 16:55 -------- d-----w- c:\program files\Lavasoft
2010-03-07 19:37 . 2007-01-10 18:37 -------- d-----w- c:\program files\Quicken
2010-03-07 19:36 . 2007-10-12 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-07 19:36 . 2007-10-12 15:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-07 17:49 . 2009-05-20 17:58 -------- d-----w- c:\program files\PokerStars
2010-03-07 17:34 . 2006-03-20 20:25 219440 ----a-w- c:\documents and settings\Dana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 19:59 . 2010-03-03 19:59 7188480 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\FullTiltPoker.exe
2010-03-03 19:51 . 2010-03-03 19:51 270336 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtSvg4.dll
2010-03-03 19:51 . 2010-03-03 19:51 9437184 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtWebKit4.dll
2010-03-03 19:50 . 2010-03-03 19:50 262144 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\phonon4.dll
2010-03-03 19:50 . 2010-03-03 19:50 2015232 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtCore4.dll
2010-03-03 19:50 . 2010-03-03 19:50 7442432 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtGui4.dll
2010-03-03 19:50 . 2010-03-03 19:50 901120 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtNetwork4.dll
2010-03-03 19:50 . 2010-03-03 19:50 360448 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtXml4.dll
2010-03-03 19:50 . 2010-03-03 19:50 192512 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtSql4.dll
2010-03-03 19:47 . 2010-03-03 19:47 184320 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\updater.exe
2010-03-03 19:46 . 2010-03-03 19:46 185632 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\StmOCX.dll
2010-02-25 06:24 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2006-01-20 04:48 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 19:20 . 2008-07-30 01:11 219440 ----a-w- c:\documents and settings\Beach Master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 13:17 . 2004-08-10 18:51 2137088 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 04:59 2016768 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-10 18:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-10 18:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-03-30 16:24 . 2006-03-30 16:24 32 --sha-w- c:\windows\{2C2A965E-1855-43EE-A397-D73454170914}.dat
2006-03-30 16:24 . 2006-03-30 16:24 32 --sha-w- c:\windows\system32\{96C37846-0610-462D-8D96-EC0F059F1E89}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

Why or how am i getting this or these viruses? what can i do to stop this.

I'll give you some links for you to check out to help you with your computer security when we are done. Please empty your Recycle Bin.

OK,,,your log was cut off at bottom. Please post it again. You know where to find the ComboFix. txt

