infected with a trojan.brisv.A!inf

Not quite sure how it happened but have tried pretty much everything I was told to try. The norton scans would not pick up the virus sometimes but still have it under unresolved risks. I followed the steps from your web site. Here is my log. thx.

Logfile of Trend Micro

HijackThis v2.0.2
Scan saved at 1:57:24 PM, on

2/7/2009
Platform: Windows XP SP3

(WinNT 5.01.2600)
MSIE: Internet Explorer

v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.ex

e
C:\WINDOWS\system32\winlogon

.exe
C:\WINDOWS\system32\services

.exe
C:\WINDOWS\system32\lsass.ex

e
C:\WINDOWS\system32\svchost.

exe
C:\WINDOWS\system32\svchost.

exe
C:\WINDOWS\System32\svchost.

exe
C:\WINDOWS\System32\svchost.

exe
C:\WINDOWS\System32\svchost.

exe
C:\WINDOWS\system32\spoolsv.

exe
C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleMobileDevic

eService.exe
C:\Program

Files\Bonjour\mDNSResponder.

exe
C:\Program

Files\COMPAQ\Compaq

Advisor\bin\compaq-rba.exe
C:\Program Files\Common

Files\Portrait

Displays\Shared\DTSRVC.exe
C:\Program

Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\NMSSvc.e

xe
C:\Program Files\Norton

Internet

Security\Engine\16.2.0.7\ccS

vcHst.exe
C:\WINDOWS\System32\nvsvc32.

exe
C:\WINDOWS\System32\svchost.

exe
C:\WINDOWS\System32\MsPMSPSv

.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton

Internet

Security\Engine\16.2.0.7\ccS

vcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.e

xe
C:\PROGRA~1\QUICKENW\QAGENT.

EXE
C:\WINDOWS\system32\PROMon.e

xe
C:\Program

Files\iTunes\iTunesHelper.ex

e
C:\WINDOWS\system32\mrtMngr.

EXE
C:\Program Files\Portrait

Displays\HP My

Display\DTHtml.exe
C:\Program Files\COMPAQ\Easy

Access Button

Support\StartEAK.exe
C:\WINDOWS\system32\carpserv

.exe
C:\Program Files\Common

Files\Portrait

Displays\Shared\HookManager.

exe
C:\Program Files\Compaq\Easy

Access Button

Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EX

E
C:\PROGRA~1\Compaq\EASYAC~1\

BttnServ.exe
C:\Program Files\Common

Files\Microsoft Shared\Works

Shared\wkcalrem.exe
C:\Program

Files\iPod\bin\iPodService.e

xe
C:\Program Files\Common

Files\Real\Update_OB\realsch

ed.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\Program

Files\Java\jre6\bin\javaw.ex

e
C:\WINDOWS\system32\notepad.

exe
C:\Documents and

Settings\RALPH\Desktop\hijac

kgpthis.exe
C:\WINDOWS\System32\wbem\wmi

prvse.exe

R1 -

HKCU\Software\Microsoft\Inte

rnet Explorer\Main,Search

Bar =

http://www.yahoo.com/search/

ie.html
R0 -

HKCU\Software\Microsoft\Inte

rnet Explorer\Main,Start

Page = http://www.yahoo.com/
R1 -

HKLM\Software\Microsoft\Inte

rnet

Explorer\Main,Default_Page_U

RL =

http://go.microsoft.com/fwli

nk/?LinkId=69157
R1 -

HKLM\Software\Microsoft\Inte

rnet

Explorer\Main,Default_Search

_URL =

http://go.microsoft.com/fwli

nk/?LinkId=54896
R1 -

HKLM\Software\Microsoft\Inte

rnet Explorer\Main,Search

Bar =

http://rd.yahoo.com/customiz

e/yessentials_cq/defaults/sb

/*http://www.yahoo.com/searc

h/ie.html
R0 -

HKLM\Software\Microsoft\Inte

rnet Explorer\Main,Start

Page =

http://go.microsoft.com/fwli

nk/?LinkId=69157
R1 -

HKCU\Software\Microsoft\Inte

rnet

Explorer\SearchURL,(Default)

=

http://us.rd.yahoo.com/custo

mize/ie/defaults/su/msgr8/*h

ttp://www.yahoo.com
R1 -

HKCU\Software\Microsoft\Inte

rnet Explorer\Main,Window

Title = Microsoft Internet

Explorer provided by Compaq
R1 -

HKCU\Software\Microsoft\Wind

ows\CurrentVersion\Internet

Settings,ProxyOverride =

*.local
R3 - URLSearchHook: Yahoo!

