Inactive Another redirect problem using IE8!

Status
Not open for further replies.
A

alexmck

Posts: 13   +0
Hi folks. Hope I'm doin this right - it's my first post to a board. Random redirects, sometimes to apparently innocent sites. Random attacks from Fake Antivirus Webpage Request, sometimes apparently coming from my own C: drive. I had a fake antivirus infection a couple of months ago. Thought I cleared it - hah! I have Norton 360, AntiMalware, AntiSpyware and eset scanner. This last finds two files that it does not like but can't deal with. XP SP3, 2 Gig RAM, nominal 160 Gig, in two partitions, C= 104 G with 33 free, NTFS, D= 7G FAT. This is a Compaq so it has System Recovery on the D: drive. I do believe update are all current (XP, Java, Adobe etc, but my router has no protection (because I am too far from the neighbors to allow eavesdropping). Log files for Malware and gmer follow, DDS is 20 Meg and Attach is 16 Meg. Plwase advise how to submit Thanks, Alex.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4718

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/29/2010 4:50:32 PM
mbam-log-2010-09-29 (16-50-32).txt

Scan type: Quick scan
Objects scanned: 158041
Time elapsed: 13 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-29 22:48:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\uxtcqkog.sys


---- System - GMER 1.0.15 ----

SSDT 8A074528 ZwAlertResumeThread
SSDT 8A074920 ZwAlertThread
SSDT 8A0650F8 ZwAllocateVirtualMemory
SSDT 8A072678 ZwAssignProcessToJobObject
SSDT 89F60C78 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB3F21210]
SSDT 8A19B5F0 ZwCreateMutant
SSDT 8A2CB8B8 ZwCreateSymbolicLinkObject
SSDT 8A274410 ZwCreateThread
SSDT 8A0727F0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB3F21490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB3F219F0]
SSDT 8A075728 ZwDuplicateObject
SSDT 8A1672A8 ZwFreeVirtualMemory
SSDT 8A073B70 ZwImpersonateAnonymousToken
SSDT 8A074268 ZwImpersonateThread
SSDT 89E4DB58 ZwLoadDriver
SSDT 8A271ED0 ZwMapViewOfSection
SSDT 8A073990 ZwOpenEvent
SSDT 8A07B708 ZwOpenProcess
SSDT 8A0760B0 ZwOpenProcessToken
SSDT 8A0730C8 ZwOpenSection
SSDT 8A0797A0 ZwOpenThread
SSDT 8A2851C8 ZwProtectVirtualMemory
SSDT 8A0749F8 ZwResumeThread
SSDT 8A0759F0 ZwSetContextThread
SSDT 8A1598D0 ZwSetInformationProcess
SSDT 8A072E90 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB3F21C40]
SSDT 8A0738B8 ZwSuspendProcess
SSDT 8A074CB0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB3DE7620]
SSDT 8A0753D0 ZwTerminateThread
SSDT 8A075B68 ZwUnmapViewOfSection
SSDT 8A1331B8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB67E63A0, 0x59FFE5, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
Welcome to TechSpot! Okay to split the logs to paste them in. It's a little more trouble for you but it saves me a great deal of time when I have to identify and process. With the 2 DDS logs and those from the 2 programs I'm having you run, it will take 'about' 4 posts- that is okay.

Be sure to check Format in Notepad and uncheck Word Wrap.

Go ahead and run the following also:

Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
===============================

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
Okay Bobbye. Here is the DDS log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Owner at 12:07:58.53 on Thu 09/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1394 [GMT -7:00]

AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\ggviewer81-61.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = 83.170.103.189:4040
uInternet Settings,ProxyOverride = 127.0.0.1
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\norton 360\engine\4.3.0.5\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Google Update] "c:\documents and settings\compaq_owner.your-d0f670b45a\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [OpAgent] "OpAgent.exe" /agent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ScanSoft OmniPage 16-reminder] "c:\program files\scansoft\omnipage16\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 16\ereg\Ereg.ini"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\alarmm~1.lnk - c:\program files\palmone\AlarmApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\l-expr~1.lnk - c:\program files\softissimo\lexibase pro\exe\L-Express.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: earthlink.net\webmail
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278833305015
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-9-23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-9-23 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100901.003\BHDrvx86.sys [2010-9-13 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-9-23 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-9-23 116784]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-6-7 66048]
R2 N360;Norton 360;c:\program files\norton 360\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-9-23 126392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-28 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20100928.001\IDSXpx86.sys [2010-9-28 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100929.002\NAVENG.SYS [2010-9-29 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100929.002\NAVEX15.SYS [2010-9-29 1371184]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2010-9-14 167808]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]

=============== Created Last 30 ================

2010-09-30 15:41:08 0 d-----w- C:\0fb20da498a5eaa36057035749db7b62
2010-09-26 23:49:43 395 ----a-w- c:\windows\MAXLINK.INI
2010-09-21 00:21:15 192 ----a-w- c:\documents and settings\compaq_owner.your-d0f670b45a\default.pls
2010-09-21 00:20:17 69 ----a-w- c:\windows\NeroDigital.ini
2010-09-19 18:22:35 0 d-----w- c:\docume~1\compaq~1.you\applic~1\DriverCure
2010-09-19 18:22:33 0 d-----w- c:\docume~1\compaq~1.you\applic~1\ParetoLogic
2010-09-19 18:22:13 0 d-----w- c:\program files\common files\ParetoLogic
2010-09-19 18:22:11 0 d-----w- c:\program files\ParetoLogic
2010-09-19 18:22:11 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-09-19 05:13:09 0 d-----w- c:\program files\common files\wcs
2010-09-19 05:13:09 0 d-----w- c:\program files\Chick Video Converter
2010-09-19 00:49:32 0 d-----w- c:\program files\common files\xing shared
2010-09-18 23:05:03 0 d-----w- c:\docume~1\compaq~1.you\applic~1\NVIDIA
2010-09-17 00:43:52 0 d-----w- c:\program files\WMCap
2010-09-16 22:57:17 0 d-----w- c:\documents and settings\compaq_owner.your-d0f670b45a\.get_iplayer
2010-09-16 22:57:07 0 d-----w- c:\documents and settings\all users\get_iplayer
2010-09-16 22:56:59 0 d-----w- c:\program files\get_iplayer
2010-09-16 20:10:16 0 d-----w- c:\program files\PixiePack Codec Pack
2010-09-16 20:08:23 0 d-----w- c:\program files\RapidSolution
2010-09-16 20:08:23 0 d-----w- c:\docume~1\alluse~1\applic~1\RapidSolution
2010-09-16 17:17:13 3251 ----a-w- c:\windows\system32\wbem\Outlook_01cb55c300c614da.mof
2010-09-15 23:32:44 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-09-15 23:32:33 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-15 23:32:29 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-15 23:32:29 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-15 23:32:29 0 ----a-w- c:\windows\system32\nvdrswr.lk
2010-09-15 23:32:06 0 d-----w- c:\program files\NVIDIA Corporation
2010-09-15 23:31:12 7959 ----a-w- c:\windows\system32\nvinfo.pb
2010-09-15 23:31:12 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-15 23:31:09 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-15 23:31:09 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-15 23:31:09 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-15 23:31:08 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-09-15 23:30:57 0 d-----w- C:\NVIDIA
2010-09-15 05:03:31 8 ----a-w- c:\windows\system32\nvModes.dat
2010-09-15 03:43:40 167808 ----a-w- c:\windows\system32\drivers\wg111v2.sys
2010-09-15 03:43:38 13532 ----a-w- c:\windows\system32\drivers\SjyPkt.sys
2010-09-15 03:43:37 196608 ----a-w- c:\windows\system32\WG1v2Lib.dll
2010-09-15 03:43:37 155648 ----a-w- c:\windows\system32\IpLib.dll
2010-09-15 03:43:37 114688 ----a-r- c:\windows\system32\EnumDev111.dll
2010-09-15 01:24:59 206824 ----a-w- c:\windows\system32\nvapps.xml
2010-09-15 01:24:32 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-15 01:24:32 25836 ----a-w- c:\windows\system32\nvdisp.nvu
2010-09-15 01:24:32 0 d-----w- c:\windows\nview
2010-09-15 01:23:47 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-09-10 00:55:39 0 d-----w- c:\program files\Cloaker
2010-09-09 23:56:47 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-08 19:20:01 37920 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2010-09-02 23:59:25 0 d-----w- c:\windows\Performance