ComboFix 10-04-26.04 - Dana 04/27/2010 10:19:45.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1399 [GMT -5:00]
Running from: c:\documents and settings\Dana\Desktop\Firefox.com.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT\00000000.DAT
c:\recycler\NPROTECT\00000001.DAT
c:\recycler\NPROTECT\00000002
c:\recycler\NPROTECT\00000003
c:\recycler\NPROTECT\00000004
c:\recycler\NPROTECT\00000005
c:\recycler\NPROTECT\00000007
c:\recycler\NPROTECT\00000009
c:\recycler\NPROTECT\00000010
c:\recycler\NPROTECT\00000013.DAT
c:\recycler\NPROTECT\00000014
c:\recycler\NPROTECT\00000015
c:\recycler\NPROTECT\00000016
c:\recycler\NPROTECT\00000017
c:\recycler\NPROTECT\00000019
c:\recycler\NPROTECT\00000020.DAT
c:\recycler\NPROTECT\00000021
c:\recycler\NPROTECT\00000022
c:\recycler\NPROTECT\00000023.DAT
c:\recycler\NPROTECT\00000024
c:\recycler\NPROTECT\00000025
c:\recycler\NPROTECT\00000026
c:\recycler\NPROTECT\00000027
c:\recycler\NPROTECT\00000028
c:\recycler\NPROTECT\00000029
c:\recycler\NPROTECT\00000030
c:\recycler\NPROTECT\00000031
c:\recycler\NPROTECT\00000032
c:\recycler\NPROTECT\00000033
c:\recycler\NPROTECT\00000034
c:\recycler\NPROTECT\00000035
c:\recycler\NPROTECT\00000036.dat
c:\recycler\NPROTECT\00000037.DB~
c:\recycler\NPROTECT\00000038
c:\recycler\NPROTECT\00000039
c:\recycler\NPROTECT\00000042
c:\recycler\NPROTECT\00000043
c:\recycler\NPROTECT\00000045
c:\recycler\NPROTECT\00000047
c:\recycler\NPROTECT\00000048
c:\recycler\NPROTECT\00000049
c:\recycler\NPROTECT\00000051
c:\recycler\NPROTECT\00000053
c:\recycler\NPROTECT\00000054
c:\recycler\NPROTECT\00000055
c:\recycler\NPROTECT\00000056
c:\recycler\NPROTECT\00000059
c:\recycler\NPROTECT\00000060
c:\recycler\NPROTECT\00000061
c:\recycler\NPROTECT\00000063
c:\recycler\NPROTECT\00000065
c:\recycler\NPROTECT\00000066
c:\recycler\NPROTECT\00000067
c:\recycler\NPROTECT\00000068
c:\recycler\NPROTECT\00000069
c:\recycler\NPROTECT\00000070
c:\recycler\NPROTECT\00000071
c:\recycler\NPROTECT\00000072
c:\recycler\NPROTECT\00000073
c:\recycler\NPROTECT\00000074
c:\recycler\NPROTECT\00000075
c:\recycler\NPROTECT\00000077
c:\recycler\NPROTECT\00000078
c:\recycler\NPROTECT\00000080
c:\recycler\NPROTECT\00000081
c:\recycler\NPROTECT\00000083
c:\recycler\NPROTECT\00000084
c:\recycler\NPROTECT\00000085
c:\recycler\NPROTECT\00000086
c:\recycler\NPROTECT\00000087
c:\recycler\NPROTECT\00000089
c:\recycler\NPROTECT\00000090
c:\recycler\NPROTECT\00000091
c:\recycler\NPROTECT\00000092
c:\recycler\NPROTECT\00000094
c:\recycler\NPROTECT\00000095
c:\recycler\NPROTECT\00000096
c:\recycler\NPROTECT\00000097
c:\recycler\NPROTECT\00000098
c:\recycler\NPROTECT\00000099
c:\recycler\NPROTECT\00000100
c:\recycler\NPROTECT\00000101
c:\recycler\NPROTECT\00000102
c:\recycler\NPROTECT\00000103
c:\recycler\NPROTECT\00000104
c:\recycler\NPROTECT\00000105
c:\recycler\NPROTECT\00000106
c:\recycler\NPROTECT\00000110
c:\recycler\NPROTECT\00000111.dat
c:\recycler\NPROTECT\00000112.dat
c:\recycler\NPROTECT\00000114
c:\recycler\NPROTECT\00000115
c:\recycler\NPROTECT\00000116
c:\recycler\NPROTECT\00000117
c:\recycler\NPROTECT\00000118
c:\recycler\NPROTECT\00000119
c:\recycler\NPROTECT\00000120
c:\recycler\NPROTECT\00000121
c:\recycler\NPROTECT\00000123
c:\recycler\NPROTECT\00000125.dat
c:\recycler\NPROTECT\00000127
c:\recycler\NPROTECT\00000128.bat
c:\recycler\NPROTECT\00000129
c:\recycler\NPROTECT\00000130
c:\recycler\NPROTECT\00000132
c:\recycler\NPROTECT\00000134
c:\recycler\NPROTECT\00000135
c:\recycler\NPROTECT\00000136
c:\recycler\NPROTECT\00000139
c:\recycler\NPROTECT\00000140
c:\recycler\NPROTECT\00000141
c:\recycler\NPROTECT\00000142
c:\recycler\NPROTECT\00000144
c:\recycler\NPROTECT\00000145
c:\recycler\NPROTECT\00000146
c:\recycler\NPROTECT\00000147
c:\recycler\NPROTECT\00000148
c:\recycler\NPROTECT\00000149
c:\recycler\NPROTECT\00000150
c:\recycler\NPROTECT\00000151
c:\recycler\NPROTECT\00000152
c:\recycler\NPROTECT\00000153
c:\recycler\NPROTECT\00000154
c:\recycler\NPROTECT\00000155
c:\recycler\NPROTECT\00000156
c:\recycler\NPROTECT\00000157
c:\recycler\NPROTECT\00000158
c:\recycler\NPROTECT\00000159
c:\recycler\NPROTECT\00000160
c:\recycler\NPROTECT\00000162
c:\recycler\NPROTECT\00000163
c:\recycler\NPROTECT\00000166
c:\recycler\NPROTECT\00000169
c:\recycler\NPROTECT\00000170
c:\recycler\NPROTECT\00000171
c:\recycler\NPROTECT\00000172
c:\recycler\NPROTECT\00000173.dat
c:\recycler\NPROTECT\00000174
c:\recycler\NPROTECT\00000175.bad
c:\recycler\NPROTECT\00000176
c:\recycler\NPROTECT\00000177
c:\recycler\NPROTECT\00000178
c:\recycler\NPROTECT\00000179
c:\recycler\NPROTECT\00000180
c:\recycler\NPROTECT\00000186.md5
c:\recycler\NPROTECT\00000193
c:\recycler\NPROTECT\00000194
c:\recycler\NPROTECT . . . . failed to delete
c:\recycler\NPROTECT\NPROTECT.LOG . . . . failed to delete
.
---- Previous Run -------
.
c:\recycler\NPROTECT\00000000.DAT
c:\recycler\NPROTECT\00000001.DAT
c:\recycler\NPROTECT\00000002
c:\recycler\NPROTECT\00000003
c:\recycler\NPROTECT\00000004
c:\recycler\NPROTECT\00000005
c:\recycler\NPROTECT\00000007
c:\recycler\NPROTECT\00000009
c:\recycler\NPROTECT\00000010
c:\recycler\NPROTECT\00000013.DAT
c:\recycler\NPROTECT\00000014
c:\recycler\NPROTECT\00000015
c:\recycler\NPROTECT\00000016
c:\recycler\NPROTECT\00000017
c:\recycler\NPROTECT\00000019
c:\recycler\NPROTECT\00000020.DAT
c:\recycler\NPROTECT\00000021
c:\recycler\NPROTECT\00000022
c:\recycler\NPROTECT\00000023.DAT
c:\recycler\NPROTECT\00000024
c:\recycler\NPROTECT\00000025
c:\recycler\NPROTECT\00000026
c:\recycler\NPROTECT\00000027
c:\recycler\NPROTECT\00000028
c:\recycler\NPROTECT\00000029
c:\recycler\NPROTECT\00000030
c:\recycler\NPROTECT\00000031
c:\recycler\NPROTECT\00000032
c:\recycler\NPROTECT\00000033
c:\recycler\NPROTECT\00000034
c:\recycler\NPROTECT\00000035
c:\recycler\NPROTECT\00000036.dat
c:\recycler\NPROTECT\00000037.DB~
c:\recycler\NPROTECT\00000038
c:\recycler\NPROTECT\00000039
c:\recycler\NPROTECT\00000042
c:\recycler\NPROTECT\00000043
c:\recycler\NPROTECT\00000045
c:\recycler\NPROTECT\00000047
c:\recycler\NPROTECT\00000048
c:\recycler\NPROTECT\00000049
c:\recycler\NPROTECT\00000051
c:\recycler\NPROTECT\00000053
c:\recycler\NPROTECT\00000054
c:\recycler\NPROTECT\00000055
c:\recycler\NPROTECT\00000056
c:\recycler\NPROTECT\00000059
c:\recycler\NPROTECT\00000060
c:\recycler\NPROTECT\00000061
c:\recycler\NPROTECT\00000063
c:\recycler\NPROTECT\00000065
c:\recycler\NPROTECT\00000066
c:\recycler\NPROTECT\00000067
c:\recycler\NPROTECT\00000068
c:\recycler\NPROTECT\00000069
c:\recycler\NPROTECT\00000070
c:\recycler\NPROTECT\00000071
c:\recycler\NPROTECT\00000072
c:\recycler\NPROTECT\00000073
c:\recycler\NPROTECT\00000074
c:\recycler\NPROTECT\00000075
c:\recycler\NPROTECT\00000077
c:\recycler\NPROTECT\00000078
c:\recycler\NPROTECT\00000080
c:\recycler\NPROTECT\00000081
c:\recycler\NPROTECT\00000083
c:\recycler\NPROTECT\00000084
c:\recycler\NPROTECT\00000085
c:\recycler\NPROTECT\00000086
c:\recycler\NPROTECT\00000087
c:\recycler\NPROTECT\00000089
c:\recycler\NPROTECT\00000090
c:\recycler\NPROTECT\00000091
c:\recycler\NPROTECT\00000092
c:\recycler\NPROTECT\00000094
c:\recycler\NPROTECT\00000095
c:\recycler\NPROTECT\00000096
c:\recycler\NPROTECT\00000097
c:\recycler\NPROTECT\00000098
c:\recycler\NPROTECT\00000099
c:\recycler\NPROTECT\00000100
c:\recycler\NPROTECT\00000101
c:\recycler\NPROTECT\00000102
c:\recycler\NPROTECT\00000103
c:\recycler\NPROTECT\00000104
c:\recycler\NPROTECT\00000105
c:\recycler\NPROTECT\00000106
c:\recycler\NPROTECT\00000110
c:\recycler\NPROTECT\00000111.dat
c:\recycler\NPROTECT\00000112.dat
c:\recycler\NPROTECT\00000113
c:\recycler\NPROTECT\00000114
c:\recycler\NPROTECT\00000115
c:\recycler\NPROTECT\00000116
c:\recycler\NPROTECT\00000117
c:\recycler\NPROTECT\00000118
c:\recycler\NPROTECT\00000119
c:\recycler\NPROTECT\00000120
c:\recycler\NPROTECT\00000122
c:\recycler\NPROTECT\00000124.dat
c:\recycler\NPROTECT\00000126
c:\recycler\NPROTECT\00000127.bat
c:\recycler\NPROTECT\00000128
c:\recycler\NPROTECT\00000129
c:\recycler\NPROTECT\00000131
c:\recycler\NPROTECT\00000133
c:\recycler\NPROTECT\00000134
c:\recycler\NPROTECT\00000135
c:\recycler\NPROTECT\00000138
c:\recycler\NPROTECT\00000139
c:\recycler\NPROTECT\00000140
c:\recycler\NPROTECT\00000141
c:\recycler\NPROTECT\00000143
c:\recycler\NPROTECT\00000144
c:\recycler\NPROTECT\00000145
c:\recycler\NPROTECT\00000146
c:\recycler\NPROTECT\00000147
c:\recycler\NPROTECT\00000148
c:\recycler\NPROTECT\00000149
c:\recycler\NPROTECT\00000150
c:\recycler\NPROTECT\00000151
c:\recycler\NPROTECT\00000152
c:\recycler\NPROTECT\00000153
c:\recycler\NPROTECT\00000154
c:\recycler\NPROTECT\00000155
c:\recycler\NPROTECT\00000156
c:\recycler\NPROTECT\00000157
c:\recycler\NPROTECT\00000158
c:\recycler\NPROTECT\00000159
c:\recycler\NPROTECT\00000161
c:\recycler\NPROTECT\00000162
c:\recycler\NPROTECT\00000165
c:\recycler\NPROTECT\00000168
c:\recycler\NPROTECT\00000169
c:\recycler\NPROTECT\00000170
c:\recycler\NPROTECT\00000171
c:\recycler\NPROTECT\00000172.dat
c:\recycler\NPROTECT\00000173
c:\recycler\NPROTECT\00000174.bad
c:\recycler\NPROTECT\00000175
c:\recycler\NPROTECT\00000176
c:\recycler\NPROTECT\00000177
c:\recycler\NPROTECT\00000178
c:\recycler\NPROTECT\00000179
c:\recycler\NPROTECT\00000185.md5
c:\recycler\NPROTECT\00000192
c:\recycler\NPROTECT\00000193