Toolbar -

{EF99BD32-C1FB-11D2-892F-009

0271D4F88} - C:\Program

Files\Yahoo!\Companion\Insta

lls\cpn\yt.dll
N3 - Netscape 7:

user_pref("browser.startup.h

omepage",

"http://home.netscape.com/bo

okmark/7_0/home.html");

(C:\Documents and

Settings\RALPH\Application

Data\Mozilla\Profiles\defaul

t\r9eiari2.slt\prefs.js)
N3 - Netscape 7:

user_pref("browser.search.de

faultengine",

"engine://C%3A%5CProgram%20F

iles%5CNetscape%5CNetscape%2

06%5Csearchplugins%5CSBWeb_0

1.src"); (C:\Documents and

Settings\RALPH\Application

Data\Mozilla\Profiles\defaul

t\r9eiari2.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar

Helper -

{02478D38-C3F9-4EFB-9B51-769

5ECA05670} - C:\Program

Files\Yahoo!\Companion\Insta

lls\cpn\yt.dll
O2 - BHO: Adobe PDF Reader

Link Helper -

{06849E9F-C8D7-4D59-B87D-784

B7D6BE0B3} - C:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\

AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-FA5

78C2EBDC3} - C:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\

AcroIEHelperShim.dll
O2 - BHO: PCTools Site Guard

-

{5C8B2A36-3DB1-42A4-A3CB-D42

6709BBFEB} -

C:\PROGRA~1\SPYWAR~2\tools\i

esdsg.dll
O2 - BHO: Symantec NCO BHO -

{602ADB0E-4AFF-4217-8AA1-95D

AC4DFA408} - C:\Program

Files\Norton Internet

Security\Engine\16.2.0.7\coI

EPlg.dll
O2 - BHO: Symantec Intrusion

Prevention -

{6D53EC84-6AAE-4787-AEEE-F46

28F01010C} - C:\Program

Files\Norton Internet

Security\Engine\16.2.0.7\IPS

BHO.DLL
O2 - BHO: Java(tm) Plug-In

SSV Helper -

{761497BB-D6F0-462C-B6EB-D4D

AF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live

Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-516

4760863C6} - C:\Program

Files\Common Files\Microsoft

Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser

Monitor -

{B56A7D7D-6927-48C8-A975-17D

F180C71AC} -

C:\PROGRA~1\SPYWAR~2\tools\i

esdpb.dll
O2 - BHO: Java(tm) Plug-In 2

SSV Helper -

{DBC80044-A445-435b-BC74-9C2

5C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.d

ll
O2 - BHO:

JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EAB

FE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\j

qs\ie\jqs_plugin.dll
O2 - BHO: (no name) -

{FDD3B846-8D59-4ffb-8758-209

B6AD74ACC} - C:\Program

Files\Microsoft

Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar

-

{EF99BD32-C1FB-11D2-892F-009

0271D4F88} - C:\Program

Files\Yahoo!\Companion\Insta

lls\cpn\yt.dll
O3 - Toolbar: Norton Toolbar

-

{7FEBEFE3-6B19-4349-98D2-FFB

09D4B49CA} - C:\Program

Files\Norton Internet

Security\Engine\16.2.0.7\coI

EPlg.dll
O4 - HKLM\..\Run: [UMonit]

C:\WINDOWS\system32\umonit.e

xe
O4 - HKLM\..\Run:

[WCOLOREAL] "C:\Program

Files\COMPAQ\Coloreal\colore

al.exe"
O4 - HKLM\..\Run:

[TkBellExe] "C:\Program

Files\Common

Files\Real\Update_OB\realsch

ed.exe" -osboot
O4 - HKLM\..\Run:

[SunJavaUpdateSched]

"C:\Program

Files\Java\jre6\bin\jusched.

exe"
O4 - HKLM\..\Run: [srmclean]

C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [QuickTime

Task] "C:\Program

Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [QAGENT]

C:\PROGRA~1\QUICKENW\QAGENT.