==================== Find3M ====================

2010-09-27 19:38:50 630 ----a-w- c:\docume~1\compaq~1.you\applic~1\wklnhst.dat
2010-09-19 03:26:13 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-09-19 03:26:13 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-09-19 03:26:13 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-09-19 03:26:08 59888 ------w- c:\windows\system32\pxwma.dll
2010-09-19 00:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-19 00:48:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-28 23:57:24 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-28 23:57:24 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-28 23:57:24 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-28 23:57:24 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-26 04:13:46 0 ----a-w- c:\program files\error.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-19 00:11:23 224725 ----a-w- c:\program files\freeapl.zip
2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 01:12:02 84530496 ----a-w- c:\program files\w_turbotax_1040_dlx_2009.15a.0100.exe
2010-07-15 00:50:40 111048968 ----a-w- c:\program files\w_turbotax_1040_dlx_2008.14d.0100.exe
2010-07-12 05:26:42 123185 ----a-w- c:\program files\SkypeSetup.exe
2010-07-09 23:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 22:38:00 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38:00 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-09 22:38:00 10604128 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-06-30 22:07:37 20331936 ----a-w- c:\program files\TomTomHOME2winlatest.exe
2010-06-30 21:08:07 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2010-06-30 01:35:03 30790848 ----a-w- c:\program files\earthlink setup_autofix.exe
2006-12-10 05:56:54 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 12:09:06.46 ===============
 
And here is the DDS ttach log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/27/2010 1:22:59 PM
System Uptime: 9/30/2010 3:59:54 AM (9 hours ago)

Motherboard: ASUSTeK Computer INC. | | Altair
Processor: Intel(R) Celeron(R) D CPU 3.20GHz | Socket 775 | 3200/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 105 GiB total, 33.03 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.354 GiB free.
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A30103C&REV_10\4&FB75CB&0&10A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A30103C&REV_10\4&FB75CB&0&10A4
Service: RTL8023xp

==== System Restore Points ===================

RP1: 8/28/2010 5:01:04 PM - System Checkpoint
RP2: 8/29/2010 5:09:41 PM - System Checkpoint
RP3: 8/30/2010 5:14:19 PM - System Checkpoint
RP4: 8/31/2010 7:28:03 PM - System Checkpoint
RP5: 9/1/2010 7:29:28 PM - System Checkpoint
RP6: 9/2/2010 4:58:16 PM - Installed Windows 7 Upgrade Advisor
RP7: 9/3/2010 7:07:34 PM - System Checkpoint
RP8: 9/5/2010 11:56:05 AM - Removed Windows 7 Upgrade Advisor
RP9: 9/6/2010 12:08:33 PM - System Checkpoint
RP10: 9/7/2010 7:50:19 PM - System Checkpoint
RP11: 9/9/2010 8:32:35 AM - System Checkpoint
RP12: 9/10/2010 9:19:44 AM - System Checkpoint
RP13: 9/11/2010 9:33:26 AM - System Checkpoint
RP14: 9/12/2010 12:26:45 PM - System Checkpoint
RP15: 9/13/2010 1:37:33 PM - System Checkpoint
RP16: 9/14/2010 5:18:11 PM - System Checkpoint
RP17: 9/14/2010 7:15:32 PM - Removed WG111v2 Configuration Utility
RP18: 9/14/2010 8:43:37 PM - Installed WG111v2 Configuration Utility
RP19: 9/14/2010 8:45:01 PM - Unsigned driver install
RP20: 9/15/2010 11:32:46 PM - Software Distribution Service 3.0
RP21: 9/16/2010 9:35:53 AM - Software Distribution Service 3.0
RP22: 9/16/2010 1:08:17 PM - Installed Tunebite
RP23: 9/16/2010 2:23:19 PM - Installed Windows Media Player 11
RP24: 9/16/2010 2:24:06 PM - Installed Windows XP Wudf01000.
RP25: 9/16/2010 2:26:29 PM - Installed Windows XP MSCompPackV1.
RP26: 9/18/2010 9:40:58 AM - System Checkpoint
RP27: 9/18/2010 4:30:09 PM - Installed DirectX
RP28: 9/18/2010 4:32:08 PM - Installed Nero 7 Ultra Edition
RP29: 9/18/2010 4:56:50 PM - Removed Nero 7 Ultra Edition
RP30: 9/18/2010 5:20:07 PM - Installed Nero 7 Ultra Edition
RP31: 9/18/2010 8:36:00 PM - Removed Nero 7 Ultra Edition
RP32: 9/18/2010 8:54:25 PM - Installed Nero 7 Ultra Edition
RP33: 9/19/2010 4:44:38 PM - Removed Nero 7 Ultra Edition
RP34: 9/19/2010 5:24:08 PM - Installed Nero 7 Ultra Edition
RP35: 9/20/2010 11:28:02 AM - Installed Java(TM) 6 Update 21
RP36: 9/21/2010 5:01:11 PM - System Checkpoint
RP37: 9/22/2010 6:55:40 PM - System Checkpoint
RP38: 9/24/2010 9:47:31 AM - System Checkpoint
RP39: 9/25/2010 12:25:29 PM - System Checkpoint
RP40: 9/26/2010 12:51:25 PM - System Checkpoint
RP41: 9/26/2010 4:47:18 PM - Installed ScanSoft OmniPage 16.
RP42: 9/27/2010 4:52:55 PM - System Checkpoint
RP43: 9/28/2010 7:24:51 PM - System Checkpoint
RP44: 9/29/2010 7:34:14 PM - System Checkpoint
RP45: 9/30/2010 8:40:53 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
Agere Systems PCI-SV92PP Soft Modem
AnswerWorks 5.0 English Runtime
ATI Display Driver
BBC iPlayer Desktop
Brother MFC-5890CN
Brother MFL-Pro Suite MFC-5890CN
CCleaner
Chick Video Converter
Destinations
DeviceManagementQFolder
ESET Online Scanner v3
get_iplayer 4.2
Google Chrome
Google Deskbar
Google Talk Plugin
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
Identity Cloaker
Java Auto Updater
Java(TM) 6 Update 21
Lexibase Pro
Logitech Desktop Messenger
Logitech SetPoint
Mah Jong Quest
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
Norton 360
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
ParetoLogic PC Health Advisor
PC-Doctor 5 for Windows
PixiePack Codec Pack
Quicken 2010
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
ScanSoft OmniPage 16
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 4.2
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
Tunebite
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
Uniblue RegistryBooster
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WG111v2 Configuration Utility
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WM Capture
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/30/2010 11:57:45 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
9/29/2010 4:25:01 PM, error: Service Control Manager [7034] - The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 4:25:00 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 4:24:59 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 4:24:59 PM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 4:24:59 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/29/2010 4:24:59 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
9/25/2010 9:18:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ViaIde
9/25/2010 9:18:45 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
9/24/2010 9:08:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
9/24/2010 9:08:43 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
 
Here is the first part of the Combofix log:

ComboFix 10-09-30.01 - Compaq_Owner 09/30/2010 16:02:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1361 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Recent\Thumbs.db
c:\documents and settings\Compaq_Owner\Application Data\alot
c:\documents and settings\Compaq_Owner\Application Data\inst.exe
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Windows Server
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
C:\ipconfig.txt
c:\windows\WOW32.DAT