.
((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-27 13:08 . 2010-04-27 13:08 -------- d-----w- c:\program files\Trend Micro
2010-04-27 01:55 . 2010-04-27 01:55 -------- d-----w- c:\documents and settings\Beach Master\Local Settings\Application Data\ydvujfbsa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 15:38 . 2008-02-13 09:10 -------- d-----w- c:\documents and settings\Dana\Application Data\Skype
2010-04-27 15:36 . 2009-06-08 17:35 -------- d-----w- c:\documents and settings\Dana\Application Data\StarOffice8
2010-04-27 15:35 . 2006-03-30 16:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-27 13:08 . 2010-04-27 13:08 388096 ----a-r- c:\documents and settings\Dana\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-27 02:19 . 2010-03-07 17:40 439816 ----a-w- c:\documents and settings\Dana\Application Data\Real\Update\setup3.10\setup.exe
2010-04-24 15:53 . 2006-03-29 18:00 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-22 00:38 . 2006-12-27 16:55 -------- d-----w- c:\program files\Picasa2
2010-04-15 08:06 . 2007-06-05 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-17 14:20 . 2009-08-14 18:56 -------- d-----w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker
2010-03-10 22:43 . 2009-08-14 18:56 -------- d-----w- c:\documents and settings\Beach Master\Application Data\InstallShield Installation Information
2010-03-10 22:43 . 2010-03-10 22:43 253690 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\uninstall.exe
2010-03-10 06:15 . 2004-08-10 18:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 01:31 . 2010-03-07 23:34 79488 ----a-w- c:\documents and settings\Dana\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-08 01:24 . 2008-02-13 03:49 -------- d-----w- c:\program files\Spyware Doctor
2010-03-08 01:23 . 2008-02-13 03:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-07 19:39 . 2008-02-13 04:17 -------- d-----w- c:\program files\DivX
2010-03-07 19:39 . 2006-12-27 16:55 -------- d-----w- c:\program files\Lavasoft
2010-03-07 19:37 . 2007-01-10 18:37 -------- d-----w- c:\program files\Quicken
2010-03-07 19:36 . 2007-10-12 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-07 19:36 . 2007-10-12 15:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-07 17:49 . 2009-05-20 17:58 -------- d-----w- c:\program files\PokerStars
2010-03-07 17:34 . 2006-03-20 20:25 219440 ----a-w- c:\documents and settings\Dana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 19:59 . 2010-03-03 19:59 7188480 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\FullTiltPoker.exe
2010-03-03 19:51 . 2010-03-03 19:51 270336 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtSvg4.dll
2010-03-03 19:51 . 2010-03-03 19:51 9437184 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtWebKit4.dll
2010-03-03 19:50 . 2010-03-03 19:50 262144 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\phonon4.dll
2010-03-03 19:50 . 2010-03-03 19:50 2015232 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtCore4.dll
2010-03-03 19:50 . 2010-03-03 19:50 7442432 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtGui4.dll
2010-03-03 19:50 . 2010-03-03 19:50 901120 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtNetwork4.dll
2010-03-03 19:50 . 2010-03-03 19:50 360448 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtXml4.dll
2010-03-03 19:50 . 2010-03-03 19:50 192512 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\QtSql4.dll
2010-03-03 19:47 . 2010-03-03 19:47 184320 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\updater.exe
2010-03-03 19:46 . 2010-03-03 19:46 185632 ----a-w- c:\documents and settings\Beach Master\Application Data\Full Tilt Poker\StmOCX.dll
2010-02-25 06:24 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2006-01-20 04:48 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 19:20 . 2008-07-30 01:11 219440 ----a-w- c:\documents and settings\Beach Master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 13:17 . 2004-08-10 18:51 2137088 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-04 04:59 2016768 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-10 18:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-10 18:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-03-30 16:24 . 2006-03-30 16:24 32 --sha-w- c:\windows\{2C2A965E-1855-43EE-A397-D73454170914}.dat
2006-03-30 16:24 . 2006-03-30 16:24 32 --sha-w- c:\windows\system32\{96C37846-0610-462D-8D96-EC0F059F1E89}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-01 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-08-20 50880]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-20 34504]
"Advanced Tools Check"="c:\progra~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-27 79480]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-04-03 100056]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-12-10 323216]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-17 282624]
"fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-14 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-14 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

c:\documents and settings\Dana\Start Menu\Programs\Startup\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2007-8-17 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-4-12 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TrayMin700.exe.lnk - c:\program files\Philips\SPC 700NC PC Camera\TrayMin700.exe [2008-3-18 278528]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-3-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R2 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [7/15/2005 3:38 PM 139264]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE [3/30/2006 11:23 AM 135168]
S3 PAC207;Basic Webcam;c:\windows\system32\drivers\PFC027.SYS [11/20/2006 8:48 AM 506112]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [3/18/2008 11:21 PM 541568]
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2010-04-17 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-08-20 01:31]