EXE
O4 - HKLM\..\Run:

[PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Prein]

C:\DOCUME~1\RALPH\LOCALS~1\T

emp\app4F1.tmp
O4 - HKLM\..\Run:

[PerfectOptimizer]

C:\Program Files\Perfect

Optimizer\PerfectOptimizer.e

xe
O4 - HKLM\..\Run:

[NvCplDaemon] RUNDLL32.EXE

NvQTwk,NvCplDaemon

initialize
O4 - HKLM\..\Run: [Microsoft

Works Update Detection]

C:\Program Files\Microsoft

Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft

Works Portfolio] C:\Program

Files\Microsoft

Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run:

[iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.ex

e"
O4 - HKLM\..\Run: [DT HPW]

C:\Program Files\Portrait

Displays\HP My

Display\DTHtml.exe

-startup_folder
O4 - HKLM\..\Run:

[CPQEASYACC] C:\Program

Files\COMPAQ\Easy Access

Button Support\StartEAK.exe
O4 - HKLM\..\Run:

[CARPService] carpserv.exe
O4 - HKLM\..\Run:

[AppleSyncNotifier]

C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleSyncNotifie

r.exe
O4 - HKLM\..\Run:

[AdaptecDirectCD]

"C:\Program Files\Roxio\Easy

CD Creator

5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe

Reader Speed Launcher]

"C:\Program

Files\Adobe\Reader

9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr]

"C:\Program Files\MSN

Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run:

[MoneyAgent] "C:\Program

Files\Microsoft

Money\System\Money

Express.exe"
O4 - HKCU\..\Run:

[ctfmon.exe]

C:\WINDOWS\system32\ctfmon.e

xe
O4 - HKCU\..\RunOnce: []

C:\Program Files\Mozilla

Firefox\firefox.exe

http://www.symantec.com/tech

supp/servlet/ProductMessages

?module=2009&error=0&languag

e=en&product=SymNRT&version=

2009.0.0.37&build=Symantec&a

=00000082.00000049.000000bb&

b=00000083.00000019.000000B1

&c=00000083.0000001A.000000B

7&d=00000083.00000028.000000

D8
O4 - HKUS\S-1-5-18\..\Run:

[Spyware Doctor] (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:

[Spyware Doctor] (User

'Default user')
O4 - Startup: PowerReg

Scheduler.exe
O4 - Global Startup:

Microsoft Works Calendar

Reminders.lnk = ?
O9 - Extra button: Spyware

Doctor -

{2D663D1A-8670-49D9-A1A5-4C5

6B4E14E84} -

C:\PROGRA~1\SPYWAR~2\tools\i

esdpb.dll
O9 - Extra button:

PokerStars -

{3AD14F0C-ED16-4e43-B6D8-661

B03F6A1EF} - C:\Program

Files\PokerStars\PokerStarsU

pdate.exe
O9 - Extra button: Real.com

-

{CD67F990-D8E9-11d2-98FE-00C

0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.

dll
O9 - Extra button: MoneySide

-

{E023F504-0C5A-4750-A1E7-A90

46DEA8A21} - C:\Program

Files\Microsoft

Money\System\mnyviewer.dll
O9 - Extra button: (no name)

-

{e2e2dd38-d088-4134-82b7-f2b

a38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2b

a38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger

-

{FB5F1910-F110-11d2-BB9E-00C

04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C

04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop:

C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dl

l
O14 - IERESET.INF:

START_PAGE_URL=http://store.

presario.net/scripts/redirec

tors/presario/storeredir2.dl

l?s=consumerfav&c=2c02&lc=04

09
O16 - DPF:

{11260943-421B-11D0-8EAC-000

0C07D88CF} (iPIX ActiveX

Control) -

http://www.ipix.com/viewers/

ipixx.cab
O16 - DPF:

{1695C611-186A-4355-B777-0D8

5B325F07F} -

http://espn.go.com/espnmotio

n/espnmotion.cab
O16 - DPF:

{17492023-C23A-453E-A040-C7C

580BBF700} (Windows Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwli

nk/?linkid=39204
O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1

d4f56a2ab} (YInstStarter

Class) - C:\Program

Files\Yahoo!\Common\yinsthel

per.dll
O16 - DPF:

{352797A0-EFD0-4FA6-B229-145

120EA4B8A} (Walt Disney

Internet Group Hardware

Control) -

https://disneyblast.go.com/v

3/setup/activex/DIGHardwareC

ontrol.cab
O16 - DPF:

{41F17733-B041-4099-A042-B51

8BB6A408C} -

http://a1540.g.akamai.net/7/

1540/52/20021205/qtinstall.i

nfo.apple.com/borris/us/win/

QuickTimeInstaller.exe
O16 - DPF:

{54B52E52-8000-4413-BD67-FC7

FE24B59F2} (EARTPatchX

Class) -

http://www.ea.com/downloads/

rtpatch/v2/EARTPX.cab
O16 - DPF:

{62475759-9E84-458E-A1AB-5D2

C442ADFDE} -

http://a1540.g.akamai.net/7/

1540/52/20031216/qtinstall.i

nfo.apple.com/mickey/us/win/

QuickTimeInstaller.exe
O16 - DPF:

{644E432F-49D3-41A1-8DD5-E09

9162EEEC5} (Symantec RuFSI

Utility Class) -

http://security.symantec.com

/sscv6/SharedContent/common/

bin/cabsa.cab
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1

FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/

microsoftupdate/v6/V5Control

s/en/x86/client/muweb_site.c

ab?1124137993031
O16 - DPF:

{AB29A544-D6B4-4E36-A1F8-D3E

34FC7B00A} -

http://install.wildtangent.c

om/bgn/partners/wtgeneric/li

lostitchpinball/install.cab
O16 - DPF:

{C2FCEF52-ACE9-11D3-BEBD-001

05AA9B6AE} (Symantec RuFSI

Registry Information Class)

-

http://security.symantec.com

/SSC/SharedContent/common/bi

n/cabsa.cab
O16 - DPF:

{D27CDB6E-AE6D-11CF-96B8-444

553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedi

a.com/get/shockwave/cabs/fla

sh/swflash.cab
O16 - DPF:

{E77C0D62-882A-456F-AD8F-7C6

C9569B8C7} -

https://www-secure.symantec.

com/techsupp/activedata/Acti

veData.cab
O18 - Protocol: symres -

{AA1061FE-6C41-421F-9344-696

40C9732AB} - C:\Program

Files\Norton Internet

Security\Engine\16.2.0.7\coI

EPlg.dll
O18 - Filter hijack:

text/html - (no CLSID) - (no

file)
O23 - Service: Apple Mobile

Device - Apple Inc. -

C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleMobileDevic

eService.exe
O23 - Service: Bonjour

Service - Apple Inc. -

C:\Program

Files\Bonjour\mDNSResponder.

exe
O23 - Service: Compaq

Advisor (Compaq_RBA) -

NeoPlanet - C:\Program

Files\COMPAQ\Compaq

Advisor\bin\compaq-rba.exe
O23 - Service: Portrait

Displays Display Tune

Service (DTSRVC) - Unknown

owner - C:\Program

Files\Common Files\Portrait

Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver

Table Manager (IDriverT) -

Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\1

1\Intel 32\IDriverT.exe
O23 - Service: iPod Service

- Apple Inc. - C:\Program

Files\iPod\bin\iPodService.e

xe
O23 - Service: Java Quick

Starter

(JavaQuickStarterService) -

Sun Microsystems, Inc. -

C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: Content

Monitoring Tool (msCMTSrvc)

- Unknown owner -

C:\WINDOWS\system32\msCMTSrv

c.exe (file missing)
O23 - Service: Intel(R) NMS

(NMSSvc) - Intel Corporation

-

C:\WINDOWS\System32\NMSSvc.e

xe
O23 - Service: Norton

Internet Security - Symantec

Corporation - C:\Program

Files\Norton Internet

Security\Engine\16.2.0.7\ccS

vcHst.exe
O23 - Service: NVIDIA Driver

Helper Service (NVSvc) -

NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.

exe

--
End of file - 12845 bytes

Hello.
Can't read that, please turn off Word Wrap in Notepad.
This can be found in the Format menu.