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-30 15:41 . 2010-09-30 15:42 -------- d-----w- C:\0fb20da498a5eaa36057035749db7b62
2010-09-30 15:40 . 2010-09-30 15:40 -------- d-----w- c:\windows\LastGood
2010-09-20 00:31 . 2010-09-20 00:32 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Ahead
2010-09-20 00:29 . 2010-09-21 00:21 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Ahead
2010-09-20 00:24 . 2010-09-20 00:43 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-19 18:22 . 2010-09-19 18:22 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\DriverCure
2010-09-19 18:22 . 2010-09-19 18:22 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\ParetoLogic
2010-09-19 18:22 . 2010-09-19 18:22 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-09-19 18:22 . 2010-09-19 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-09-19 18:22 . 2010-09-19 18:22 -------- d-----w- c:\program files\ParetoLogic
2010-09-19 05:13 . 2010-09-19 05:17 -------- d-----w- c:\program files\Common Files\wcs
2010-09-19 05:13 . 2010-09-19 05:17 -------- d-----w- c:\program files\Chick Video Converter
2010-09-19 00:50 . 2010-09-19 00:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-09-19 00:50 . 2010-09-19 00:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-09-19 00:50 . 2010-09-19 00:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-09-19 00:50 . 2010-09-19 00:50 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-09-19 00:50 . 2010-09-19 00:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-09-19 00:50 . 2010-09-19 00:50 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-09-19 00:50 . 2010-09-19 00:50 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-09-19 00:50 . 2010-09-19 00:50 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-09-19 00:50 . 2010-09-19 00:50 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-09-19 00:49 . 2010-09-19 00:49 -------- d-----w- c:\program files\Common Files\xing shared
2010-09-18 23:05 . 2010-09-18 23:05 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\NVIDIA
2010-09-17 00:43 . 2010-09-23 01:09 -------- d-----w- c:\program files\WMCap
2010-09-16 23:09 . 2010-09-16 23:09 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\vlc
2010-09-16 22:57 . 2010-09-16 22:57 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\.get_iplayer
2010-09-16 22:57 . 2010-09-16 22:57 -------- d-----w- c:\documents and settings\All Users\get_iplayer
2010-09-16 22:56 . 2010-09-16 23:05 -------- d-----w- c:\program files\get_iplayer
2010-09-16 20:10 . 2010-09-16 20:10 -------- d-----w- c:\program files\PixiePack Codec Pack
2010-09-16 20:10 . 2010-09-16 20:10 77664 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgSoundclick.dll
2010-09-16 20:10 . 2010-09-16 20:10 59232 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgPandora.dll
2010-09-16 20:09 . 2010-09-16 20:09 87904 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgMyspace.dll
2010-09-16 20:09 . 2010-09-16 20:09 103264 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgLastfm.dll
2010-09-16 20:09 . 2010-09-16 20:09 84320 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgImeem.dll
2010-09-16 20:09 . 2010-09-16 20:09 62816 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgIJigg.dll
2010-09-16 20:09 . 2010-09-16 20:09 114528 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgHypemachine.dll
2010-09-16 20:09 . 2010-09-16 20:09 94560 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgGeneral.dll
2010-09-16 20:09 . 2010-09-16 20:09 46944 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgDefault.dll
2010-09-16 20:09 . 2010-09-16 20:09 89952 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgDeezer.dll
2010-09-16 20:09 . 2010-09-16 20:09 347488 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\RadioRip.dll
2010-09-16 20:09 . 2010-09-16 20:09 495616 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\EncodingBackend\lame_enc.dll
2010-09-16 20:08 . 2010-09-16 20:08 -------- d-----w- c:\program files\RapidSolution
2010-09-16 20:08 . 2010-09-16 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2010-09-16 20:05 . 2010-09-16 20:05 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\RapidSolution
2010-09-15 23:32 . 2010-09-15 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-09-15 23:32 . 2010-09-15 23:32 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-15 23:32 . 2010-09-15 23:32 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-15 23:32 . 2010-09-15 23:32 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-15 23:32 . 2010-09-15 23:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-15 23:31 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-15 23:31 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-15 23:31 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-15 23:31 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-15 23:31 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-09-15 23:30 . 2010-09-15 23:30 -------- d-----w- C:\NVIDIA
2010-09-15 05:03 . 2010-09-15 22:35 8 ----a-w- c:\windows\system32\nvModes.dat
2010-09-15 04:55 . 2010-09-15 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-09-15 03:43 . 2006-03-16 18:39 167808 ----a-w- c:\windows\system32\drivers\wg111v2.sys
2010-09-15 03:43 . 2002-10-02 15:57 13532 ----a-w- c:\windows\system32\drivers\SjyPkt.sys
2010-09-15 03:43 . 2006-03-21 02:22 196608 ----a-w- c:\windows\system32\WG1v2Lib.dll
2010-09-15 03:43 . 2005-12-29 07:16 114688 ----a-r- c:\windows\system32\EnumDev111.dll
2010-09-15 03:43 . 2003-11-18 16:27 155648 ----a-w- c:\windows\system32\IpLib.dll
2010-09-15 01:24 . 2010-09-15 01:24 -------- d-----w- c:\windows\nview
2010-09-15 01:24 . 2010-07-09 22:38 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-15 01:23 . 2010-07-07 20:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-09-10 00:55 . 2010-09-27 03:01 -------- d-----w- c:\program files\Cloaker
2010-09-09 23:56 . 2010-09-16 20:33 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-08 19:20 . 2010-09-08 19:20 37920 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2010-09-08 19:19 . 2010-09-08 19:19 0 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\GUIcommon.dll
2010-09-02 23:59 . 2010-09-02 23:59 -------- d-----w- c:\windows\Performance
2010-09-02 23:59 . 2010-09-02 23:59 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Microsoft Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 15:41 . 2009-09-21 03:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-27 19:38 . 2010-07-11 20:58 630 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\wklnhst.dat
2010-09-26 23:48 . 2008-08-19 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-09-26 18:56 . 2010-07-11 20:03 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Skype
2010-09-26 16:52 . 2010-07-13 22:07 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\skypePM
2010-09-20 18:28 . 2006-05-20 02:28 -------- d-----w- c:\program files\Java
2010-09-20 01:03 . 2010-07-22 02:47 63488 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-20 01:03 . 2010-07-22 02:47 117760 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-20 00:01 . 2006-12-10 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-09-19 03:26 . 2010-09-19 03:26 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-09-19 03:26 . 2010-09-19 03:26 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-09-19 03:26 . 2010-09-19 03:26 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-09-19 03:26 . 2010-09-19 03:26 59888 ------w- c:\windows\system32\pxwma.dll
2010-09-19 00:50 . 2006-05-20 02:49 -------- d-----w- c:\program files\Common Files\Real
2010-09-19 00:49 . 2006-05-20 02:49 -------- d-----w- c:\program files\Real
2010-09-19 00:48 . 2003-03-19 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-19 00:48 . 2003-02-21 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-15 23:33 . 2008-07-14 23:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-15 22:27 . 2010-07-15 05:14 4973960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-15 02:03 . 2006-05-20 02:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-14 23:17 . 2008-07-16 21:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-31 19:11 . 2010-08-31 19:11 3401880 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 18:55 . 2010-08-31 18:55 275096 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 18:39 . 2010-08-31 18:39 3734536 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-30 02:43 . 2007-05-17 16:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\InstallShield
2010-08-29 21:56 . 2010-08-29 21:56 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\MSNInstaller
2010-08-29 01:54 . 2006-05-20 03:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-28 23:58 . 2010-06-28 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-28 23:57 . 2010-08-28 23:57 -------- d-----w- c:\program files\Symantec
2010-08-28 23:57 . 2010-08-28 23:57 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-28 23:57 . 2010-08-28 23:57 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-28 23:57 . 2010-08-28 23:57 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-28 23:57 . 2010-08-28 23:57 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-28 23:56 . 2010-08-25 23:35 -------- d-----w- c:\program files\Norton 360
2010-08-28 23:56 . 2010-08-28 23:56 -------- d-----w- c:\program files\NortonInstaller
2010-08-26 21:22 . 2006-11-16 00:33 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-08-26 21:20 . 2010-07-13 20:35 36 ---ha-w- c:\windows\system32\f9t.dat
2010-08-26 04:28 . 2006-05-20 02:50 -------- d-----w- c:\program files\Sonic
2010-08-26 04:19 . 2010-07-18 23:56 50 ----a-w- c:\windows\system32\bridf08a.dat
2010-08-26 04:17 . 2010-08-26 04:17 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\InstallShield
2010-08-26 04:13 . 2010-08-26 04:13 0 ----a-w- c:\program files\error.dat
2010-08-26 00:42 . 2009-06-04 05:53 -------- d-----w- c:\program files\Brother
2010-08-23 03:56 . 2010-08-23 03:56 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Uniblue
2010-08-23 03:55 . 2007-01-20 05:40 -------- d-----w- c:\program files\Uniblue
2010-08-21 21:28 . 2010-08-21 21:28 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-08-21 21:27 . 2010-08-21 21:27 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-08-21 21:27 . 2010-02-13 23:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-19 04:59 . 2009-11-05 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-17 13:17 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 04:53 . 2010-08-14 04:53 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-08-07 03:27 . 2010-08-07 03:27 503808 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4aa95e7c-n\msvcp71.dll
2010-08-07 03:27 . 2010-08-07 03:27 499712 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4aa95e7c-n\jmc.dll
2010-08-07 03:27 . 2010-08-07 03:27 348160 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4aa95e7c-n\msvcr71.dll
2010-08-07 03:27 . 2010-08-07 03:27 61440 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-49aa3014-n\decora-sse.dll
2010-08-07 03:27 . 2010-08-07 03:27 12800 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-49aa3014-n\decora-d3d.dll
2010-08-04 00:28 . 2010-08-04 00:28 -------- d-----w- c:\program files\ESET
2010-08-02 05:58 . 2008-07-14 23:08 -------- d-----w- c:\program files\CCleaner
2010-07-22 15:49 . 2004-08-04 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-06-28 02:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-22 02:47 . 2010-07-22 02:47 52224 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-19 00:11 . 2010-07-19 00:11 224725 ----a-w- c:\program files\freeapl.zip
2010-07-17 12:00 . 2010-07-11 07:59 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 01:12 . 2010-07-15 01:11 84530496 ----a-w- c:\program files\w_turbotax_1040_dlx_2009.15a.0100.exe
2010-07-15 00:58 . 2010-06-28 00:21 47968 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 00:50 . 2010-07-15 00:50 111048968 ----a-w- c:\program files\w_turbotax_1040_dlx_2008.14d.0100.exe
2010-07-13 22:07 . 2010-07-13 22:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-12 05:26 . 2010-07-12 05:26 123185 ----a-w- c:\program
 