2010-04-23 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-19 05:42]

2010-03-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-30 15:04]

2010-04-27 c:\windows\Tasks\User_Feed_Synchronization-{82F72DA8-E6FF-42CB-BB39-99586FF9AE48}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-27 10:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4140633030-3341314632-3632176343-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1072)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\program files\Sun\StarOffice 8\program\soffice.exe
c:\program files\Sun\StarOffice 8\program\soffice.BIN
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2010-04-27 10:44:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-27 15:44
ComboFix2.txt 2010-03-08 18:42

Pre-Run: 99,878,187,008 bytes free
Post-Run: 99,814,477,824 bytes free

- - End Of File - - 9AA6144BADE8E821E52531ABBFF1D3EE

That was fast Dana.....

Download and install CCleaner

• CCleaner
  
• Double-click on the downloaded file ccsetup220_slim.exe and install the application.
  
• Keep the default installation folder C:\Program Files\CCleaner
  
• Click finish when done and close ALL PROGRAMS
  
• Start the CCleaner program.
  
• Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  
• Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  
• Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  
• Click on Run Cleaner button on the bottom right side of the program.
  
• Click OK to any prompts
  

Next



Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Thank you ... attempting my newest task ty

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4043

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/27/2010 2:13:33 PM
mbam-log-2010-04-27 (14-13-33).txt

Scan type: Quick scan
Objects scanned: 119240
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup\7_26_2007.reg (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

thank you ..

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4043

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/27/2010 2:13:33 PM
mbam-log-2010-04-27 (14-13-33).txt

Scan type: Quick scan
Objects scanned: 119240
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup\7_26_2007.reg (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

Good Morning Kenny, should i be finished i still cant use the internet and read my mail .... not sure if i am even showing up in forum

Please help i have a deadline this morning and have delayed my client so i can fix this but i dont know what to do please help me.....

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1.Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.


In Firefox

1.Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

2.Click the apply button and restart that computer in normal mode.

And let me know?

If the above does not work?

Please read carefully and let me know if you have any questions.

Create a batch file:

Note: You will need to save any work before double clicking the fix.bat file because it will automatically restart your computer

• Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
  

  Code:

  @echo off
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 10
del /f /q %0
  
  
• Once you've done that click on File and select Save As...
  
• In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  
• Name the file fix.bat (the .bat extension is very important)
  
• Save the file to your desktop and double click it to run it.
  
• Once it runs it will automatically restart your computer
  
• Once your computer boots again, check to see if your internet performance has improved
  

Please let me know how it went.

Thanks

thank you kenny no its still the same and i am not sure if this makes a difference but i have 2 user accounts and im working with you from my
user c*** and then i have the business and that is the one that has everything like my outlook and internet i cant get into i receive no errors in my adminstrative account. ok now its the same so i am going on to the next step and im not leaving this computor so if you need me also i will be right here.. thank you so much and just so you know i will be donating to you when we are through and telling the world about you so they can to.

Hi Kenny i did everything and its the same it keeps coming up everything is infected and i cant open anything

ok i just rebooted again and still the same should i start over

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Open Hijackthis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O4 - HKUS\S-1-5-21-4140633030-3341314632-3632176343-1009\..\Run: [pyfqtomm] C:\Documents and Settings\Beach Master\Local Settings\Application Data\qddqfa\ummcsftav.exe (User 'Beach Master')
O4 - HKUS\S-1-5-21-4140633030-3341314632-3632176343-1009\..\Run: [aorianwx] C:\Documents and Settings\Beach Master\Local Settings\Application Data\ydvujfbsa\qqupvsttssd.exe (User 'Beach Master')

Again, make sure ALL browser windows are closed when you click FIX.

Next

OTM by Old Timer.
Please download from HERE and save to the desktop.

• Right click on OTM.exe > Run as an Administrator.
  
• Copy the lines in the codebox below.
  
  

  Code:

  :processes
explorer.exe
:files
C:\Documents and Settings\Beach Master\Local Settings\Application Data\qddqfa\ummcsftav.exe
C:\Documents and Settings\Beach Master\Local Settings\Application Data\ydvujfbsa\qqupvsttssd.exe

:commands
[start explorer]
[emptytemp]
  
  
• Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar, Code box into OTMoveIt3 (1).) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
  
• Close OTM.
  

Note:

• If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
  
• If you are asked to reboot the machine choose Yes.
  
• In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  

Next


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
  

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth Technology
  


• Now click on:
  
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  
• Now click on:
  
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.
  

Note: Do not forget to re-enable your Anti-Virus application after running the above sc

In your next reply, please include these log(s):

OTM Report
EsetOnlineScanner\log.tx

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Documents and Settings\Beach Master\Local Settings\Application Data\qddqfa\ummcsftav.exe not found.
File/Folder C:\Documents and Settings\Beach Master\Local Settings\Application Data\ydvujfbsa\qqupvsttssd.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Beach Master

User: Dana

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 82 bytes

User: LocalService

User: NetworkService

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
%systemroot%\System32 .tmp files removed: 9381393 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Unable to create HKLM\Software\OldTimer Tools\OTM key.
Windows Temp folder emptied: 66011 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb


OTM by OldTimer - Version 3.1.11.0 log created on 0428201
here is the otm reading im moving on to next step

Pease move on to ESET Online Scanner

when i do this and push to start it goes to another screen and its blue and does not go any further

Lets try another one.

Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   
   

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Please post this log in your next reply.....

when i went there it said i needed a java something... and so i installed it and still it says i need it

and where should i look for your posts to mine i am sitting here and seems i am missing them i respect your time with me very much and dont want to be looking in the wrong place.. thank you again so much for helping me

ok i rebooted and tried again and still it wont let me scan

I'm thinking your PC might have other issues that malware has done some damage in the past. I have a program that might help from Microsoft Dana. But lets rule out all malware with IE.

DeFogger
Download DeFogger by jpshortstuff from here & save it to your desktop.

• Right click DeFogger then choose Run as Administrator Or you can double-click to run the tool
  
• The application window will appear
  
• Click the Disable button to disable your CD Emulation drivers
  
• Click Yes to continue
  
• A Finished! message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK
  

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.