Sorry about that, I thought I disabled it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:24 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\QUICKENW\QAGENT.EXE
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\RALPH\Desktop\hijackgpthis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\RALPH\Application Data\Mozilla\Profiles\default\r9eiari2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RALPH\Application Data\Mozilla\Profiles\default\r9eiari2.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] C:\PROGRA~1\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\RALPH\LOCALS~1\Temp\app4F1.tmp
O4 - HKLM\..\Run: [PerfectOptimizer] C:\Program Files\Perfect Optimizer\PerfectOptimizer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.37&build=Symantec&a=00000082.00000049.000000bb&b=00000083.00000019.000000B1&c=00000083.0000001A.000000B7&d=00000083.00000028.000000D8
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1695C611-186A-4355-B777-0D85B325F07F} - http://espn.go.com/espnmotion/espnmotion.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124137993031
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/wtgeneric/lilostitchpinball/install.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 12845 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [Prein] C:\DOCUME~1\RALPH\LOCALS~1\Temp\app4F1.tmp
  O4 - HKCU\..\RunOnce: [] C:\Program Files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.37&build=Symantec&a=00000082.00000049.000000bb&b=00000083.00000019.000000B1&c=00000083.0000001A.000000B7&d=00000083.00000028.000000D8
  O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
  O4 - Startup: PowerReg Scheduler.exe
  O18 - Filter hijack: text/html - (no CLSID) - (no file)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Lets take a look around.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  Link 3
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

DDS (Ver_09-01-07.01) - NTFSx86
Run by RALPH at 15:31:51.14 on Sat 02/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.153 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\QUICKENW\QAGENT.EXE
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\RALPH\Desktop\dds.com
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uWindow Title = Microsoft Internet Explorer provided by Compaq
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mSearch Page =
mSearch Bar = hxxp://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~2\tools\iesdsg.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~2\tools\iesdpb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {014DA6C9-189F-421A-88CD-07CFE51CFF10} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll
uRun: [Sysres]
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UMonit] c:\windows\system32\umonit.exe
mRun: [WCOLOREAL] "c:\program files\compaq\coloreal\coloreal.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QAGENT] c:\progra~1\quickenw\QAGENT.EXE
mRun: [PROMon.exe] PROMon.exe
mRun: [PerfectOptimizer] c:\program files\perfect optimizer\PerfectOptimizer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [CPQEASYACC] c:\program files\compaq\easy access button support\StartEAK.exe
mRun: [CARPService] carpserv.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
mPolicies-explorer: =
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~2\tools\iesdpb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: aol.com\free
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli scecli scecli scecli scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ralph\applic~1\mozilla\firefox\profiles\cbfubeo7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\ralph\application data\mozilla\firefox\profiles\cbfubeo7.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2008-12-10 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2008-12-10 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090129.005\IDSxpx86.sys [2009-1-29 276344]
R1 ikhfile;File Security Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhfile.sys [2009-1-29 30592]
R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2009-1-29 51072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-16 99376]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090206.057\naveng.sys [2009-2-7 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090206.057\navex15.sys [2009-2-7 876112]
R4 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2002-8-9 34712]
R4 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2008-12-10 115560]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys --> c:\windows\system32\drivers\fixustor.sys [?]
S3 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\mscmtsrvc.exe --> c:\windows\system32\msCMTSrvc.exe [?]