And here is the second part of the Combo.log:

2010-07-12 05:26 . 2010-07-12 05:26 123185 ----a-w- c:\program files\SkypeSetup.exe
2010-07-12 00:21 . 2010-07-12 00:21 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-12 00:21 . 2010-07-12 00:21 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll
2010-07-12 00:21 . 2010-07-12 00:21 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll
2010-07-12 00:21 . 2010-07-12 00:21 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-07-12 00:21 . 2010-07-12 00:21 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-07-12 00:19 . 2010-07-12 00:19 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll
2010-07-12 00:19 . 2010-07-12 00:19 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-07-12 00:19 . 2010-07-12 00:19 2812928 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191916-191106.dll
2010-07-12 00:17 . 2010-07-12 00:17 243032 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-07-12 00:17 . 2010-07-12 00:17 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-07-12 00:17 . 2010-07-12 00:17 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-07-11 08:00 . 2010-07-11 08:00 503808 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70744d75-n\msvcp71.dll
2010-07-11 08:00 . 2010-07-11 08:00 499712 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70744d75-n\jmc.dll
2010-07-11 08:00 . 2010-07-11 08:00 348160 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70744d75-n\msvcr71.dll
2010-07-11 08:00 . 2010-07-11 08:00 61440 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-789ff538-n\decora-sse.dll
2010-07-11 08:00 . 2010-07-11 08:00 12800 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-789ff538-n\decora-d3d.dll
2010-07-09 23:24 . 2010-07-09 23:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24 . 2010-07-09 23:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24 . 2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24 . 2010-07-09 23:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24 . 2010-07-09 23:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24 . 2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 22:38 . 2010-06-28 02:35 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-09 22:38 . 2010-06-28 02:35 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38 . 2008-12-25 16:08 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38 . 2008-12-25 16:08 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38 . 2008-12-25 16:08 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38 . 2008-12-25 16:08 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38 . 2008-12-25 16:08 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-07 03:52 . 2010-06-21 16:24 120 ----a-w- c:\windows\Enimekevasuqer.dat
2010-07-07 03:52 . 2010-06-21 16:24 0 ----a-w- c:\windows\Vradab.bin
2010-06-30 22:07 . 2010-06-30 22:06 20331936 ----a-w- c:\program files\TomTomHOME2winlatest.exe
2010-06-30 21:08 . 2010-06-30 21:07 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2006-12-10 05:56 . 2006-12-10 06:56 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-14 2424560]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"Google Update"="c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-22 136176]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-08-30 67448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-21 28160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104]
"VX3000"="c:\windows\vVX3000.exe" [2006-06-29 707376]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-19 202256]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-22 86016]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ScanSoft OmniPage 16-reminder"="c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [2007-07-20 328992]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2010-3-10 1553800]
NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2010-3-10 206128]
PowerReg Scheduler.exe [2007-4-25 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-18 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Alarm Manager.LNK - c:\program files\palmOne\AlarmApp.exe [2004-4-12 274432]
L-Express.lnk - c:\program files\Softissimo\Lexibase Pro\exe\L-Express.exe [2008-2-6 57344]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2010-9-14 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Brother\\Brmfl08e\\FAXRX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [9/23/2010 9:15 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [9/23/2010 9:15 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100901.003\BHDrvx86.sys [9/13/2010 6:48 PM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [9/23/2010 9:15 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 10:33 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [9/23/2010 9:15 PM 116784]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/7/2009 3:27 PM 66048]
R2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccsvchst.exe [9/23/2010 9:14 PM 126392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 7:41 AM 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2010 5:03 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100929.001\IDSXpx86.sys [9/30/2010 12:09 PM 331640]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [9/14/2010 8:43 PM 167808]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [9/14/2010 8:43 PM 13532]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 8:18 AM 24216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RSVP
*NewlyCreated* - UXTCQKOG
*Deregistered* - uxtcqkog

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 02:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2087942622-1808754119-19490797-1009Core.job
- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-22 04:01]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2087942622-1808754119-19490797-1009UA.job
- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-22 04:01]

2010-09-30 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2010-09-19 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2010-09-19 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-08-24 22:47]

2010-09-19 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-08-24 22:47]

2010-09-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2087942622-1808754119-19490797-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-09-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2087942622-1808754119-19490797-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-09-29 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-09-19 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 83.170.103.189:4040
uInternet Settings,ProxyOverride = 127.0.0.1
Trusted Zone: earthlink.net\webmail
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\www
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-OpAgent - OpAgent.exe
HKLM-Run-PCDrProfiler - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 16:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-30 16:13:02
ComboFix-quarantined-files.txt 2010-09-30 23:12
ComboFix2.txt 2008-07-15 01:06

Pre-Run: 35,434,672,128 bytes free
Post-Run: 35,401,445,376 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 62422DF788B576C73070115B2560C3E5
 
And here is the eset log:

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP21\A0035954.exe multiple threats
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP21\A0035955.exe multiple threats

Eset also gave me a warning about Backdoor Tidserv.llnt which Norton 360 found in c:\system volume information.restore{106cf31-99a3-4e3a-9103-1bd027606999}\RP21\A00035927.sys.

Thanks, Alex.
 
The entries on System Volume are restore points. They are no longer active in the system. I will have you set a new restore point and drop the old ones at the end. This is why we say do not do a system restore while we are cleaning because it could reinfect a system if that restore point was chosen.

Do you know what there files are? Finish files maybe?
2010-06-21 16:24 >> c:\windows\Enimekevasuqer.dat
2010-06-21 16:24 >> c:\windows\Vradab.bin
2010-07-19 00:11 >> c:\program files\freeapl.zip

Please run this Custom CFScript:
NOTE: I am removing the ParetoLogic program and the data from it. It is a bad program and the sites you download from are not recommended.


  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:

Code: 
File::

Folder::
c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\DriverCure
c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\ParetoLogic
c:\program files\Common Files\ParetoLogic
c:\documents and settings\All Users\Application Data\ParetoLogic
c:\program files\ParetoLogic
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
I would encourage you to uninstall these. Most of us do not recommend using a Registry Cleaner. Wild Tangent is an auto-updater.
Uniblue RegistryBooser
WildTangent Web Driver

The following should all be removed from Schedules Tasks:
2010-09-30 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2010-09-19 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2010-09-19 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-08-24 22:47]

2010-09-19 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-08-24 22:47]
 
Sorry about the restore points. I understand the exposure from doing that, but I did not knowingly run Restore. Seems like something did, perhaps trying to release the virus.

I do not know what Eminekevasuker.dat is. It shows up as a CD Movie file and Nero Showtime tries to run it with no success. Vrabdab.bin is empty.I do not know what that is, either.
Freeapl.zip is an installation file for an old DOS APL floppy install. I used to be a great fan of APL and keep trying to go back to it. I suspect it is benign.