Drag ComboFix Icon into the Recycle Bin. And down ComboFix again.

Please download ComboFix from
Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   
   
   • Tools->Options->Main tab
     
   • Set to Always ask me where to Save the files.
     

During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.

Please do not rename Combofix to other names, but only to the one indicated.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------

• Close any open browsers.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  

-----------------------------------------------------------

Double click on combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

ComboFix 10-04-28.04 - Dana 04/29/2010 6:14:32.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1515 [GMT -5:00]
Running from: C:\Documents and Settings\Dana\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Beach Master\Local Settings\Application Data\ydvujfbsa
C:\Documents and Settings\Beach Master\Local Settings\Application Data\ydvujfbsa\qqupvsttssd.exe
C:\RECYCLER\NPROTECT\00000000.DAT
C:\RECYCLER\NPROTECT\00000001.DAT
C:\RECYCLER\NPROTECT\00000002
C:\RECYCLER\NPROTECT\00000003
C:\RECYCLER\NPROTECT\00000004
C:\RECYCLER\NPROTECT\00000005
C:\RECYCLER\NPROTECT\00000007
C:\RECYCLER\NPROTECT\00000009
C:\RECYCLER\NPROTECT\00000010
C:\RECYCLER\NPROTECT\00000013.DAT
C:\RECYCLER\NPROTECT\00000014
C:\RECYCLER\NPROTECT\00000015
C:\RECYCLER\NPROTECT\00000016
C:\RECYCLER\NPROTECT\00000017
C:\RECYCLER\NPROTECT\00000020
C:\RECYCLER\NPROTECT\00000021.DAT
C:\RECYCLER\NPROTECT\00000022
C:\RECYCLER\NPROTECT\00000023
C:\RECYCLER\NPROTECT\00000024.DAT
C:\RECYCLER\NPROTECT\00000025
C:\RECYCLER\NPROTECT\00000026
C:\RECYCLER\NPROTECT\00000027
C:\RECYCLER\NPROTECT\00000028
C:\RECYCLER\NPROTECT\00000029
C:\RECYCLER\NPROTECT\00000030
C:\RECYCLER\NPROTECT\00000031
C:\RECYCLER\NPROTECT\00000032
C:\RECYCLER\NPROTECT\00000033
C:\RECYCLER\NPROTECT\00000034
C:\RECYCLER\NPROTECT\00000035.edb
C:\RECYCLER\NPROTECT\00000036
C:\RECYCLER\NPROTECT\00000037
C:\RECYCLER\NPROTECT\00000038.dat
C:\RECYCLER\NPROTECT\00000039
C:\RECYCLER\NPROTECT\00000040
C:\RECYCLER\NPROTECT\00000043
C:\RECYCLER\NPROTECT\00000044
C:\RECYCLER\NPROTECT\00000045
C:\RECYCLER\NPROTECT\00000047
C:\RECYCLER\NPROTECT\00000049
C:\RECYCLER\NPROTECT\00000050
C:\RECYCLER\NPROTECT\00000051
C:\RECYCLER\NPROTECT\00000053
C:\RECYCLER\NPROTECT\00000055
C:\RECYCLER\NPROTECT\00000056
C:\RECYCLER\NPROTECT\00000057
C:\RECYCLER\NPROTECT\00000058
C:\RECYCLER\NPROTECT\00000061
C:\RECYCLER\NPROTECT\00000062
C:\RECYCLER\NPROTECT\00000063
C:\RECYCLER\NPROTECT\00000065
C:\RECYCLER\NPROTECT\00000067
C:\RECYCLER\NPROTECT\00000068
C:\RECYCLER\NPROTECT\00000069
C:\RECYCLER\NPROTECT\00000070
C:\RECYCLER\NPROTECT\00000071
C:\RECYCLER\NPROTECT\00000072
C:\RECYCLER\NPROTECT\00000073
C:\RECYCLER\NPROTECT\00000074
C:\RECYCLER\NPROTECT\00000075
C:\RECYCLER\NPROTECT\00000076
C:\RECYCLER\NPROTECT\00000077
C:\RECYCLER\NPROTECT\00000079
C:\RECYCLER\NPROTECT\00000080
C:\RECYCLER\NPROTECT\00000082
C:\RECYCLER\NPROTECT\00000083
C:\RECYCLER\NPROTECT\00000085
C:\RECYCLER\NPROTECT\00000086
C:\RECYCLER\NPROTECT\00000087
C:\RECYCLER\NPROTECT\00000088
C:\RECYCLER\NPROTECT\00000089
C:\RECYCLER\NPROTECT\00000091
C:\RECYCLER\NPROTECT\00000092
C:\RECYCLER\NPROTECT\00000093
C:\RECYCLER\NPROTECT\00000094
C:\RECYCLER\NPROTECT\00000096
C:\RECYCLER\NPROTECT\00000097
C:\RECYCLER\NPROTECT\00000098
C:\RECYCLER\NPROTECT\00000099
C:\RECYCLER\NPROTECT\00000100
C:\RECYCLER\NPROTECT\00000101
C:\RECYCLER\NPROTECT\00000102
C:\RECYCLER\NPROTECT\00000103
C:\RECYCLER\NPROTECT\00000104
C:\RECYCLER\NPROTECT\00000105
C:\RECYCLER\NPROTECT\00000106
C:\RECYCLER\NPROTECT\00000107
C:\RECYCLER\NPROTECT\00000108
C:\RECYCLER\NPROTECT\00000112
C:\RECYCLER\NPROTECT\00000113.dat
C:\RECYCLER\NPROTECT\00000114.dat
C:\RECYCLER\NPROTECT\00000116
C:\RECYCLER\NPROTECT\00000117
C:\RECYCLER\NPROTECT\00000118
C:\RECYCLER\NPROTECT\00000119
C:\RECYCLER\NPROTECT\00000120
C:\RECYCLER\NPROTECT\00000121
C:\RECYCLER\NPROTECT\00000122
C:\RECYCLER\NPROTECT\00000123
C:\RECYCLER\NPROTECT\00000125
C:\RECYCLER\NPROTECT\00000127.dat
C:\RECYCLER\NPROTECT\00000129
C:\RECYCLER\NPROTECT\00000130.bat
C:\RECYCLER\NPROTECT\00000131
C:\RECYCLER\NPROTECT\00000132
C:\RECYCLER\NPROTECT\00000134
C:\RECYCLER\NPROTECT\00000136
C:\RECYCLER\NPROTECT\00000137
C:\RECYCLER\NPROTECT\00000138
C:\RECYCLER\NPROTECT\00000141
C:\RECYCLER\NPROTECT\00000142
C:\RECYCLER\NPROTECT\00000143
C:\RECYCLER\NPROTECT\00000144
C:\RECYCLER\NPROTECT\00000146
C:\RECYCLER\NPROTECT\00000147
C:\RECYCLER\NPROTECT\00000148
C:\RECYCLER\NPROTECT\00000149
C:\RECYCLER\NPROTECT\00000150
C:\RECYCLER\NPROTECT\00000151
C:\RECYCLER\NPROTECT\00000152
C:\RECYCLER\NPROTECT\00000153
C:\RECYCLER\NPROTECT\00000154
C:\RECYCLER\NPROTECT\00000155
C:\RECYCLER\NPROTECT\00000156
C:\RECYCLER\NPROTECT\00000157
C:\RECYCLER\NPROTECT\00000158
C:\RECYCLER\NPROTECT\00000159
C:\RECYCLER\NPROTECT\00000160
C:\RECYCLER\NPROTECT\00000161
C:\RECYCLER\NPROTECT\00000162
C:\RECYCLER\NPROTECT\00000164
C:\RECYCLER\NPROTECT\00000165
C:\RECYCLER\NPROTECT\00000168
C:\RECYCLER\NPROTECT\00000171
C:\RECYCLER\NPROTECT\00000172
C:\RECYCLER\NPROTECT\00000173
C:\RECYCLER\NPROTECT\00000174
C:\RECYCLER\NPROTECT\00000175.dat
C:\RECYCLER\NPROTECT\00000176
C:\RECYCLER\NPROTECT\00000177.bad
C:\RECYCLER\NPROTECT\00000178
C:\RECYCLER\NPROTECT\00000179
C:\RECYCLER\NPROTECT\00000180
C:\RECYCLER\NPROTECT\00000181
C:\RECYCLER\NPROTECT\00000182
C:\RECYCLER\NPROTECT\00000188.md5
C:\RECYCLER\NPROTECT\00000195
C:\RECYCLER\NPROTECT\00000196
C:\RECYCLER\NPROTECT . . . . failed to delete
C:\RECYCLER\NPROTECT\NPROTECT.LOG . . . . failed to delete
.
---- Previous Run -------
.
C:\RECYCLER\NPROTECT\00000000
C:\RECYCLER\NPROTECT\00000003.DAT
C:\RECYCLER\NPROTECT\00000004
C:\RECYCLER\NPROTECT\00000005
C:\RECYCLER\NPROTECT\00000006
C:\RECYCLER\NPROTECT\00000007
C:\RECYCLER\NPROTECT\00000009
C:\RECYCLER\NPROTECT\00000010.DAT
C:\RECYCLER\NPROTECT\00000011
C:\RECYCLER\NPROTECT\00000012
C:\RECYCLER\NPROTECT\00000013.DAT
C:\RECYCLER\NPROTECT\00000014
C:\RECYCLER\NPROTECT\00000015
C:\RECYCLER\NPROTECT\00000016
C:\RECYCLER\NPROTECT\00000017
C:\RECYCLER\NPROTECT\00000018
C:\RECYCLER\NPROTECT\00000019