=============== Created Last 30 ================

2009-02-07 13:12 16,939,928 a------- c:\program files\jre-6u12-windows-x64-p.exe
2009-02-05 22:57 0 -------- c:\program files\jre-6u11-windows-i586-p.exe
2009-02-05 22:56 --d----- c:\documents and settings\ralph\.SunDownloadManager
2009-02-03 18:21 a-d----- c:\program files\Norton Support
2009-01-31 20:00 --d----- c:\program files\WSEX Casino
2009-01-29 23:46 51,072 a------- c:\windows\system32\drivers\ikhlayer.sys
2009-01-29 23:46 30,592 a------- c:\windows\system32\drivers\ikhfile.sys
2009-01-29 00:09 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-27 21:20 --d----- c:\docume~1\ralph\applic~1\DisplayTune
2009-01-27 20:45 11,776 a------- c:\windows\system32\drivers\pdiddcci.sys
2009-01-27 20:43 15,920 a------- c:\windows\system32\drivers\PdiPorts.sys
2009-01-27 20:41 --d----- c:\program files\Portrait Displays
2009-01-27 20:41 --d----- c:\program files\common files\Portrait Displays
2009-01-13 12:29 --d----- c:\program files\Perfect Optimizer
2009-01-13 12:26 4,306,836 a------- c:\program files\PerfectOptimizer.exe

==================== Find3M ====================

2009-02-07 14:56 4,768 a------- c:\windows\compaq.reg
2009-02-05 22:57 1,226 a------- c:\program files\jre-6u11-windows-i586-p.exe.sdm
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 05:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-26 15:58 68,756,776 a------- c:\program files\iTunesSetup.exe
2008-11-25 16:02 112,221 a------- c:\program files\ZiPhoneWin-3.0.exe
2008-11-25 15:37 23,510,720 a------- c:\program files\dotnetfx.exe
2008-11-24 22:12 19,652,961 a------- c:\program files\InstallSnapfishPluginV3.exe
2008-11-13 09:22 74,171 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-29 11:28 2,017,783 a------- c:\program files\absetup.exe
2008-01-29 21:10 351,272 a------- c:\program files\InstallPlay65.exe
2007-09-29 19:01 6,016,952 a------- c:\program files\Firefox Setup 2.0.0.7.exe
2007-09-29 18:46 5,872,077 a------- c:\program files\netscape-navigator-9.0b3.exe
2007-02-25 16:39 4,212 a------- c:\program files\ReadMe.txt
2007-02-25 16:39 498,376 a------- c:\program files\setup.exe
2007-02-10 13:17 11,352,928 a------- c:\program files\sdsetup.exe
2006-03-08 10:30 4,250,506 a------- c:\program files\HIM - Wings Of A Butterfly.mp3
2006-02-15 14:14 673,360 a------- c:\program files\nsb-setup.exe
2006-02-01 20:53 300,896 a------- c:\program files\Play65.exe
2006-01-28 22:32 587,651 a------- c:\program files\defs.zip
2006-01-12 17:12 10,071,573 a------- c:\program files\kazaaplus.exe
2005-12-14 21:24 10,684,266 a------- c:\program files\WorldPX_Setup.exe
2005-09-12 15:28 578,504 a------- c:\program files\kazaa_setup.exe
2005-02-21 16:36 35,121,138 a------- c:\program files\NIS_Retail.EXE
2005-02-21 16:13 17,873,964 a------- c:\program files\NPM2004tb15.exe
2005-02-21 15:46 45,040 a------- c:\program files\setup2..exe
2005-02-21 15:39 63,488 a------- c:\program files\setup3.exe
2005-02-21 15:39 49,152 a------- c:\program files\setup2.exe
2004-12-27 21:58 63 a------- c:\program files\users.dat
2004-12-14 21:38 1,664 a------- c:\docume~1\ralph\applic~1\ViewerApp.dat
2004-11-04 16:08 589,824 a------- c:\program files\kmd.exe
2004-10-04 14:54 4,354,084 a------- c:\program files\spybotsd13.exe
2004-10-04 14:23 2,636,408 a------- c:\program files\aawsepersonal.exe
2004-10-02 13:30 3,349,760 a------- c:\program files\PokerStarsInstall.exe
2004-07-05 08:38 823,296 a------- c:\program files\winmx353.exe
2004-07-01 17:51 1,694,551 a------- c:\program files\aaw6181.exe
2004-06-19 23:07 2,224,544 a------- c:\program files\191244_ZIP.zip
2004-02-14 12:59 35,942,843 a------- c:\program files\NIS2004.exe
2004-02-08 11:45 490,608 a------- c:\program files\ie6setup.exe
2004-02-08 11:43 2,907,904 a------- c:\program files\Q832894.exe
2003-12-06 11:04 4,952,816 a------- c:\program files\SetupDl.exe
2003-11-05 20:34 488,032 a------- c:\program files\PopUpStopperFree.exe
2003-10-28 01:21 5,777,944 a------- c:\program files\WSEXpoker_setup.exe
2003-02-09 13:12 6,516,168 a------- c:\program files\Morph20.exe
2002-12-30 19:14 77,503 a------- c:\program files\securevault202.zip
2002-12-28 22:53 1,598,163 a------- c:\program files\SplashMoney2.71Installer.exe
2002-12-21 12:16 229,376 a------- c:\program files\SplashMoneyConduit.dll
2002-10-10 20:32 8,981,440 a------- c:\program files\ar505enu.exe
2002-09-03 23:46 784 a------- c:\docume~1\ralph\applic~1\mpauth.dat