I have removed Uniblue and ParetoLogic and the other Schedules tasks you requested. I have also shut down SuperAntiSpyware. I have also removed Norton 360. I hope I don't get caught out while running the scripted ComboFix.

Perhaps a significant omissio on my part - this computer is running on a four computer wireless home network (currnetly without file or printer sharing). They all infrequently show the same redirect symptoms.

ComboFix 10-10-03.03 - Compaq_Owner 10/04/2010 10:19:53.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1592 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ParetoLogic
c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\DriverCure
c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\DriverCure\LogFile.txt
c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\ParetoLogic
c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\ParetoLogic\PC Health Advisor\Client.txt
c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\ParetoLogic\PC Health Advisor\Server.txt

.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-04 03:18 . 2006-03-16 18:39 167808 ----a-w- c:\windows\system32\drivers\wg111v2.sys
2010-10-04 03:18 . 2002-10-02 15:57 13532 ----a-w- c:\windows\system32\drivers\SjyPkt.sys
2010-10-04 03:18 . 2006-03-21 02:22 196608 ----a-w- c:\windows\system32\WG1v2Lib.dll
2010-10-04 03:18 . 2005-12-29 07:16 114688 ----a-r- c:\windows\system32\EnumDev111.dll
2010-10-04 03:18 . 2003-11-18 16:27 155648 ----a-w- c:\windows\system32\IpLib.dll
2010-09-20 00:31 . 2010-09-20 00:32 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Ahead
2010-09-20 00:29 . 2010-09-21 00:21 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Ahead
2010-09-20 00:24 . 2010-09-20 00:43 -------- d-----w- c:\program files\Common Files\Ahead
2010-09-19 05:13 . 2010-09-19 05:17 -------- d-----w- c:\program files\Common Files\wcs
2010-09-19 05:13 . 2010-09-19 05:17 -------- d-----w- c:\program files\Chick Video Converter
2010-09-19 00:50 . 2010-09-19 00:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-09-19 00:50 . 2010-09-19 00:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-09-19 00:50 . 2010-09-19 00:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-09-19 00:50 . 2010-09-19 00:50 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-09-19 00:50 . 2010-09-19 00:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-09-19 00:50 . 2010-09-19 00:50 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-09-19 00:50 . 2010-09-19 00:50 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-09-19 00:50 . 2010-09-19 00:50 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-09-19 00:50 . 2010-09-19 00:50 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-09-19 00:49 . 2010-09-19 00:49 -------- d-----w- c:\program files\Common Files\xing shared
2010-09-18 23:05 . 2010-09-18 23:05 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\NVIDIA
2010-09-17 00:43 . 2010-09-23 01:09 -------- d-----w- c:\program files\WMCap
2010-09-16 23:09 . 2010-09-16 23:09 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\vlc
2010-09-16 22:57 . 2010-09-16 22:57 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\.get_iplayer
2010-09-16 22:57 . 2010-09-16 22:57 -------- d-----w- c:\documents and settings\All Users\get_iplayer
2010-09-16 22:56 . 2010-09-16 23:05 -------- d-----w- c:\program files\get_iplayer
2010-09-16 20:10 . 2010-09-16 20:10 -------- d-----w- c:\program files\PixiePack Codec Pack
2010-09-16 20:10 . 2010-09-16 20:10 77664 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgSoundclick.dll
2010-09-16 20:10 . 2010-09-16 20:10 59232 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgPandora.dll
2010-09-16 20:09 . 2010-09-16 20:09 87904 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgMyspace.dll
2010-09-16 20:09 . 2010-09-16 20:09 103264 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgLastfm.dll
2010-09-16 20:09 . 2010-09-16 20:09 84320 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgImeem.dll
2010-09-16 20:09 . 2010-09-16 20:09 62816 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgIJigg.dll
2010-09-16 20:09 . 2010-09-16 20:09 114528 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgHypemachine.dll
2010-09-16 20:09 . 2010-09-16 20:09 94560 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgGeneral.dll
2010-09-16 20:09 . 2010-09-16 20:09 46944 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgDefault.dll
2010-09-16 20:09 . 2010-09-16 20:09 89952 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\PlgDeezer.dll
2010-09-16 20:09 . 2010-09-16 20:09 347488 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\RadioRip\RadioRip.dll
2010-09-16 20:09 . 2010-09-16 20:09 495616 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite_2009\EncodingBackend\lame_enc.dll
2010-09-16 20:08 . 2010-09-16 20:08 -------- d-----w- c:\program files\RapidSolution
2010-09-16 20:08 . 2010-09-16 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2010-09-16 20:05 . 2010-09-16 20:05 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\RapidSolution
2010-09-15 23:32 . 2010-09-15 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-09-15 23:32 . 2010-09-15 23:32 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-15 23:32 . 2010-09-15 23:32 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-15 23:32 . 2010-09-15 23:32 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-15 23:32 . 2010-09-15 23:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-15 23:31 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-15 23:31 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-15 23:31 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-15 23:31 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-15 23:31 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-09-15 23:30 . 2010-09-15 23:30 -------- d-----w- C:\NVIDIA
2010-09-15 05:03 . 2010-09-15 22:35 8 ----a-w- c:\windows\system32\nvModes.dat
2010-09-15 04:55 . 2010-09-15 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-09-15 01:24 . 2010-09-15 01:24 -------- d-----w- c:\windows\nview
2010-09-15 01:24 . 2010-07-09 22:38 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-15 01:23 . 2010-07-07 20:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-09-10 00:55 . 2010-09-27 03:01 -------- d-----w- c:\program files\Cloaker
2010-09-09 23:56 . 2010-09-16 20:33 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-08 19:20 . 2010-09-08 19:20 37920 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2010-09-08 19:19 . 2010-09-08 19:19 0 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\GUIcommon.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 17:08 . 2010-08-25 23:35 -------- d-----w- c:\program files\Norton 360
2010-10-04 17:05 . 2006-05-20 03:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-04 01:29 . 2006-05-20 02:52 -------- d-----w- c:\program files\WildTangent
2010-10-03 17:36 . 2010-07-11 20:03 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Skype
2010-10-03 16:16 . 2010-07-13 22:07 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\skypePM
2010-10-02 02:44 . 2009-09-21 03:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-27 19:38 . 2010-07-11 20:58 630 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\wklnhst.dat
2010-09-26 23:48 . 2008-08-19 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-09-20 18:28 . 2006-05-20 02:28 -------- d-----w- c:\program files\Java
2010-09-20 01:03 . 2010-07-22 02:47 63488 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-20 01:03 . 2010-07-22 02:47 117760 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-20 00:01 . 2006-12-10 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-09-19 03:26 . 2010-09-19 03:26 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-09-19 03:26 . 2010-09-19 03:26 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-09-19 03:26 . 2010-09-19 03:26 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-09-19 03:26 . 2010-09-19 03:26 59888 ------w- c:\windows\system32\pxwma.dll
2010-09-19 00:50 . 2006-05-20 02:49 -------- d-----w- c:\program files\Common Files\Real
2010-09-19 00:49 . 2006-05-20 02:49 -------- d-----w- c:\program files\Real
2010-09-19 00:48 . 2003-03-19 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-19 00:48 . 2003-02-21 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-15 23:33 . 2008-07-14 23:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-15 22:27 . 2010-07-15 05:14 4973960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-15 02:03 . 2006-05-20 02:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-14 23:17 . 2008-07-16 21:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-31 19:11 . 2010-08-31 19:11 3401880 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 18:55 . 2010-08-31 18:55 275096 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 18:39 . 2010-08-31 18:39 3734536 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-30 02:43 . 2007-05-17 16:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\InstallShield
2010-08-29 21:56 . 2010-08-29 21:56 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\MSNInstaller
2010-08-28 23:58 . 2010-06-28 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-26 21:22 . 2006-11-16 00:33 -------- d-----w- c:\program files\Stamps.com Internet Postage
 
Second part of ComboFIx scripted:

2010-08-26 21:22 . 2006-11-16 00:33 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-08-26 21:20 . 2010-07-13 20:35 36 ---ha-w- c:\windows\system32\f9t.dat
2010-08-26 04:28 . 2006-05-20 02:50 -------- d-----w- c:\program files\Sonic
2010-08-26 04:19 . 2010-07-18 23:56 50 ----a-w- c:\windows\system32\bridf08a.dat
2010-08-26 04:17 . 2010-08-26 04:17 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\InstallShield
2010-08-26 04:13 . 2010-08-26 04:13 0 ----a-w- c:\program files\error.dat
2010-08-26 00:42 . 2009-06-04 05:53 -------- d-----w- c:\program files\Brother
2010-08-23 03:56 . 2010-08-23 03:56 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Uniblue
2010-08-21 21:28 . 2010-08-21 21:28 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-08-21 21:27 . 2010-08-21 21:27 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-08-21 21:27 . 2010-02-13 23:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-19 04:59 . 2009-11-05 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-17 13:17 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 04:53 . 2010-08-14 04:53 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-08-07 03:27 . 2010-08-07 03:27 503808 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4aa95e7c-n\msvcp71.dll
2010-08-07 03:27 . 2010-08-07 03:27 499712 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4aa95e7c-n\jmc.dll
2010-08-07 03:27 . 2010-08-07 03:27 348160 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4aa95e7c-n\msvcr71.dll
2010-08-07 03:27 . 2010-08-07 03:27 61440 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-49aa3014-n\decora-sse.dll
2010-08-07 03:27 . 2010-08-07 03:27 12800 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-49aa3014-n\decora-d3d.dll
2010-07-22 15:49 . 2004-08-04 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-06-28 02:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-22 02:47 . 2010-07-22 02:47 52224 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-19 00:11 . 2010-07-19 00:11 224725 ----a-w- c:\program files\freeapl.zip
2010-07-17 12:00 . 2010-07-11 07:59 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 01:12 . 2010-07-15 01:11 84530496 ----a-w- c:\program files\w_turbotax_1040_dlx_2009.15a.0100.exe
2010-07-15 00:58 . 2010-06-28 00:21 47968 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 00:50 . 2010-07-15 00:50 111048968 ----a-w- c:\program files\w_turbotax_1040_dlx_2008.14d.0100.exe
2010-07-13 22:07 . 2010-07-13 22:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-12 05:26 . 2010-07-12 05:26 123185 ----a-w- c:\program files\SkypeSetup.exe
2010-07-12 00:21 . 2010-07-12 00:21 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-12 00:21 . 2010-07-12 00:21 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll
2010-07-12 00:21 . 2010-07-12 00:21 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll
2010-07-12 00:21 . 2010-07-12 00:21 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-07-12 00:21 . 2010-07-12 00:21 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-07-12 00:19 . 2010-07-12 00:19 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll
2010-07-12 00:19 . 2010-07-12 00:19 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-07-12 00:19 . 2010-07-12 00:19 2812928 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191916-191106.dll
2010-07-12 00:17 . 2010-07-12 00:17 243032 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-07-12 00:17 . 2010-07-12 00:17 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-07-12 00:17 . 2010-07-12 00:17 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-07-11 08:00 . 2010-07-11 08:00 503808 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70744d75-n\msvcp71.dll
2010-07-11 08:00 . 2010-07-11 08:00 499712 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70744d75-n\jmc.dll
2010-07-11 08:00 . 2010-07-11 08:00 348160 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70744d75-n\msvcr71.dll
2010-07-11 08:00 . 2010-07-11 08:00 61440 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-789ff538-n\decora-sse.dll
2010-07-11 08:00 . 2010-07-11 08:00 12800 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-789ff538-n\decora-d3d.dll
2010-07-09 23:24 . 2010-07-09 23:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24 . 2010-07-09 23:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24 . 2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24 . 2010-07-09 23:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24 . 2010-07-09 23:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24 . 2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 22:38 . 2010-06-28 02:35 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-09 22:38 . 2010-06-28 02:35 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38 . 2008-12-25 16:08 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38 . 2008-12-25 16:08 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38 . 2008-12-25 16:08 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38 . 2008-12-25 16:08 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38 . 2008-12-25 16:08 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-07 03:52 . 2010-06-21 16:24 120 ----a-w- c:\windows\Enimekevasuqer.dat
2010-07-07 03:52 . 2010-06-21 16:24 0 ----a-w- c:\windows\Vradab.bin
2010-06-30 22:07 . 2010-06-30 22:06 20331936 ----a-w- c:\program files\TomTomHOME2winlatest.exe
2010-06-30 21:08 . 2010-06-30 21:07 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2010-06-30 01:35 . 2010-06-30 01:34 30790848 ----a-w- c:\program files\earthlink setup_autofix.exe
2006-12-10 05:56 . 2006-12-10 06:56 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-30_23.10.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-04 17:09 . 2010-10-04 17:09 16384 c:\windows\TEMP\Perflib_Perfdata_788.dat
+ 2010-10-04 03:18 . 2005-04-01 21:03 41228 c:\windows\OPTIONS\CABS\set8187.exe
- 2010-09-15 03:43 . 2005-04-01 21:03 41228 c:\windows\OPTIONS\CABS\set8187.exe
+ 2010-10-04 03:18 . 2006-03-16 18:39 167808 c:\windows\OPTIONS\CABS\WG111V2.SYS
- 2010-09-15 03:43 . 2006-03-16 18:39 167808 c:\windows\OPTIONS\CABS\WG111V2.SYS
+ 2010-10-04 03:18 . 2004-12-29 05:31 102400 c:\windows\OPTIONS\CABS\RTWUWZC.exe
- 2010-09-15 03:43 . 2004-12-29 05:31 102400 c:\windows\OPTIONS\CABS\RTWUWZC.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-14 2424560]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"Google Update"="c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-22 136176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-21 28160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104]
"VX3000"="c:\windows\vVX3000.exe" [2006-06-29 707376]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-19 202256]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-22 86016]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ScanSoft OmniPage 16-reminder"="c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [2007-07-20 328992]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2010-3-10 1553800]
NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2010-3-10 206128]
PowerReg Scheduler.exe [2007-4-25 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-18 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Alarm Manager.LNK - c:\program files\palmOne\AlarmApp.exe [2004-4-12 274432]
L-Express.lnk - c:\program files\Softissimo\Lexibase Pro\exe\L-Express.exe [2008-2-6 57344]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2010-10-3 745472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Brother\\Brmfl08e\\FAXRX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 10:33 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 67656]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/7/2009 3:27 PM 66048]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 7:41 AM 92008]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [10/3/2010 8:18 PM 167808]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/3/2010 8:18 PM 13532]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 8:18 AM 24216]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 02:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2087942622-1808754119-19490797-1009Core.job
- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-22 04:01]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2087942622-1808754119-19490797-1009UA.job
- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-22 04:01]

2010-10-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2087942622-1808754119-19490797-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-10-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2087942622-1808754119-19490797-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 83.170.103.189:4040
uInternet Settings,ProxyOverride = 127.0.0.1
Trusted Zone: earthlink.net\webmail
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\www
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-04 10:28:41
ComboFix-quarantined-files.txt 2010-10-04 17:28
ComboFix2.txt 2010-09-30 23:13
ComboFix3.txt 2008-07-15 01:06

Pre-Run: 35,571,941,376 bytes free
Post-Run: 35,632,390,144 bytes free

- - End Of File - - B4F5BE6A8C6B0FFA49814177A068F5A5
 
I have also removed Norton 360.
Click to expand...
Please reinstall it. You were only suppose to disable it, not uninstall!

my router has no protection (because I am too far from the neighbors to allow eavesdropping).
Click to expand...
Perhaps a significant omissio on my part - this computer is running on a four computer wireless home network (currnetly without file or printer sharing). They all infrequently show the same redirect symptoms.
Click to expand...
Scratching my head, saying 'why did he leave that out'?, scratching head again! Arg!!! Although you're not file sharing or print sharing at this point, I assume (hate that word!) that the 4 computers all access the internet through the same router.

You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

Exit the Command prompt when finished and shut the system down.-

  • [1]. Shut down your computer, and any other computer connected to your router.
    [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
    [3]. Unplug the router. Wait sixty seconds.
    [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
    [5].With the router unplugged, start your computer. Run MBAM again.
    [6].Connect to the router again. The turn the router back on.
    [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
    [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
Check the manufacturer's page of the router and find out how to secure it- then do it.

Handle the above while I write more script to remove those entries.
 
After you have followed instructions in previous post:

Please run this Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code: 
File::
c:\program files\freeapl.zip
c:\windows\system32\ezsidmv.dat
c:\windows\Enimekevasuqer.dat
c:\windows\Vradab.bin
Folder::
c:\program files\WildTangent
c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Uniblue
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Remove all from Trusted Zone. None need to be in that zone. It has less security and is a vulnerability to the system: Using Internet Connections> Security tab> Trusted Sites> Sites> highlight and remove each:
Trusted Zone: earthlink.net\webmail
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\www
Click on OK> Apply> OK.