C:\RECYCLER\NPROTECT\00000020
C:\RECYCLER\NPROTECT\00000021
C:\RECYCLER\NPROTECT\00000022
C:\RECYCLER\NPROTECT\00000023
C:\RECYCLER\NPROTECT\00000024
C:\RECYCLER\NPROTECT\00000025
C:\RECYCLER\NPROTECT\00000026.dat
C:\RECYCLER\NPROTECT\00000027
C:\RECYCLER\NPROTECT\00000028
C:\RECYCLER\NPROTECT\00000031
C:\RECYCLER\NPROTECT\00000032
C:\RECYCLER\NPROTECT\00000034
C:\RECYCLER\NPROTECT\00000036
C:\RECYCLER\NPROTECT\00000037
C:\RECYCLER\NPROTECT\00000038
C:\RECYCLER\NPROTECT\00000040
C:\RECYCLER\NPROTECT\00000042
C:\RECYCLER\NPROTECT\00000043
C:\RECYCLER\NPROTECT\00000044
C:\RECYCLER\NPROTECT\00000045
C:\RECYCLER\NPROTECT\00000048
C:\RECYCLER\NPROTECT\00000049
C:\RECYCLER\NPROTECT\00000050
C:\RECYCLER\NPROTECT\00000052
C:\RECYCLER\NPROTECT\00000054
C:\RECYCLER\NPROTECT\00000055
C:\RECYCLER\NPROTECT\00000056
C:\RECYCLER\NPROTECT\00000057
C:\RECYCLER\NPROTECT\00000058
C:\RECYCLER\NPROTECT\00000059
C:\RECYCLER\NPROTECT\00000060
C:\RECYCLER\NPROTECT\00000061
C:\RECYCLER\NPROTECT\00000062
C:\RECYCLER\NPROTECT\00000063
C:\RECYCLER\NPROTECT\00000064
C:\RECYCLER\NPROTECT\00000066
C:\RECYCLER\NPROTECT\00000067
C:\RECYCLER\NPROTECT\00000069
C:\RECYCLER\NPROTECT\00000070
C:\RECYCLER\NPROTECT\00000072
C:\RECYCLER\NPROTECT\00000073
C:\RECYCLER\NPROTECT\00000074
C:\RECYCLER\NPROTECT\00000075
C:\RECYCLER\NPROTECT\00000076
C:\RECYCLER\NPROTECT\00000078
C:\RECYCLER\NPROTECT\00000079
C:\RECYCLER\NPROTECT\00000080
C:\RECYCLER\NPROTECT\00000081
C:\RECYCLER\NPROTECT\00000083
C:\RECYCLER\NPROTECT\00000084
C:\RECYCLER\NPROTECT\00000085
C:\RECYCLER\NPROTECT\00000086
C:\RECYCLER\NPROTECT\00000087
C:\RECYCLER\NPROTECT\00000088
C:\RECYCLER\NPROTECT\00000089
C:\RECYCLER\NPROTECT\00000090
C:\RECYCLER\NPROTECT\00000091
C:\RECYCLER\NPROTECT\00000092
C:\RECYCLER\NPROTECT\00000093
C:\RECYCLER\NPROTECT\00000094
C:\RECYCLER\NPROTECT\00000095
C:\RECYCLER\NPROTECT\00000099
C:\RECYCLER\NPROTECT\00000100.dat
C:\RECYCLER\NPROTECT\00000101.dat
C:\RECYCLER\NPROTECT\00000103
C:\RECYCLER\NPROTECT\00000104
C:\RECYCLER\NPROTECT\00000105
C:\RECYCLER\NPROTECT\00000106
C:\RECYCLER\NPROTECT\00000107
C:\RECYCLER\NPROTECT\00000108
C:\RECYCLER\NPROTECT\00000109
C:\RECYCLER\NPROTECT\00000110
C:\RECYCLER\NPROTECT\00000112
C:\RECYCLER\NPROTECT\00000114.dat
C:\RECYCLER\NPROTECT\00000116
C:\RECYCLER\NPROTECT\00000117.bat
C:\RECYCLER\NPROTECT\00000118
C:\RECYCLER\NPROTECT\00000119
C:\RECYCLER\NPROTECT\00000121
C:\RECYCLER\NPROTECT\00000123
C:\RECYCLER\NPROTECT\00000124
C:\RECYCLER\NPROTECT\00000125
C:\RECYCLER\NPROTECT\00000128
C:\RECYCLER\NPROTECT\00000129
C:\RECYCLER\NPROTECT\00000130
C:\RECYCLER\NPROTECT\00000131
C:\RECYCLER\NPROTECT\00000133
C:\RECYCLER\NPROTECT\00000134
C:\RECYCLER\NPROTECT\00000135
C:\RECYCLER\NPROTECT\00000136
C:\RECYCLER\NPROTECT\00000137
C:\RECYCLER\NPROTECT\00000138
C:\RECYCLER\NPROTECT\00000139
C:\RECYCLER\NPROTECT\00000140
C:\RECYCLER\NPROTECT\00000141
C:\RECYCLER\NPROTECT\00000142
C:\RECYCLER\NPROTECT\00000143
C:\RECYCLER\NPROTECT\00000144
C:\RECYCLER\NPROTECT\00000145
C:\RECYCLER\NPROTECT\00000146
C:\RECYCLER\NPROTECT\00000147
C:\RECYCLER\NPROTECT\00000148
C:\RECYCLER\NPROTECT\00000149
C:\RECYCLER\NPROTECT\00000151
C:\RECYCLER\NPROTECT\00000152
C:\RECYCLER\NPROTECT\00000155
C:\RECYCLER\NPROTECT\00000158
C:\RECYCLER\NPROTECT\00000159
C:\RECYCLER\NPROTECT\00000160
C:\RECYCLER\NPROTECT\00000161
C:\RECYCLER\NPROTECT\00000162.dat
C:\RECYCLER\NPROTECT\00000163
C:\RECYCLER\NPROTECT\00000164.bad
C:\RECYCLER\NPROTECT\00000165
C:\RECYCLER\NPROTECT\00000166
C:\RECYCLER\NPROTECT\00000167
C:\RECYCLER\NPROTECT\00000168
C:\RECYCLER\NPROTECT\00000169
C:\RECYCLER\NPROTECT\00000175.md5
C:\RECYCLER\NPROTECT\00000182
C:\RECYCLER\NPROTECT\00000183
C:\RECYCLER\NPROTECT\00002707.DAT
C:\RECYCLER\NPROTECT\00002708.DAT
C:\RECYCLER\NPROTECT\00002709
C:\RECYCLER\NPROTECT\00002710
C:\RECYCLER\NPROTECT\00002711
C:\RECYCLER\NPROTECT\00002712
C:\RECYCLER\NPROTECT\00002714
C:\RECYCLER\NPROTECT\00002716
C:\RECYCLER\NPROTECT\NPROTECT.LOG . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-29 08:26:01 . 2010-04-29 08:26:01 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-04-28 20:35:53 . 2010-04-12 22:29:19 411368 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2010-04-28 02:00:33 . 2010-04-28 02:00:33 -------- d-----w- C:\Documents and Settings\Beach Master\Application Data\Malwarebytes
2010-04-27 19:05:44 . 2010-04-27 19:05:44 -------- d-----w- C:\Documents and Settings\Dana\Application Data\Malwarebytes
2010-04-27 19:05:29 . 2010-03-30 05:46:30 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-04-27 19:05:27 . 2010-04-27 19:05:27 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-27 19:05:26 . 2010-04-27 19:05:31 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-27 19:05:26 . 2010-03-30 05:45:52 20824 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-04-27 18:55:36 . 2010-04-27 18:55:42 -------- d-----w- C:\Program Files\CCleaner
2010-04-27 13:08:00 . 2010-04-27 13:08:00 -------- d-----w- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 11:27:47 . 2008-02-13 09:10:46 -------- d-----w- C:\Documents and Settings\Dana\Application Data\Skype
2010-04-29 11:26:38 . 2009-06-08 17:35:52 -------- d-----w- C:\Documents and Settings\Dana\Application Data\StarOffice8
2010-04-29 11:25:37 . 2006-03-30 16:22:34 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-04-28 20:36:11 . 2010-04-28 20:36:11 61440 ----a-w- C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-22a46e1f-n\decora-sse.dll
2010-04-28 20:36:11 . 2010-04-28 20:36:11 12800 ----a-w- C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-22a46e1f-n\decora-d3d.dll
2010-04-28 20:36:06 . 2006-01-20 05:02:39 -------- d-----w- C:\Program Files\Common Files\Java
2010-04-28 20:36:04 . 2010-04-28 20:36:04 503808 ----a-w- C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74ba522f-n\msvcp71.dll
2010-04-28 20:36:04 . 2010-04-28 20:36:04 499712 ----a-w- C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74ba522f-n\jmc.dll
2010-04-28 20:36:04 . 2010-04-28 20:36:04 348160 ----a-w- C:\Documents and Settings\Dana\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-74ba522f-n\msvcr71.dll
2010-04-28 20:35:52 . 2006-01-20 05:02:39 -------- d-----w- C:\Program Files\Java