============= FINISH: 15:34:43.46 ===============

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :services
  fixustor
  msCMTSrvc
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Last edited by Belahzur on 7th February 2009, 10:18 pm; edited 1 time in total

========== SERVICES/DRIVERS ==========
Service fixustor stopped successfully.
Service fixustor deleted successfully.
Service msCMTSrvc stopped successfully.
Service msCMTSrvc deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02072009_170841

Can you answer my question just above the OTMoveIt instructions.

dont know who's post that was but it wasn't mine.

So it was, thanks for letting me know. My mistake. :oops:
I have removed the post.

How is your machine now?

oh no problem. I haven't seen anything different in performance since norton originally detected this virus. Should I run scan again?

Go for it, let me know if it comes back clean.

the scan still came up with at least one. Scan is still running.

Does it say where it's detected them?

It is telling me that there are 2 files that begin with c:\recycler\s-1-5-21-784569582-1974565712-2106517767-1006\dc813\incomplete\t-3545425-theroadtozion.mp3 and one similar to this one. there was a previous result that also showed an infected file in c:\documents and settings\ralph\my documents\limewire and similar endings to the others. I no longer have limewire. thx.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\recycler\s-1-5-21-784569582-1974565712-2106517767-1006\dc813\incomplete
  c:\documents and settings\ralph\my documents\limewire
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
c:\recycler\s-1-5-21-784569582-1974565712-2106517767-1006\dc813\Incomplete moved successfully.
File/Folder c:\documents and settings\ralph\my documents\limewire not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02082009_102837
========== FILES ==========
c:\recycler\s-1-5-21-784569582-1974565712-2106517767-1006\dc813\Saved moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02082009_103145
I tried them on both files from the recycler, but the previous scans that showed limewire files could not be found maybe because I no longer have limewire. I deleted after the problems started to happen.

The Limewire folder doesn't exist, so don't know how it's finding it there.

I have run the scan and it no longer has the risks as unresolved risks and removed them.
woooohoooo. I cant thank you enough for undoing the mess my stupidity has caused. I appreciate the time and patience. I will talk to you again in another forum. I have had problems with my cpu that I would like to run some questions by you. thx again.

Hello.

• Please double-click OTMoveIt3.exe to run it.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt.
  
• It will start cleaning now, and will want to reboot after, please allow it to do so.
  
• It will make a log of what it has removed, but I don't need to see the log.
  

CPU questions can be posted in the hardware forum, but I might not be able to help, I know nothing about hardware, hence why I'm here in the software world.

just one last question, what kind of risk have I been exposed to for about a week and should I worry about info compromised. thx again.

Hello.
Nope, no info was compromised.

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.