Empty Java cache: Control Panel> Java> Temporary internet files> Settings> Delete all> Close.
==================================
Download the HijackThis Installer and save to the desktop:
  1. Double-click on HJTInstall.exe to run the program.
  2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  3. Accept the license agreement by clicking the "I Accept" button.
  4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  5. Click "Save log" to save the log file and then the log will open in notepad.
  6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
 
OK, I'm pedalling as fast as I can. Have potential revolution on my hands in shutting down all four machines. Prolly be tomorrow late before I can get to it all. Sorry for the omission.

Alex.
 
Take you time Alex. This is an important step- best to print out the instructions.
 
Part 2 of 3 for ComboFix log:


.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 20:53 . 2010-07-11 20:03 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Skype
2010-10-06 20:51 . 2010-07-13 22:07 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\skypePM
2010-10-04 18:41 . 2006-05-20 03:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-04 17:49 . 2010-10-04 17:49 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-10-04 17:49 . 2010-10-04 17:49 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-10-04 17:48 . 2010-08-25 23:35 -------- d-----w- c:\program files\Norton 360
2010-10-02 02:44 . 2009-09-21 03:25 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-27 19:38 . 2010-07-11 20:58 630 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\wklnhst.dat
2010-09-26 23:48 . 2008-08-19 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-09-20 18:28 . 2006-05-20 02:28 -------- d-----w- c:\program files\Java
2010-09-20 01:03 . 2010-07-22 02:47 63488 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-20 01:03 . 2010-07-22 02:47 117760 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-20 00:01 . 2006-12-10 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-09-19 03:26 . 2010-09-19 03:26 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-09-19 03:26 . 2010-09-19 03:26 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-09-19 03:26 . 2010-09-19 03:26 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-09-19 03:26 . 2010-09-19 03:26 59888 ------w- c:\windows\system32\pxwma.dll
2010-09-19 00:50 . 2006-05-20 02:49 -------- d-----w- c:\program files\Common Files\Real
2010-09-19 00:49 . 2006-05-20 02:49 -------- d-----w- c:\program files\Real
2010-09-19 00:48 . 2003-03-19 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-19 00:48 . 2003-02-21 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-15 23:33 . 2008-07-14 23:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-15 22:27 . 2010-07-15 05:14 4973960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-15 02:03 . 2006-05-20 02:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-14 23:17 . 2008-07-16 21:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-31 19:11 . 2010-08-31 19:11 3401880 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 18:55 . 2010-08-31 18:55 275096 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 18:39 . 2010-08-31 18:39 3734536 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-30 02:43 . 2007-05-17 16:16 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\InstallShield
2010-08-29 21:56 . 2010-08-29 21:56 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\MSNInstaller
2010-08-28 23:58 . 2010-06-28 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-26 21:22 . 2006-11-16 00:33 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-08-26 21:20 . 2010-07-13 20:35 36 ---ha-w- c:\windows\system32\f9t.dat
2010-08-26 04:28 . 2006-05-20 02:50 -------- d-----w- c:\program files\Sonic
2010-08-26 04:19 . 2010-07-18 23:56 50 ----a-w- c:\windows\system32\bridf08a.dat
2010-08-26 04:17 . 2010-08-26 04:17 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\InstallShield
2010-08-26 04:13 . 2010-08-26 04:13 0 ----a-w- c:\program files\error.dat
2010-08-26 00:42 . 2009-06-04 05:53 -------- d-----w- c:\program files\Brother
2010-08-21 21:28 . 2010-08-21 21:28 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-08-21 21:27 . 2010-08-21 21:27 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-08-21 21:27 . 2010-02-13 23:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-19 04:59 . 2009-11-05 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-17 13:17 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 04:53 . 2010-08-14 04:53 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-08-07 03:27 . 2010-08-07 03:27 503808 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4aa95e7c-n\msvcp71.dll
2010-08-07 03:27 . 2010-08-07 03:27 499712 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4aa95e7c-n\jmc.dll
2010-08-07 03:27 . 2010-08-07 03:27 348160 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4aa95e7c-n\msvcr71.dll
2010-08-07 03:27 . 2010-08-07 03:27 61440 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-49aa3014-n\decora-sse.dll
2010-08-07 03:27 . 2010-08-07 03:27 12800 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-49aa3014-n\decora-d3d.dll
2010-07-22 15:49 . 2004-08-04 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-06-28 02:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-22 02:47 . 2010-07-22 02:47 52224 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-17 12:00 . 2010-07-11 07:59 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 01:12 . 2010-07-15 01:11 84530496 ----a-w- c:\program files\w_turbotax_1040_dlx_2009.15a.0100.exe
2010-07-15 00:58 . 2010-06-28 00:21 47968 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 00:50 . 2010-07-15 00:50 111048968 ----a-w- c:\program files\w_turbotax_1040_dlx_2008.14d.0100.exe
2010-07-12 05:26 . 2010-07-12 05:26 123185 ----a-w- c:\program files\SkypeSetup.exe
2010-07-12 00:21 . 2010-07-12 00:21 7410688 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-12 00:21 . 2010-07-12 00:21 7032320 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191222-191319.dll
2010-07-12 00:21 . 2010-07-12 00:21 6301696 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191127-191222.dll
2010-07-12 00:21 . 2010-07-12 00:21 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-07-12 00:21 . 2010-07-12 00:21 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-07-12 00:19 . 2010-07-12 00:19 2776576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll
2010-07-12 00:19 . 2010-07-12 00:19 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-07-12 00:19 . 2010-07-12 00:19 2812928 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191916-191106.dll
2010-07-12 00:17 . 2010-07-12 00:17 243032 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-07-12 00:17 . 2010-07-12 00:17 230752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-07-12 00:17 . 2010-07-12 00:17 956 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-07-11 08:00 . 2010-07-11 08:00 503808 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70744d75-n\msvcp71.dll
2010-07-11 08:00 . 2010-07-11 08:00 499712 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70744d75-n\jmc.dll
2010-07-11 08:00 . 2010-07-11 08:00 348160 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-70744d75-n\msvcr71.dll
2010-07-11 08:00 . 2010-07-11 08:00 61440 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-789ff538-n\decora-sse.dll
2010-07-11 08:00 . 2010-07-11 08:00 12800 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-789ff538-n\decora-d3d.dll
2010-07-09 23:24 . 2010-07-09 23:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24 . 2010-07-09 23:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24 . 2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24 . 2010-07-09 23:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24 . 2010-07-09 23:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24 . 2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 22:38 . 2010-06-28 02:35 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-09 22:38 . 2010-06-28 02:35 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38 . 2008-12-25 16:08 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38 . 2008-12-25 16:08 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38 . 2008-12-25 16:08 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38 . 2008-12-25 16:08 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38 . 2008-12-25 16:08 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-30 22:07 . 2010-06-30 22:06 20331936 ----a-w- c:\program files\TomTomHOME2winlatest.exe
2010-06-30 21:08 . 2010-06-30 21:07 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2010-06-30 01:35 . 2010-06-30 01:34 30790848 ----a-w- c:\program files\earthlink setup_autofix.exe
2006-12-10 05:56 . 2006-12-10 06:56 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-30_23.10.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-06 19:59 . 2010-10-06 19:59 16384 c:\windows\TEMP\Perflib_Perfdata_788.dat
+ 2010-10-06 19:58 . 2010-10-06 19:58 16384 c:\windows\TEMP\Perflib_Perfdata_710.dat
+ 2010-10-05 14:32 . 2010-04-22 02:29 43696 c:\windows\system32\drivers\N360\0403000.005\srtspx.sys
- 2010-09-24 04:15 . 2010-04-22 02:29 43696 c:\windows\system32\drivers\N360\0403000.005\srtspx.sys
- 2010-09-15 03:43 . 2005-04-01 21:03 41228 c:\windows\OPTIONS\CABS\set8187.exe
+ 2010-10-04 03:18 . 2005-04-01 21:03 41228 c:\windows\OPTIONS\CABS\set8187.exe
+ 2010-10-05 14:32 . 2010-05-06 04:01 339504 c:\windows\system32\drivers\N360\0403000.005\symtdiv.sys
- 2010-09-24 04:15 . 2010-05-06 04:01 339504 c:\windows\system32\drivers\N360\0403000.005\symtdiv.sys
- 2010-09-24 04:15 . 2010-05-06 04:01 361904 c:\windows\system32\drivers\N360\0403000.005\symtdi.sys
+ 2010-10-05 14:32 . 2010-05-06 04:01 361904 c:\windows\system32\drivers\N360\0403000.005\symtdi.sys
+ 2010-10-05 14:32 . 2010-04-22 03:02 173104 c:\windows\system32\drivers\N360\0403000.005\symefa.sys
- 2010-09-24 04:15 . 2010-04-22 03:02 173104 c:\windows\system32\drivers\N360\0403000.005\symefa.sys
- 2010-09-24 04:15 . 2010-02-04 01:40 328752 c:\windows\system32\drivers\N360\0403000.005\symds.sys
+ 2010-10-05 14:32 . 2010-02-04 01:40 328752 c:\windows\system32\drivers\N360\0403000.005\symds.sys
+ 2010-10-05 14:32 . 2010-04-22 02:29 325680 c:\windows\system32\drivers\N360\0403000.005\srtsp.sys
- 2010-09-24 04:15 . 2010-04-22 02:29 325680 c:\windows\system32\drivers\N360\0403000.005\srtsp.sys
+ 2010-10-05 14:32 . 2010-04-29 05:03 116784 c:\windows\system32\drivers\N360\0403000.005\ironx86.sys
- 2010-09-24 04:15 . 2010-04-29 05:03 116784 c:\windows\system32\drivers\N360\0403000.005\ironx86.sys
+ 2010-10-05 14:32 . 2010-02-26 00:22 501888 c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys
- 2010-09-24 04:15 . 2010-02-26 00:22 501888 c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys
- 2010-09-15 03:43 . 2006-03-16 18:39 167808 c:\windows\OPTIONS\CABS\WG111V2.SYS
+ 2010-10-04 03:18 . 2006-03-16 18:39 167808 c:\windows\OPTIONS\CABS\WG111V2.SYS
+ 2010-10-04 03:18 . 2004-12-29 05:31 102400 c:\windows\OPTIONS\CABS\RTWUWZC.exe
- 2010-09-15 03:43 . 2004-12-29 05:31 102400 c:\windows\OPTIONS\CABS\RTWUWZC.exe
 