2010-04-27 18:59:29 . 2006-03-30 00:06:24 -------- d-----w- C:\Program Files\GetRight
2010-04-27 17:50:32 . 2006-03-29 18:00:56 848 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys
2010-04-27 13:08:01 . 2010-04-27 13:08:01 388096 ----a-r- C:\Documents and Settings\Dana\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-27 02:19:04 . 2010-03-07 17:40:33 439816 ----a-w- C:\Documents and Settings\Dana\Application Data\Real\Update\setup3.10\setup.exe
2010-04-22 00:38:58 . 2006-12-27 16:55:29 -------- d-----w- C:\Program Files\Picasa2
2010-04-15 08:06:31 . 2007-06-05 17:21:22 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-03-17 14:20:57 . 2009-08-14 18:56:57 -------- d-----w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker
2010-03-10 22:43:31 . 2009-08-14 18:56:56 -------- d-----w- C:\Documents and Settings\Beach Master\Application Data\InstallShield Installation Information
2010-03-10 22:43:30 . 2010-03-10 22:43:30 253690 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\uninstall.exe
2010-03-10 06:15:52 . 2004-08-10 18:51:27 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-03-08 01:31:22 . 2010-03-07 23:34:47 79488 ----a-w- C:\Documents and Settings\Dana\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-08 01:24:18 . 2008-02-13 03:49:52 -------- d-----w- C:\Program Files\Spyware Doctor
2010-03-08 01:23:28 . 2008-02-13 03:50:10 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-07 19:39:02 . 2008-02-13 04:17:19 -------- d-----w- C:\Program Files\DivX
2010-03-07 19:39:01 . 2006-12-27 16:55:40 -------- d-----w- C:\Program Files\Lavasoft
2010-03-07 19:37:21 . 2007-01-10 18:37:26 -------- d-----w- C:\Program Files\Quicken
2010-03-07 19:36:56 . 2007-10-12 15:58:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-07 19:36:14 . 2007-10-12 15:58:32 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-03-07 17:49:08 . 2009-05-20 17:58:18 -------- d-----w- C:\Program Files\PokerStars
2010-03-07 17:34:49 . 2006-03-20 20:25:15 219440 ----a-w- C:\Documents and Settings\Dana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-03 19:59:34 . 2010-03-03 19:59:34 7188480 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\FullTiltPoker.exe
2010-03-03 19:51:02 . 2010-03-03 19:51:02 270336 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\QtSvg4.dll
2010-03-03 19:51:00 . 2010-03-03 19:51:00 9437184 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\QtWebKit4.dll
2010-03-03 19:50:52 . 2010-03-03 19:50:52 262144 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\phonon4.dll
2010-03-03 19:50:52 . 2010-03-03 19:50:52 2015232 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\QtCore4.dll
2010-03-03 19:50:44 . 2010-03-03 19:50:44 7442432 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\QtGui4.dll
2010-03-03 19:50:34 . 2010-03-03 19:50:34 901120 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\QtNetwork4.dll
2010-03-03 19:50:34 . 2010-03-03 19:50:34 360448 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\QtXml4.dll
2010-03-03 19:50:34 . 2010-03-03 19:50:34 192512 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\QtSql4.dll
2010-03-03 19:47:42 . 2010-03-03 19:47:42 184320 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\updater.exe
2010-03-03 19:46:52 . 2010-03-03 19:46:52 185632 ----a-w- C:\Documents and Settings\Beach Master\Application Data\Full Tilt Poker\StmOCX.dll
2010-02-25 06:24:37 . 2004-08-10 18:51:29 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-02-24 12:31:30 . 2006-01-20 04:48:26 454016 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2010-02-20 19:20:47 . 2008-07-30 01:11:19 219440 ----a-w- C:\Documents and Settings\Beach Master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-19 23:47:50 . 2010-02-19 23:47:50 3604480 ----a-w- C:\WINDOWS\system32\GPhotos.scr
2010-02-16 13:17:38 . 2004-08-10 18:51:17 2137088 ------w- C:\WINDOWS\system32\ntoskrnl.exe
2010-02-16 12:39:04 . 2004-08-04 04:59:00 2016768 ------w- C:\WINDOWS\system32\ntkrnlpa.exe
2010-02-12 04:47:05 . 2004-08-10 18:50:53 100864 ----a-w- C:\WINDOWS\system32\6to4svc.dll
2010-02-11 12:01:43 . 2004-08-10 18:51:26 226880 ----a-w- C:\WINDOWS\system32\drivers\tcpip6.sys
2006-03-30 16:24:17 . 2006-03-30 16:24:17 32 --sha-w- C:\WINDOWS\{2C2A965E-1855-43EE-A397-D73454170914}.dat
2006-03-30 16:24:17 . 2006-03-30 16:24:17 32 --sha-w- C:\WINDOWS\system32\{96C37846-0610-462D-8D96-EC0F059F1E89}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-06-02 16:56:00 24264488]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 15:18:24 3660848]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 16:34:02 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 01:42:54 1404928]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-01 03:05:00 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 22:19:56 53248]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 22:30:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 22:30:30 81920]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 07:05:00 127035]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-20 04:22:38 50880]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-20 04:23:16 34504]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-27 04:35:06 79480]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-04-03 19:16:22 100056]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-12-10 20:35:52 323216]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 21:35:40 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 21:32:24 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 21:36:20 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-17 16:01:18 282624]
"fssui"="C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 16:12:58 243240]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 16:01:16 319488]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-05-14 17:59:31 198160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 22:10:28 35696]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 05:12:54 49152]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 16:43:18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 15:04:28 54936]