Part 3 of 3 for ComboFix log plus Hijack log:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-14 2424560]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"Google Update"="c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-22 136176]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-21 28160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104]
"VX3000"="c:\windows\vVX3000.exe" [2006-06-29 707376]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-19 202256]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-22 86016]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ScanSoft OmniPage 16-reminder"="c:\program files\ScanSoft\OmniPage16\Ereg\Ereg.exe" [2007-07-20 328992]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-19 27136]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2010-3-10 1553800]
NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2010-3-10 206128]
PowerReg Scheduler.exe [2007-4-25 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-18 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Alarm Manager.LNK - c:\program files\palmOne\AlarmApp.exe [2004-4-12 274432]
L-Express.lnk - c:\program files\Softissimo\Lexibase Pro\exe\L-Express.exe [2008-2-6 57344]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2010-10-3 745472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Brother\\Brmfl08e\\FAXRX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/5/2010 7:32 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/5/2010 7:32 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [10/6/2010 10:26 AM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/5/2010 7:32 AM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 10:33 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/5/2010 7:32 AM 116784]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [6/7/2009 3:27 PM 66048]
R2 N360;Norton 360;c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccsvchst.exe [10/5/2010 7:31 AM 126392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 7:41 AM 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/4/2010 6:48 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101005.004\IDSXpx86.sys [10/6/2010 10:26 AM 331640]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [10/3/2010 8:18 PM 167808]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/3/2010 8:18 PM 13532]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 8:18 AM 24216]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 02:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2087942622-1808754119-19490797-1009Core.job
- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-22 04:01]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2087942622-1808754119-19490797-1009UA.job
- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-22 04:01]

2010-10-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2087942622-1808754119-19490797-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-10-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2087942622-1808754119-19490797-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = 83.170.103.189:4040
uInternet Settings,ProxyOverride = 127.0.0.1
Trusted Zone: earthlink.net\webmail
Trusted Zone: google.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com\www
.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-06 15:06:50
ComboFix-quarantined-files.txt 2010-10-06 22:06
ComboFix2.txt 2010-10-04 17:28
ComboFix3.txt 2010-09-30 23:13
ComboFix4.txt 2008-07-15 01:06

Pre-Run: 34,908,569,600 bytes free
Post-Run: 34,944,131,072 bytes free

- - End Of File - - ED8964938B5465A8B03098BB9F11C4A0
 
Okay Alex, these logs look good. Has the redirect problem been resolved? Are you having any other problem relted to the malware?

I advise removal of all sites from the Trusted Zone. None need to be there and it has less security than the internet zone.

Please download the HijackThis Installer and save to the desktop:
  1. Double-click on HJTInstall.exe to run the program.
  2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  3. Accept the license agreement by clicking the "I Accept" button.
  4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  5. Click "Save log" to save the log file and then the log will open in notepad.
  6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

If there are no remaining bad entries and if problems have been resolved, I'll have you remove the cleaning tools we used.
 
The redirect problem has been solved, Bobby, thank you very much. I have also removed all the sites from the Trusted Zone. All I have left is a problem removing and reinsalling Nero 7, but that is another topic. Can I make a donation anywhere to keep the solutions coming?
Rgds, Alex.
 
You're welcome, Alex. Thank you for the offer, but I don't accept donations- neither does TechSpot. We'll keep the solutions coming to the best of our ability.

If you have decided not to run HijackThis, you can go ahead and remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
===============================
Tips for added security and safer browsing:
Note: Some of these programs may not work on Windows 7 or a 64bit OS
  1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
    This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
  2. Have layered Security:
    • Antivirus Software(only one):Both of the following programs are free and known to be good:
      [o]Avira Free
      [o]Avast Home
    • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    • Antispyware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
    IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
    Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
    [o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
  3. Stay current on updates:
    [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
    [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
    [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
  4. Reset Cookies to prevent Tracking Cookies:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
  5. Do regular Maintenance
    Remove Temporary Internet Files regularly:
    [o]ATF Cleaner by Atribune
    OR
    [o]TFC
    Disable and Enable System Restore:
    [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
  6. Practice Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
 
Oops #! I thought I copied you on HijackThis.log. I see I did not. Here it is:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:27:42 PM, on 10/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\ggviewer81-61.exe
C:\Program Files\palmOne\AlarmApp.exe
C:\Program Files\Softissimo\Lexibase Pro\exe\L-Express.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.170.103.189:4040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe
O4 - Global Startup: L-Express.lnk = C:\Program Files\Softissimo\Lexibase Pro\exe\L-Express.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1278833305015
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9534 bytes

Oops #2; I now notice intermittent blanking of the display - it turns off momentarily. Is this a sign of more virus?

Oops #3: Not really - just a big surprise at the number of Safety recommendatios, though I do know that things are getting rough "out there".

Thanks again, my machine is already running at least as fast as it did when new

Rgds, Alex.
 
Okay, good. a couple of questions and comments:

1.Get adobe Reader updated to v9.xx> you have v7: link in security tips above.
2.There is an entry: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Do you have the homepage set to come up as a blank page? If Yes, okay. If not, check for removal.
3. You have a proxy set, then an override. Unless your ISP requires this, remove it and leave the override.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.170.103.189:4040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

Please reopen HijackThis to 'do system scan only.'. Check each of the following, if present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (if not set)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Remove one of the following per my comment
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.170.103.189:4040
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
Close all Windows except HijackThis and click on "Fix Checked."

You can pick up even more speed if you take these off of Startup:
WebCan
Printer
Scanner
Camera

Oops #2; I now notice intermittent blanking of the display - it turns off momentarily. Is this a sign of more virus?
Click to expand...
Points more to video car. Maybe driver update?
Oops #3: Not really - just a big surprise at the number of Safety recommendatios, though I do know that things are getting rough "out there".
Click to expand...
Even with all of those on a system, if someone does file sharing, open email attachments and surfs bad sites, they will still get malware! first line of defense is the User!

You're welcome Alex. Enjoy computing and stay safe.
 
Status
Not open for further replies.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back