C:\Documents and Settings\Dana\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2007-8-17 122880]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-4-12 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TrayMin700.exe.lnk - C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe [2008-3-18 278528]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-3-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R2 MioNet;MioNet Service;C:\Program Files\MioNet\MioNetManager.exe [7/15/2005 3:38:33 PM 139264]
R2 NProtectService;Norton Unerase Protection;C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [3/30/2006 11:23:49 AM 135168]
S3 PAC207;Basic Webcam;C:\WINDOWS\system32\drivers\PFC027.SYS [11/20/2006 8:48:40 AM 506112]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\drivers\phc700.sys [3/18/2008 11:21:53 PM 541568]
.
Contents of the 'Scheduled Tasks' folder

2010-04-29 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20:38 . 2007-10-19 16:20:38]

2010-04-17 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NAVW32.exe [2002-08-20 04:24:48 . 2002-11-15 01:31:10]

2010-04-23 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2007-09-19 05:42:42 . 2007-09-19 05:42:42]

2010-03-08 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2006-03-30 16:22:59 . 2002-08-07 15:04:28]

2010-04-29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{82F72DA8-E6FF-42CB-BB39-99586FF9AE48}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 16:58:32 . 2009-03-08 09:31:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
is this all i was to send to you

You see these:

C:\RECYCLER\NPROTECT\00000000.DAT

That's norton Recycle Bin so you need to empy the norton Recycle Bin...

Other than this your log is fine. It was cut off again, but that's OK... I looked at the other ComboFix log....


Malwarebytes cleaned what needed to be clean. I feel Internet Explorer is not malware related. So lets do the following:

Try IEFix at:

http://windowsxp.mvps.org/IEFIX.htm

Then use:

Please visit the links HERE and HERE first to read about this new Microsoft tool!

Then you can download and use: Microsoft Fix it Center Online
Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!
It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.

Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.

• Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.
  
  
• Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.
  
  
• Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.
  

Let me know after you had run all the troubleshooters on your pc if it corrected your problem.

good morning kenny i just wanted you to know that right now my computor is back to normal i havnt done the last step yet should i still do this and i would like to leave a donation for all your help and im sure i will be back in the future.. now is there something i can do to prevent this from happening again. thank you so much you are wonderful...

Aww, Shucks!

As for Microsoft Fix it Center Online there's no need to run it.

Your Computer is Clean






Some final items:


Follow these steps to uninstall Combofix and tools used in the removal of malware

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.
  

Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Secunia software inspector & update checker

My Blog Malware And Spyware Tips

Also, see here for system improvement: Help! My computer is slow!


It was a pleasure working with you Dana.